Problem s Babylonem - Lord Seth

Zpráva

Lord Seth · #1 Příspěvek od **Lord Seth** » 12 srp 2012 21:31

Dobrý den,

mám také problém s Babylonem (toolbar), použil jsem na odstranění Spybota, našel ho, smazal, ale babylon tam pořád je při dalším skenu...

Děkuji

#2 Příspěvek od **Rudy** » 12 srp 2012 21:42

Zdravím!
Dejte log RSIT: http://forum.viry.cz/viewtopic.php?f=13&t=105895 .

Lord Seth · #3 Příspěvek od **Lord Seth** » 12 srp 2012 22:48

Děkuji za rychlost.

Chtěl bych upozornit, že Notebook není můj (tudíž nesouvisí s mým podpisem). Co se týče ochrany, byl teď dodán spybot, jako AV byl Avast, bude Avira

Logfile of random's system information tool 1.09 (written by random/random)
Run by Seth at 2012-08-12 23:22:38
Microsoft Windows 7 Ultimate
System drive C: has 19 GB (55%) free of 35 GB
Total RAM: 3070 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:22:41, on 12.8.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Program Files\C&E\OSD\osd.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
D:\Programs\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Seth\Desktop\RSIT(2).exe
C:\Program Files\trend micro\Seth.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O4 - HKLM\..\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5631] command.com /c del "C:\Windows\svchost.exe_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4366] cmd.exe /c del "C:\Windows\svchost.exe_old"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programs\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB4668] command.com /c del "C:\Windows\svchost.exe_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD729] cmd.exe /c del "C:\Windows\svchost.exe_old"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~2\browse~1\22565~1.25\{16cdf~1\browse~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: OsdService - Unknown owner - C:\Program Files\C&E\OSD\OsdService\OsdService.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\Windows\svchost.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 4098 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\Seth\AppData\Roaming\Mozilla\Firefox\Profiles\v6fu0en0.default

prefs.js - "browser.startup.homepage" - "http://search.babylon.com/?affID=112555 ... 1060d169ac"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
babylon.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0F4A166-B8D4-48b8-9D63-80849FE137CB}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"OSD"=C:\Program Files\C&E\OSD\osd.exe [2007-09-20 561152]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-07-19 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-07-19 8466432]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-07-19 81920]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2012-04-19 336952]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 880064]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA5631"=command.com /c del C:\Windows\svchost.exe_old []
"SpybotDeletingC4366"=cmd.exe /c del C:\Windows\svchost.exe_old []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-07-13 17455280]
"SpybotSD TeaTimer"=D:\Programs\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB4668"=command.com /c del C:\Windows\svchost.exe_old []
"SpybotDeletingD729"=cmd.exe /c del C:\Windows\svchost.exe_old []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~2\browse~1\22565~1.25\{16cdf~1\browse~1.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2012-08-12 23:21:45 ----A---- C:\TDSSKiller.2.7.48.0_12.08.2012_23.21.45_log.txt
2012-08-12 22:23:51 ----D---- C:\rsit
2012-08-12 22:23:51 ----D---- C:\Program Files\trend micro
2012-08-12 22:20:44 ----A---- C:\Windows\wininit.ini
2012-08-12 19:56:00 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-08-12 14:58:18 ----D---- C:\Users\Seth\AppData\Roaming\Mozilla
2012-08-12 14:57:24 ----D---- C:\Windows\system32\Extensions
2012-08-12 14:57:23 ----D---- C:\Windows\system32\searchplugins
2012-08-12 14:50:09 ----D---- C:\ProgramData\Browser Manager
2012-08-12 14:49:49 ----A---- C:\user.js
2012-08-12 14:49:34 ----D---- C:\Users\Seth\AppData\Roaming\YourFileDownloader
2012-08-12 14:49:34 ----D---- C:\Program Files\YourFileDownloader
2012-08-09 15:37:56 ----D---- C:\Windows\system32\appmgmt
2012-08-08 20:09:09 ----HD---- C:\Windows\PIF
2012-08-08 00:34:02 ----D---- C:\Users\Seth\AppData\Roaming\Unity
2012-08-05 23:08:19 ----D---- C:\Windows\Options
2012-08-05 23:08:19 ----D---- C:\Windows\BisonCam
2012-08-05 23:08:06 ----D---- C:\Users\Seth\AppData\Roaming\InstallShield
2012-08-05 22:20:30 ----D---- C:\Users\Seth\AppData\Roaming\Skype
2012-08-05 22:20:22 ----RD---- C:\Program Files\Skype
2012-08-05 22:20:22 ----D---- C:\Program Files\Common Files\Skype
2012-08-05 22:20:16 ----D---- C:\ProgramData\Skype
2012-07-27 08:01:50 ----D---- C:\Program Files\Common Files\Adobe
2012-07-27 08:01:50 ----D---- C:\Program Files\Adobe
2012-07-27 08:00:31 ----D---- C:\ProgramData\Adobe
2012-07-26 12:34:30 ----D---- C:\Users\Seth\AppData\Roaming\LolClient

