Prosím o kontrolu logu, Search Protection.exe +

Příspěvekod **Žbeky** » 12 pro 2012 23:38

Tak mačkej opět F8 a dej nouzový režim. Tam udělej combofix

Reklama

lukypav · Příspěvekod **lukypav** » 13 pro 2012 10:07

Jak vypnu antivirovou a antispywarovou ochranu v nouzovém režimu ? Tak jsem ESET odinstaloval a tady je log :

ComboFix 12-12-12.01 - Pavel 13.12.2012 10:43:26.2.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3327.3060 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavel\Plocha\CFScript.txt
.
FILE ::
"C:\Sony[1].Vegas.v6.0b.Incl.Keygen-SSG.ZIP.exe"
"c:\windows\system32\drivers\gfibto.sys"
"c:\windows\system32\sbbd.exe"
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\RMAutoUpdate.job"
"c:\windows\Tasks\RMSchedule.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.21.123\goopdate.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.123\psmachine.dll
c:\program files\Google\Update\1.3.21.123\psuser.dll
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.123\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\23.0.1271.95\23.0.1271.95_23.0.1271.91_chrome_updater.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GFIBTO
-------\Legacy_LAVASOFT_KERNEXPLORER
-------\Legacy_LBD
-------\Legacy_SKYPEUPDATE
-------\Service_gfibto
-------\Service_Lavasoft Kernexplorer
-------\Service_Lbd
-------\Service_SkypeUpdate
-------\Legacy_gupdate
-------\Legacy_gupdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-13 do 2012-12-13 )))))))))))))))))))))))))))))))
.
.
2012-12-12 17:45 . 2012-12-12 17:45 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\Malwarebytes
2012-12-12 17:45 . 2012-12-12 17:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-12-12 17:45 . 2012-12-12 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-12 17:45 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-12 15:33 . 2012-12-12 15:33 388096 ----a-r- c:\documents and settings\Pavel\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-12-12 15:33 . 2012-12-12 15:33 -------- d-----w- c:\program files\Trend Micro
2012-12-09 09:17 . 2012-12-09 09:17 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\adawarebp
2012-12-09 08:42 . 2012-12-09 08:42 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\Downloaded Installations
2012-12-09 08:42 . 2012-12-09 08:42 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\blekko
2012-12-08 16:42 . 2012-12-08 16:42 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\LavasoftStatistics
2012-12-08 16:41 . 2012-12-09 09:07 44424 ----a-w- c:\windows\system32\sbbd.exe
2012-12-08 16:41 . 2012-12-09 09:07 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2012-12-08 16:41 . 2012-12-09 12:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ad-Aware Browsing Protection
2012-12-06 19:28 . 2012-12-06 19:28 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\McAfee
2012-12-03 14:30 . 2012-12-04 16:01 -------- d-----w- c:\program files\Empire Interactive
2012-12-03 14:30 . 2000-01-04 05:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2012-11-29 07:11 . 2012-11-29 07:11 -------- d-----w- c:\program files\Common Files\Skype
2012-11-22 19:18 . 2012-11-22 19:18 -------- d-----w- c:\program files\Common Files\Java
2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 18:12 . 2012-03-29 17:53 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 18:12 . 2012-01-21 17:02 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 18:12 . 2012-08-03 19:04 16363960 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-11-13 11:55 . 2006-03-02 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 00:41 . 2006-03-02 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:03 . 2006-03-02 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-10-31 11:32 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-10-31 11:32 . 2006-03-02 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2012-10-31 11:32 . 2006-03-02 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-10-31 11:29 . 2006-03-02 12:00 370176 ----a-w- c:\windows\system32\html.iec
2012-10-28 09:07 . 2012-10-28 09:07 84371 ----a-w- C:\Sony[1].Vegas.v6.0b.Incl.Keygen-SSG.ZIP.exe
2012-10-15 07:18 . 2006-03-02 12:00 26112 ----a-w- c:\windows\system32\userinit.exe
2012-10-02 18:04 . 2006-03-02 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-07-14 00:15 . 2012-08-08 19:19 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2011-05-25 491040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Pavel\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Documents and Settings\\Pavel\\Plocha\\Odorik.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12.12.2012 18:45 676936]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [26.10.2012 16:10 794272]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [22.11.2012 10:29 3290304]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12.12.2012 18:45 22856]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [22.1.2012 16:38 176128]
S3 NmPar;Unusable Parallel Port;c:\windows\system32\drivers\NmPar.sys [24.12.2008 5:40 80256]
S3 nmserial;PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [16.12.2008 6:10 70016]
S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [12.3.2012 9:40 37708]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 18:12]
.
2012-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-12-13 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files\PC Tools Registry Mechanic\SULauncher.exe [2012-10-26 09:38]
.
2012-12-12 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-10-26 09:38]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\412yf5uc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: 2012-11-11 11:26; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: 2012-11-19 17:17; jqs@sun.com; c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - ExtSQL: 2012-11-22 20:15; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-12-08 17:41; jid1-yZwVFzbsyfMrqQ@jetpack; c:\documents and settings\Pavel\Data aplikacĂÂ\Mozilla\Firefox\Profiles\412yf5uc.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - user.js: extensions.BabylonToolbar_i.id - 54b8d44e0000000000000015af64b413
FF - user.js: extensions.BabylonToolbar_i.hardId - 54b8d44e0000000000000015af64b413
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15412
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111304&tt=010812_newm_3112_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 54b8d44e0000000000000015af64b413
FF - user.js: extensions.BabylonToolbar.instlDay - 15556
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.619:32
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-13 10:53
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(640)
c:\program files\NVIDIA Corporation\nView\nview.dll
c:\program files\NVIDIA Corporation\nView\NVWRSCS.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\RunDLL32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Celkový čas: 2012-12-13 10:55:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-13 09:55
ComboFix2.txt 2012-12-12 18:38
.
Před spuštěním: Volných bajtů: 454 900 609 024
Po spuštění: Volných bajtů: 454 785 925 120
.
- - End Of File - - 927DC2595F178A5C1B6A1E86730CD3F0