======List of files/folders modified in the last 1 month======

2012-08-12 23:22:41 ----D---- C:\Windows\Prefetch
2012-08-12 23:22:40 ----D---- C:\Windows\Temp
2012-08-12 23:21:46 ----D---- C:\Windows\system32\drivers
2012-08-12 22:27:54 ----D---- C:\Windows\System32
2012-08-12 22:27:54 ----D---- C:\Windows\inf
2012-08-12 22:27:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-08-12 22:23:51 ----RD---- C:\Program Files
2012-08-12 22:20:44 ----D---- C:\Windows
2012-08-12 21:42:56 ----SHD---- C:\Windows\Installer
2012-08-12 21:42:56 ----HD---- C:\Config.Msi
2012-08-12 21:42:45 ----SHD---- C:\System Volume Information
2012-08-12 21:24:20 ----D---- C:\Windows\system32\Tasks
2012-08-12 21:24:00 ----D---- C:\Windows\Tasks
2012-08-12 21:24:00 ----D---- C:\Windows\system32\wfp
2012-08-12 21:23:58 ----D---- C:\Windows\system32\wbem
2012-08-12 21:23:13 ----D---- C:\Windows\system32\config
2012-08-12 21:23:06 ----D---- C:\Windows\system32\DriverStore
2012-08-12 21:23:06 ----D---- C:\Windows\system32\catroot2
2012-08-12 21:23:00 ----D---- C:\Program Files\WinRAR
2012-08-12 21:23:00 ----D---- C:\Program Files\PowerISO
2012-08-12 21:23:00 ----D---- C:\Program Files\Plus500
2012-08-12 21:23:00 ----D---- C:\Program Files\Mozilla Firefox
2012-08-12 21:23:00 ----D---- C:\Program Files\Common Files\Autodesk Shared
2012-08-12 21:22:59 ----D---- C:\Program Files\CDBurnerXP
2012-08-12 21:22:59 ----D---- C:\Miranda IM
2012-08-12 21:22:59 ----D---- C:\Instalace
2012-08-12 21:22:57 ----D---- C:\Windows\registration
2012-08-12 21:22:36 ----HD---- C:\ProgramData
2012-08-12 17:06:51 ----D---- C:\ProgramData\AVAST Software
2012-08-12 17:06:51 ----D---- C:\Program Files\AVAST Software
2012-08-12 15:03:28 ----D---- C:\Windows\system32\LogFiles
2012-08-12 15:03:26 ----D---- C:\Windows\Panther
2012-08-12 15:03:26 ----D---- C:\Windows\Logs
2012-08-12 15:03:26 ----D---- C:\Windows\debug
2012-08-10 00:57:57 ----D---- C:\Windows\LiveKernelReports
2012-08-07 00:24:48 ----RSD---- C:\Windows\assembly
2012-08-07 00:24:48 ----D---- C:\Windows\Microsoft.NET
2012-08-07 00:24:03 ----D---- C:\Windows\Help
2012-08-07 00:22:16 ----RSD---- C:\Windows\Fonts
2012-08-07 00:20:43 ----D---- C:\ProgramData\Autodesk
2012-08-05 23:08:33 ----D---- C:\Windows\system32\catroot
2012-08-05 23:08:21 ----A---- C:\Windows\win.ini
2012-08-05 23:08:20 ----RSD---- C:\Windows\Media
2012-08-05 23:08:19 ----HD---- C:\Program Files\InstallShield Installation Information
2012-08-05 22:20:22 ----D---- C:\Program Files\Common Files
2012-08-05 19:34:35 ----D---- C:\ProgramData\PMB Files
2012-08-05 19:07:30 ----SD---- C:\ProgramData\Microsoft
2012-08-05 19:06:33 ----D---- C:\Windows\system32\NDF
2012-07-27 10:54:29 ----D---- C:\Windows\rescache
2012-07-27 08:04:07 ----D---- C:\Users\Seth\AppData\Roaming\Adobe
2012-07-27 08:02:22 ----D---- C:\Windows\winsxs
2012-07-18 13:27:51 ----D---- C:\Program Files\Windows Sidebar
2012-07-18 13:27:48 ----D---- C:\Program Files\Internet Explorer
2012-07-18 13:27:47 ----D---- C:\Program Files\Windows Media Player
2012-07-18 13:27:47 ----D---- C:\Program Files\DVD Maker
2012-07-18 13:27:44 ----D---- C:\Windows\system32\cs-CZ
2012-07-18 13:27:44 ----D---- C:\Windows\PolicyDefinitions

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2012-04-19 113072]
R3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 CEBFilter;CEBFilter; \??\C:\Program Files\C&E\OSD\OsdService\cebuffer.sys [2007-09-04 5120]
R3 CEIO;CEIO; \??\C:\Program Files\C&E\OSD\OsdService\ceio.sys [2007-08-31 4608]
R3 cKBFilter;cKBFilter; \??\C:\Program Files\C&E\OSD\OsdService\kbfiltr.sys [2007-08-31 7168]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-14 139776]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-07-14 1068032]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R2 Browser Manager;Browser Manager; C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-08-12 1697312]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 PowerManager;Power Manager; C:\Windows\svchost.exe []
S2 OsdService;OsdService; C:\Program Files\C&E\OSD\OsdService\OsdService.exe [2007-09-03 53248]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 197296]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-05-28 651720]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

Lord Seth · #4 Příspěvek od **Lord Seth** » 13 srp 2012 09:47

Zkoušel jsem to vyčistit nějak podle scénáře, kde se to tady na fóru už řešilo, ale bez výsledku. Taky jsem to zkoušel uzavřít v Mozzile podle jedoho návodu ( přes about:config ...atd.), taky bez výsledku

#5 Příspěvek od **Rudy** » 13 srp 2012 17:46

Lord Seth píše:Chtěl bych upozornit, že Notebook není můj (tudíž nesouvisí s mým podpisem).

Děláte to na výdělek?

Lord Seth · #6 Příspěvek od **Lord Seth** » 13 srp 2012 18:12

Samozřejmě že ne, to bych se ani neopovážil sem dávat !

Snažím se jen pomoc a od Vás jsem čekal totéž, protože předpokládám, že od toho tu toto fórum je.

Vidím, že to je problém, proto mi napište, jestli si to mám vyhledat sám ( či se ptát jinde ) nebo mi pomůžete (či někdo jiný) ?

#7 Příspěvek od **Rudy** » 13 srp 2012 19:13

Lord Seth píše:Samozřejmě že ne, to bych se ani neopovážil sem dávat !

Snažím se jen pomoc a od Vás jsem čekal totéž, protože předpokládám, že od toho tu toto fórum je.