Příspěvekod **Žbeky** » 13 pro 2012 11:15

Stáhni AdwCleaner

Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

A zkus ručně odinstalovat ten Adaware

lukypav · Příspěvekod **lukypav** » 13 pro 2012 12:02

Ad-Aware už nikde nevidím.Ani v registrech. Tady log :

# AdwCleaner v2.100 - Logfile created 12/13/2012 at 11:59:55
# Updated 09/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Pavel - HOME-EE3D1FFBC2
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Pavel\Plocha\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\user.js
Folder Found : C:\Documents and Settings\All Users\Data aplikací\Babylon
Folder Found : C:\Documents and Settings\Pavel\Data aplikací\Babylon
Folder Found : C:\Documents and Settings\Pavel\Data aplikací\pdfforge

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Software
Key Found : HKU\S-1-5-21-436374069-1644491937-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.5512

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [1357 octets] - [13/12/2012 11:45:18]
AdwCleaner[R2].txt - [1288 octets] - [13/12/2012 11:59:55]

########## EOF - C:\AdwCleaner[R2].txt - [1348 octets] ##########

Příspěvekod **memphisto** » 13 pro 2012 13:31

Spusť znovu AdwCleaner a dej delete a pak znovu Combofix

lukypav · Příspěvekod **lukypav** » 13 pro 2012 15:14

Provedl jsem, ale pořád zůstává vpravo dole nad lištou spuštěcí ikona Lavasoft Ad-Adware a ikona mark pc-help.cz as spam

Příspěvekod **Žbeky** » 13 pro 2012 15:29

Combofix sem dej log

lukypav · Příspěvekod **lukypav** » 13 pro 2012 16:02

Ty ikony se objeví při spuštění web prohlížeče "Seznam"