Vidím, že to je problém, proto mi napište, jestli si to mám vyhledat sám ( či se ptát jinde ) nebo mi pomůžete (či někdo jiný) ?

Samozřejmě, že to problém není. Jsem povinen se vás zeptat, protože jste sám řekl:

Chtěl bych upozornit, že Notebook není můj (tudíž nesouvisí s mým podpisem).

Máme pravidla, která jsme si tu vytvořili a já, jako jeden ze spolutvůrců, jsem povinen je dodržovat. Byla to pouze otázka, abych se ubezpečil, že tu nikdo z nás netahá rozumy, které posléze zpeněží. Takové případy jsme tu už měli.

Takže k věci:

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

:commands
[Purity]
[Emptytemp]
[Emptyflash]
[clearallrestorepoints]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

Spybot je poměrně zastaralý software. Odinstalujte a nahraďte normálním antivirem: http://forum.viry.cz/viewforum.php?f=29 , Žádný AV v logu nevidím spuštěný.

Lord Seth · #8 Příspěvek od **Lord Seth** » 14 srp 2012 10:55

Avast nainstalován, ale dal jsem stardantní způsob místo volitelný

(překlikl jsem se), odinstaloval jsem google chrome běžným způsobem, ale vidím, že tu pořád je googleupdate, šlo by dát taky pryč, a nějaký ten WebRep od avastu taky ?

log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Seth at 2012-08-14 11:52:24
Microsoft Windows 7 Ultimate
System drive C: has 19 GB (55%) free of 35 GB
Total RAM: 3070 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:52:35, on 14.8.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Program Files\C&E\OSD\osd.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
D:\Programs\Avast\AvastUI.exe
D:\Programs\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Seth\Desktop\RSIT(2).exe
C:\Program Files\trend micro\Seth.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programs\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programs\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [avast] "D:\Programs\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programs\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~2\browse~1\22565~1.25\{16cdf~1\browse~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - D:\Programs\Avast\AvastSvc.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: OsdService - Unknown owner - C:\Program Files\C&E\OSD\OsdService\OsdService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 4167 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Seth\AppData\Roaming\Mozilla\Firefox\Profiles\v6fu0en0.default

prefs.js - "browser.startup.homepage" - "http://search.babylon.com/?affID=112555 ... 1060d169ac"

"wrc@avast.com"=D:\Programs\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
babylon.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