ComboFix 12-12-13.02 - Pavel 13.12.2012 15:56:04.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3327.2395 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-13 do 2012-12-13 )))))))))))))))))))))))))))))))
.
.
2012-12-13 09:58 . 2012-12-13 09:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-12-12 17:45 . 2012-12-12 17:45 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\Malwarebytes
2012-12-12 17:45 . 2012-12-12 17:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-12-12 17:45 . 2012-12-12 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-12 17:45 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-12 15:33 . 2012-12-12 15:33 388096 ----a-r- c:\documents and settings\Pavel\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-12-12 15:33 . 2012-12-12 15:33 -------- d-----w- c:\program files\Trend Micro
2012-12-09 09:17 . 2012-12-09 09:17 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\adawarebp
2012-12-09 08:42 . 2012-12-09 08:42 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\Downloaded Installations
2012-12-09 08:42 . 2012-12-09 08:42 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\blekko
2012-12-08 16:42 . 2012-12-08 16:42 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\LavasoftStatistics
2012-12-08 16:41 . 2012-12-09 09:07 44424 ----a-w- c:\windows\system32\sbbd.exe
2012-12-08 16:41 . 2012-12-09 09:07 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2012-12-08 16:41 . 2012-12-09 12:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ad-Aware Browsing Protection
2012-12-06 19:28 . 2012-12-06 19:28 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\McAfee
2012-12-03 14:30 . 2012-12-04 16:01 -------- d-----w- c:\program files\Empire Interactive
2012-12-03 14:30 . 2000-01-04 05:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2012-11-29 07:11 . 2012-11-29 07:11 -------- d-----w- c:\program files\Common Files\Skype
2012-11-22 19:18 . 2012-11-22 19:18 -------- d-----w- c:\program files\Common Files\Java
2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 18:12 . 2012-03-29 17:53 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 18:12 . 2012-01-21 17:02 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 18:12 . 2012-08-03 19:04 16363960 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-11-13 11:55 . 2006-03-02 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 00:41 . 2006-03-02 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:03 . 2006-03-02 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-10-31 11:32 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-10-31 11:32 . 2006-03-02 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2012-10-31 11:32 . 2006-03-02 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-10-31 11:29 . 2006-03-02 12:00 370176 ----a-w- c:\windows\system32\html.iec
2012-10-28 09:07 . 2012-10-28 09:07 84371 ----a-w- C:\Sony[1].Vegas.v6.0b.Incl.Keygen-SSG.ZIP.exe
2012-10-15 07:18 . 2006-03-02 12:00 26112 ----a-w- c:\windows\system32\userinit.exe
2012-10-02 18:04 . 2006-03-02 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-07-14 00:15 . 2012-08-08 19:19 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2011-05-25 491040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-07-02 2202704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Pavel\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Documents and Settings\\Pavel\\Plocha\\Odorik.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [28.4.2010 8:17 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2.7.2010 12:43 95896]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2.7.2010 12:43 810144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12.12.2012 18:45 676936]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [26.10.2012 16:10 794272]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12.12.2012 18:45 22856]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [22.1.2012 16:38 176128]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [22.11.2012 10:29 3290304]
S3 NmPar;Unusable Parallel Port;c:\windows\system32\drivers\NmPar.sys [24.12.2008 5:40 80256]
S3 nmserial;PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [16.12.2008 6:10 70016]
S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [12.3.2012 9:40 37708]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 18:12]
.
2012-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-12-13 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files\PC Tools Registry Mechanic\SULauncher.exe [2012-10-26 09:38]
.
2012-12-12 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-10-26 09:38]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\412yf5uc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: 2012-11-11 11:26; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: 2012-11-19 17:17; jqs@sun.com; c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - ExtSQL: 2012-11-22 20:15; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-12-08 17:41; jid1-yZwVFzbsyfMrqQ@jetpack; c:\documents and settings\Pavel\Data aplikacĂÂ\Mozilla\Firefox\Profiles\412yf5uc.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - user.js: extensions.BabylonToolbar_i.id - 54b8d44e0000000000000015af64b413
FF - user.js: extensions.BabylonToolbar_i.hardId - 54b8d44e0000000000000015af64b413
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15412
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111304&tt=010812_newm_3112_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 54b8d44e0000000000000015af64b413
FF - user.js: extensions.BabylonToolbar.instlDay - 15556
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.619:32
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-13 15:58
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(136)
c:\program files\NVIDIA Corporation\nView\nview.dll
c:\program files\NVIDIA Corporation\nView\NVWRSCS.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-12-13 15:59:04
ComboFix-quarantined-files.txt 2012-12-13 14:59
ComboFix2.txt 2012-12-13 12:55
ComboFix3.txt 2012-12-13 09:55
ComboFix4.txt 2012-12-12 18:38
.
Před spuštěním: Volných bajtů: 454 487 154 688
Po spuštění: Volných bajtů: 454 477 762 560
.
- - End Of File - - EF54B10DF274033548097CA6DC40B52D

Příspěvekod **Žbeky** » 13 pro 2012 22:18

Tento skript zkus v nouzovém režimu

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

Folder::
c:\documents and settings\Pavel\Local Settings\Data aplikací\adawarebp
c:\documents and settings\Pavel\Local Settings\Data aplikací\Downloaded Installations
c:\documents and settings\Pavel\Data aplikací\blekko
c:\documents and settings\Pavel\Data aplikací\LavasoftStatistics
c:\documents and settings\All Users\Data aplikací\Ad-Aware Browsing Protection
c:\documents and settings\LocalService\Data aplikací\McAfee

File::
c:\windows\system32\sbbd.exe
c:\windows\system32\drivers\gfibto.sys
C:\Sony[1].Vegas.v6.0b.Incl.Keygen-SSG.ZIP.exe
c:\windows\Tasks\RMAutoUpdate.job
c:\windows\Tasks\RMSchedule.job

Firefox::
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\412yf5uc.default\
FF - ExtSQL: 2012-12-08 17:41; jid1-yZwVFzbsyfMrqQ@jetpack; c:\documents and settings\Pavel\Data aplikacĂÂ\Mozilla\Firefox\Profiles\412yf5uc.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - user.js: extensions.BabylonToolbar_i.id - 54b8d44e0000000000000015af64b413
FF - user.js: extensions.BabylonToolbar_i.hardId - 54b8d44e0000000000000015af64b413
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15412
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111304&tt=010812_newm_3112_2
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 54b8d44e0000000000000015af64b413
FF - user.js: extensions.BabylonToolbar.instlDay - 15556
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.619:32
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
Obrázek

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

lukypav · Příspěvekod **lukypav** » 14 pro 2012 10:18

ComboFix 12-12-13.02 - Pavel 14.12.2012 9:48.5.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3327.3067 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavel\Plocha\CFScript.txt
.
FILE ::
"C:\Sony[1].Vegas.v6.0b.Incl.Keygen-SSG.ZIP.exe"
"c:\windows\system32\drivers\gfibto.sys"
"c:\windows\system32\sbbd.exe"
"c:\windows\Tasks\RMAutoUpdate.job"
"c:\windows\Tasks\RMSchedule.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-14 do 2012-12-14 )))))))))))))))))))))))))))))))
.
.
2012-12-12 17:45 . 2012-12-12 17:45 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\Malwarebytes
2012-12-12 17:45 . 2012-12-12 17:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-12-12 17:45 . 2012-12-12 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-12 17:45 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-12 15:33 . 2012-12-12 15:33 388096 ----a-r- c:\documents and settings\Pavel\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-12-12 15:33 . 2012-12-12 15:33 -------- d-----w- c:\program files\Trend Micro
2012-12-09 09:17 . 2012-12-09 09:17 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\adawarebp
2012-12-09 08:42 . 2012-12-09 08:42 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\Downloaded Installations
2012-12-09 08:42 . 2012-12-09 08:42 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\blekko
2012-12-08 16:42 . 2012-12-08 16:42 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\LavasoftStatistics
2012-12-08 16:41 . 2012-12-09 09:07 44424 ----a-w- c:\windows\system32\sbbd.exe
2012-12-08 16:41 . 2012-12-09 09:07 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2012-12-08 16:41 . 2012-12-09 12:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ad-Aware Browsing Protection
2012-12-06 19:28 . 2012-12-06 19:28 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\McAfee
2012-12-03 14:30 . 2012-12-04 16:01 -------- d-----w- c:\program files\Empire Interactive
2012-12-03 14:30 . 2000-01-04 05:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2012-11-29 07:11 . 2012-11-29 07:11 -------- d-----w- c:\program files\Common Files\Skype
2012-11-22 19:18 . 2012-11-22 19:18 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 18:12 . 2012-03-29 17:53 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 18:12 . 2012-01-21 17:02 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 18:12 . 2012-08-03 19:04 16363960 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2012-11-13 11:55 . 2006-03-02 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 00:41 . 2006-03-02 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:03 . 2006-03-02 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-10-31 11:32 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-10-31 11:32 . 2006-03-02 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2012-10-31 11:32 . 2006-03-02 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-10-31 11:29 . 2006-03-02 12:00 370176 ----a-w- c:\windows\system32\html.iec
2012-10-28 09:07 . 2012-10-28 09:07 84371 ----a-w- C:\Sony[1].Vegas.v6.0b.Incl.Keygen-SSG.ZIP.exe
2012-10-15 07:18 . 2006-03-02 12:00 26112 ----a-w- c:\windows\system32\userinit.exe
2012-10-02 18:04 . 2006-03-02 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-07-14 00:15 . 2012-08-08 19:19 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2011-05-25 491040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Pavel\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Documents and Settings\\Pavel\\Plocha\\Odorik.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12.12.2012 18:45 676936]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [26.10.2012 16:10 794272]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [22.11.2012 10:29 3290304]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12.12.2012 18:45 22856]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [22.1.2012 16:38 176128]
S3 NmPar;Unusable Parallel Port;c:\windows\system32\drivers\NmPar.sys [24.12.2008 5:40 80256]
S3 nmserial;PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [16.12.2008 6:10 70016]
S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [12.3.2012 9:40 37708]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 18:12]
.
2012-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-12-14 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files\PC Tools Registry Mechanic\SULauncher.exe [2012-10-26 09:38]
.
2012-12-13 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-10-26 09:38]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\412yf5uc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: 2012-11-11 11:26; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: 2012-11-19 17:17; jqs@sun.com; c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - ExtSQL: 2012-11-22 20:15; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-12-08 17:41; jid1-yZwVFzbsyfMrqQ@jetpack; c:\documents and settings\Pavel\Data aplikacĂÂ\Mozilla\Firefox\Profiles\412yf5uc.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - user.js: extensions.BabylonToolbar_i.id - 54b8d44e0000000000000015af64b413
FF - user.js: extensions.BabylonToolbar_i.hardId - 54b8d44e0000000000000015af64b413
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15412
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111304&tt=010812_newm_3112_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 54b8d44e0000000000000015af64b413
FF - user.js: extensions.BabylonToolbar.instlDay - 15556
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.619:32
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-14 10:00
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\CLBCATQ.DLL
.
- - - - - - - > 'explorer.exe'(1436)
c:\program files\NVIDIA Corporation\nView\nview.dll
c:\program files\NVIDIA Corporation\nView\NVWRSCS.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\savedump.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\RunDLL32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-12-14 10:03:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-14 09:03
ComboFix2.txt 2012-12-13 14:59
ComboFix3.txt 2012-12-13 12:55
ComboFix4.txt 2012-12-13 09:55
ComboFix5.txt 2012-12-14 08:46
.
Před spuštěním: Volných bajtů: 454 446 907 392
Po spuštění: Volných bajtů: 454 428 463 104
.
- - End Of File - - AAF47A1C9C52287DA6A0F515830B14B6

Příspěvekod **Žbeky** » 14 pro 2012 11:44

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

Stáhni si OTC na plochu, spusť jej a klikni na Clean up

Stáhni si OTL
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.

lukypav · Příspěvekod **lukypav** » 14 pro 2012 13:54

OTL logfile created on: 14.12.2012 13:40:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Pavel\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,25 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 81,36% Memory free
5,09 Gb Paging File | 4,64 Gb Available in Paging File | 91,25% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 428,39 Gb Free Space | 91,98% Space Free | Partition Type: NTFS
Drive F: | 74,52 Gb Total Space | 19,45 Gb Free Space | 26,10% Space Free | Partition Type: NTFS
Drive G: | 42,94 Gb Total Space | 30,26 Gb Free Space | 70,45% Space Free | Partition Type: NTFS
Drive H: | 111,79 Gb Total Space | 62,79 Gb Free Space | 56,17% Space Free | Partition Type: NTFS

Computer Name: HOME-EE3D1FFBC2 | User Name: Pavel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Pavel\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Seznam.cz\postak.exe ()
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\WINDOWS\system32\savedump.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Program Files\Common Files\Teleca Shared\Generic.exe (Teleca Software Solutions)
PRC - C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe (Teleca Software Solutions AB)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\WinRAR\rarlng.dll ()
MOD - C:\Program Files\NVIDIA Corporation\nview\nvwimg.dll ()
MOD - C:\Program Files\NVIDIA Corporation\nview\nvShell.dll ()
MOD - C:\Program Files\NVIDIA Corporation\nview\nView.dll ()
MOD - C:\Program Files\Seznam.cz\postak.exe ()
MOD - C:\Program Files\Seznam.cz\email.3.dll ()
MOD - C:\Program Files\Seznam.cz\core.3.dll ()
MOD - C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\anubisps.dll ()
MOD - C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll ()
MOD - C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_32.dll ()
MOD - C:\WINDOWS\system32\pdfmonnt.dll ()

========== Services (SafeList) ==========

SRV - (NeroMediaHomeService.4) -- C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (Usblink) -- C:\WINDOWS\system32\drivers\ulink.sys ()
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (NmPar) -- C:\WINDOWS\system32\drivers\NmPar.sys (Windows (R) 2000 DDK provider)
DRV - (nmserial) -- C:\WINDOWS\system32\drivers\NmSerial.sys (Windows (R) 2000 DDK provider)
DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)
DRV - (Pnp680r) -- C:\WINDOWS\system32\drivers\pnp680r.sys (Silicon Image, Inc)
DRV - (PAC7302) -- C:\WINDOWS\system32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (RTLWUSB) -- C:\WINDOWS\system32\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (k750bus) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI)
DRV - (k750mdfl) -- C:\WINDOWS\system32\drivers\k750mdfl.sys (MCCI)
DRV - (k750mdm) -- C:\WINDOWS\system32\drivers\k750mdm.sys (MCCI)
DRV - (k750obex) -- C:\WINDOWS\system32\drivers\k750obex.sys (MCCI)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (slabbus) -- C:\WINDOWS\system32\drivers\slabbus.sys (MCCI)
DRV - (slabser) -- C:\WINDOWS\system32\drivers\slabser.sys (MCCI)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: {ea614400-e918-4741-9a97-7a972ff7c30b}:2.5.6
FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:14.0.1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2012.01.24 11:23:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012.11.22 20:15:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.11.26 15:12:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.09 10:07:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.22 20:15:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012.12.14 13:11:10 | 000,000,000 | ---D | M]

[2012.01.21 17:43:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Extensions
[2012.12.12 18:28:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\412yf5uc.default\extensions
[2012.08.27 19:48:50 | 000,000,000 | ---D | M] (Seznam liĹˇtiÄŤka) -- C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\412yf5uc.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2012.12.08 17:41:30 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\412yf5uc.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012.11.22 20:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.12.14 12:28:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.08.08 20:19:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.11.22 20:15:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.08.08 20:19:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012.08.08 20:19:40 | 000,000,000 | ---D | M] (Seznam liĹˇtiÄŤka) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PAVEL\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\412YF5UC.DEFAULT\EXTENSIONS\{EA614400-E918-4741-9A97-7A972FF7C30B}
[2012.11.22 20:15:47 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012.07.14 01:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007.04.10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2012.07.27 21:51:30 | 000,184,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2012.12.09 10:07:30 | 000,000,616 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
[2012.07.14 03:30:04 | 000,003,368 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012.07.14 03:30:04 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2012.07.14 03:30:04 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2012.07.14 03:30:05 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2012.07.14 03:30:05 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.07.14 03:30:05 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - homepage: http://safesearchr.lavasoft.com/?source ... 50C36DAB7E
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://safesearchr.lavasoft.com/?source ... 50C36DAB7E
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Pavel\Local Settings\Data aplikac\u00ED\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012.12.14 10:00:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ukazatel S-Rank) - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Seznam Postak] C:\Program Files\Seznam.cz\postak.exe ()
O4 - Startup: C:\Documents and Settings\Pavel\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{044E1E58-9604-46EE-B978-CA4FC5ED36F9}: DhcpNameServer = 213.46.172.36 213.46.172.37
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.01.21 17:25:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011.05.20 11:03:11 | 000,000,000 | ---D | M] - F:\Autocad 2009 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.14 13:38:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pavel\Plocha\OTL.exe
[2012.12.14 13:33:47 | 000,201,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pavel\Plocha\OTC.exe
[2012.12.14 13:27:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Pavel\Recent
[2012.12.14 13:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\ESET
[2012.12.14 13:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2012.12.14 12:13:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.12.14 12:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.14 12:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\CCleaner
[2012.12.14 12:11:46 | 004,167,720 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Pavel\Plocha\ccsetup325.exe
[2012.12.14 12:07:21 | 000,140,752 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys
[2012.12.14 12:07:21 | 000,095,896 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2012.12.14 12:07:20 | 000,114,984 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys
[2012.12.14 09:54:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012.12.12 19:33:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.12.12 18:58:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012.12.12 18:45:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pavel\Data aplikací\Malwarebytes
[2012.12.12 18:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2012.12.12 18:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2012.12.12 18:45:04 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.12.12 18:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.12.12 16:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012.12.12 16:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pavel\Nabídka Start\Programy\HiJackThis
[2012.12.09 10:17:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pavel\Local Settings\Data aplikací\adawarebp
[2012.12.09 09:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Downloaded Installations
[2012.12.09 09:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pavel\Data aplikací\blekko
[2012.12.08 17:42:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pavel\Data aplikací\LavasoftStatistics
[2012.12.08 17:41:43 | 000,044,424 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe
[2012.12.08 17:41:43 | 000,013,560 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys
[2012.12.08 17:41:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Ad-Aware Browsing Protection
[2012.12.06 20:28:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Data aplikací\McAfee
[2012.12.04 17:02:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Empire Interactive
[2012.12.03 15:30:32 | 000,000,000 | ---D | C] -- C:\Program Files\Empire Interactive
[2012.11.29 08:11:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Skype
[2012.11.29 08:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.11.27 14:06:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Pavel\Nabídka Start\Programy\Nástroje pro správu
[2012.11.22 20:18:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.11.22 20:15:57 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012.11.22 20:15:57 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.11.22 20:15:57 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.11.22 20:15:57 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.11.22 20:15:57 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012.11.22 20:15:42 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.11.22 20:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\McAfee
[2012.11.19 17:34:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\PS3 Media Server
[2012.11.19 17:34:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\PMS
[2012.11.19 17:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\PS3 Media Server
[2012.11.19 17:33:31 | 000,000,000 | ---D | C] -- C:\DLN server
[2012.11.19 17:17:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Sun
[2012.11.19 17:17:08 | 000,473,072 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012.11.19 17:16:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pavel\Data aplikací\Sun
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.12.14 13:38:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pavel\Plocha\OTL.exe
[2012.12.14 13:35:46 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RMAutoUpdate.job
[2012.12.14 13:35:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.12.14 13:35:41 | 000,235,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.12.14 13:33:48 | 000,201,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pavel\Plocha\OTC.exe
[2012.12.14 13:25:23 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
[2012.12.14 13:12:04 | 000,001,523 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2012.12.14 13:04:15 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.12.14 12:11:47 | 004,167,720 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Pavel\Plocha\ccsetup325.exe
[2012.12.14 11:56:28 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2012.12.14 10:00:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.12.13 19:51:08 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2012.12.13 11:44:15 | 000,545,819 | ---- | M] () -- C:\Documents and Settings\Pavel\Plocha\adwcleaner.exe
[2012.12.13 09:42:14 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.12.12 19:34:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012.12.12 19:12:25 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.12.12 19:12:25 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.12.12 19:12:22 | 016,363,960 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2012.12.12 18:45:05 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
[2012.12.12 16:37:14 | 000,002,441 | ---- | M] () -- C:\Documents and Settings\Pavel\Plocha\HiJackThis.lnk
[2012.12.12 10:31:04 | 000,295,705 | ---- | M] () -- C:\Documents and Settings\Pavel\Dokumenty\Protect.pdf
[2012.12.11 14:46:25 | 000,001,190 | ---- | M] () -- C:\WINDOWS\System32\ServiceConfig.xml
[2012.12.09 10:07:44 | 000,044,424 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe
[2012.12.09 10:07:44 | 000,013,560 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys
[2012.12.07 11:18:23 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012.12.07 11:18:23 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012.12.04 17:02:08 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Ford Racing 2.lnk
[2012.12.04 11:25:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.12.04 11:24:05 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Pavel\Data aplikací\DriveCalculator Preferences
[2012.12.04 11:23:29 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\Pavel\Plocha\HIB.ini
[2012.11.30 19:46:06 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
[2012.11.26 15:12:06 | 000,001,436 | ---- | M] () -- C:\Documents and Settings\Pavel\Plocha\DivX Movies.lnk
[2012.11.26 15:11:54 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\DivX Plus Player.lnk
[2012.11.26 15:11:39 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\DivX Plus Converter.lnk
[2012.11.22 20:15:46 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.11.22 20:15:46 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.11.22 20:15:46 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.11.22 20:15:46 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012.11.22 20:15:45 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012.11.22 20:15:45 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012.11.22 15:06:19 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\Pavel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.19 18:39:01 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\Pavel\Plocha\PMS.lnk
[2012.11.16 22:12:15 | 000,448,410 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.11.16 22:12:15 | 000,444,516 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2012.11.16 22:12:15 | 000,086,440 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2012.11.16 22:12:15 | 000,074,304 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.12.14 12:12:34 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
[2012.12.13 11:44:14 | 000,545,819 | ---- | C] () -- C:\Documents and Settings\Pavel\Plocha\adwcleaner.exe
[2012.12.12 19:34:03 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012.12.12 19:34:00 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2012.12.12 18:45:05 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
[2012.12.12 16:33:42 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\Pavel\Plocha\HiJackThis.lnk
[2012.12.12 10:31:03 | 000,295,705 | ---- | C] () -- C:\Documents and Settings\Pavel\Dokumenty\Protect.pdf
[2012.12.11 14:46:25 | 000,001,190 | ---- | C] () -- C:\WINDOWS\System32\ServiceConfig.xml
[2012.12.04 17:02:08 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Ford Racing 2.lnk
[2012.11.29 08:11:44 | 000,002,283 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2012.11.19 18:35:21 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\Pavel\Plocha\PMS.lnk
[2012.10.26 16:10:29 | 000,038,560 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2012.10.15 07:44:37 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI
[2012.09.03 12:52:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2012.08.07 14:55:53 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Pavel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.10 17:59:53 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\Pavel\Data aplikací\DriveCalculator Preferences
[2012.05.27 11:57:33 | 000,216,408 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2012.04.12 19:22:26 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2012.04.12 19:22:24 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini
[2012.03.29 13:43:46 | 000,000,158 | ---- | C] () -- C:\WINDOWS\RealFlight.INI
[2012.03.17 20:14:06 | 000,000,061 | R--- | C] () -- C:\WINDOWS\System32\uninstall.ini
[2012.03.12 17:50:08 | 000,000,515 | ---- | C] () -- C:\WINDOWS\Viewer.INI
[2012.03.12 17:10:09 | 000,001,286 | ---- | C] () -- C:\WINDOWS\MyHeritage.INI
[2012.03.12 17:09:30 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2012.03.12 09:40:13 | 000,037,708 | ---- | C] () -- C:\WINDOWS\System32\drivers\ulink.sys
[2012.03.12 09:40:13 | 000,005,406 | ---- | C] () -- C:\WINDOWS\System32\drivers\M5633.bin
[2012.03.11 10:42:35 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2012.03.11 10:42:35 | 000,011,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2012.03.11 10:42:33 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2012.03.11 10:42:33 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2012.03.11 10:42:24 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2012.03.08 21:08:53 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012.03.08 21:08:53 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2012.03.07 17:52:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.24 12:13:57 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012.01.24 12:13:57 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012.01.24 12:13:57 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012.01.24 12:13:38 | 002,128,778 | R--- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012.01.22 17:39:01 | 000,001,523 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2012.01.22 16:40:09 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2012.01.21 18:38:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.01.21 17:58:23 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.01.21 17:57:10 | 000,235,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.01.21 17:26:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.01.21 17:22:47 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2012.01.23 11:38:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.10.31 12:32:37 | 001,510,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:05 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.12.09 13:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ad-Aware Browsing Protection
[2012.04.01 15:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2012.12.14 13:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2012.05.23 14:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET(2)
[2012.03.12 17:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MyHeritage
[2012.01.23 21:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Sony
[2012.09.03 12:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Teleca
[2012.12.14 09:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2012.04.05 07:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Autodesk
[2012.12.09 09:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\blekko
[2012.04.09 16:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\DevProf
[2012.06.10 15:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Kilakeseho Computing
[2012.06.18 16:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\MotoCalc 8
[2012.03.12 17:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\MyHeritage
[2012.04.09 16:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Profili
[2012.01.23 21:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Publish Providers
[2012.01.23 21:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Sony
[2012.01.23 21:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Sony Setup
[2012.09.03 12:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Teleca
[2012.03.12 17:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\The Complete Genealogy Reporter - FTB
[2012.11.02 15:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pavel\Data aplikací\Unity

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:182F0EEA
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:888AFB86
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1

< End of report >

Prosím o kontrolu logu, Search Protection.exe + Vyřešeno

Re: Prosím o kontrolu logu, Search Protection.exe

Re: Prosím o kontrolu logu, Search Protection.exe

Re: Prosím o kontrolu logu, Search Protection.exe

Re: Prosím o kontrolu logu, Search Protection.exe

Re: Prosím o kontrolu logu, Search Protection.exe

Re: Prosím o kontrolu logu, Search Protection.exe

Re: Prosím o kontrolu logu, Search Protection.exe

Re: Prosím o kontrolu logu, Search Protection.exe

Re: Prosím o kontrolu logu, Search Protection.exe

Re: Prosím o kontrolu logu, Search Protection.exe

Re: Prosím o kontrolu logu, Search Protection.exe

Re: Prosím o kontrolu logu, Search Protection.exe

Kdo je online