C:\Users\Seth\AppData\Roaming\Mozilla\Firefox\Profiles\v6fu0en0.default\extensions\
{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - D:\Programs\Avast\aswWebRepIE.dll [2012-07-03 1160792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0F4A166-B8D4-48b8-9D63-80849FE137CB}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - D:\Programs\Avast\aswWebRepIE.dll [2012-07-03 1160792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"OSD"=C:\Program Files\C&E\OSD\osd.exe [2007-09-20 561152]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-07-19 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-07-19 8466432]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-07-19 81920]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2012-04-19 336952]
"avast"=D:\Programs\Avast\avastUI.exe [2012-07-03 4273976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-07-13 17418928]
"SpybotSD TeaTimer"=D:\Programs\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~2\browse~1\22565~1.25\{16cdf~1\browse~1.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2012-08-14 11:52:24 ----D---- C:\rsit
2012-08-14 11:28:07 ----D---- C:\Program Files\Google
2012-08-14 11:28:05 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2012-08-14 11:28:04 ----A---- C:\Windows\system32\drivers\aswSP.sys
2012-08-14 11:28:00 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2012-08-14 11:27:57 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2012-08-14 11:27:56 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2012-08-14 11:27:55 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2012-08-14 11:27:38 ----A---- C:\Windows\avastSS.scr
2012-08-14 11:27:37 ----A---- C:\Windows\system32\aswBoot.exe
2012-08-12 22:23:51 ----D---- C:\Program Files\trend micro
2012-08-12 22:20:44 ----A---- C:\Windows\wininit.ini
2012-08-12 19:56:00 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-08-12 14:58:18 ----D---- C:\Users\Seth\AppData\Roaming\Mozilla
2012-08-12 14:57:24 ----D---- C:\Windows\system32\Extensions
2012-08-12 14:57:23 ----D---- C:\Windows\system32\searchplugins
2012-08-12 14:50:09 ----D---- C:\ProgramData\Browser Manager
2012-08-12 14:49:49 ----A---- C:\user.js
2012-08-12 14:49:34 ----D---- C:\Users\Seth\AppData\Roaming\YourFileDownloader
2012-08-12 14:49:34 ----D---- C:\Program Files\YourFileDownloader
2012-08-09 15:37:56 ----D---- C:\Windows\system32\appmgmt
2012-08-08 20:09:09 ----HD---- C:\Windows\PIF
2012-08-08 00:34:02 ----D---- C:\Users\Seth\AppData\Roaming\Unity
2012-08-05 23:08:19 ----D---- C:\Windows\Options
2012-08-05 23:08:19 ----D---- C:\Windows\BisonCam
2012-08-05 23:08:06 ----D---- C:\Users\Seth\AppData\Roaming\InstallShield
2012-08-05 22:20:30 ----D---- C:\Users\Seth\AppData\Roaming\Skype
2012-08-05 22:20:22 ----RD---- C:\Program Files\Skype
2012-08-05 22:20:22 ----D---- C:\Program Files\Common Files\Skype
2012-08-05 22:20:16 ----D---- C:\ProgramData\Skype
2012-07-27 08:01:50 ----D---- C:\Program Files\Common Files\Adobe
2012-07-27 08:01:50 ----D---- C:\Program Files\Adobe
2012-07-27 08:00:31 ----D---- C:\ProgramData\Adobe
2012-07-26 12:34:30 ----D---- C:\Users\Seth\AppData\Roaming\LolClient

======List of files/folders modified in the last 1 month======

2012-08-14 11:51:15 ----D---- C:\Windows\Temp
2012-08-14 11:50:49 ----D---- C:\Windows\system32\Tasks
2012-08-14 11:48:54 ----D---- C:\Windows\Prefetch
2012-08-14 11:43:44 ----D---- C:\Windows
2012-08-14 11:42:31 ----D---- C:\Program Files\WinRAR
2012-08-14 11:42:22 ----D---- C:\Program Files\PowerISO
2012-08-14 11:42:21 ----D---- C:\Program Files\Plus500
2012-08-14 11:42:18 ----D---- C:\Program Files\Mozilla Firefox
2012-08-14 11:41:48 ----D---- C:\Program Files\Common Files\Autodesk Shared
2012-08-14 11:41:31 ----D---- C:\Program Files\CDBurnerXP
2012-08-14 11:36:52 ----D---- C:\Instalace
2012-08-14 11:31:03 ----D---- C:\Windows\System32
2012-08-14 11:28:16 ----SHD---- C:\Windows\Installer
2012-08-14 11:28:16 ----HD---- C:\Config.Msi
2012-08-14 11:28:13 ----D---- C:\Windows\Tasks
2012-08-14 11:28:07 ----RD---- C:\Program Files
2012-08-14 11:28:05 ----D---- C:\Windows\system32\drivers
2012-08-14 11:27:21 ----D---- C:\ProgramData\AVAST Software
2012-08-14 11:27:18 ----SHD---- C:\System Volume Information
2012-08-13 11:26:55 ----D---- C:\Windows\system32\config
2012-08-13 09:49:55 ----D---- C:\Windows\system32\LogFiles
2012-08-12 22:27:54 ----D---- C:\Windows\inf
2012-08-12 22:27:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-08-12 21:24:00 ----D---- C:\Windows\system32\wfp
2012-08-12 21:23:58 ----D---- C:\Windows\system32\wbem
2012-08-12 21:23:06 ----D---- C:\Windows\system32\DriverStore
2012-08-12 21:23:06 ----D---- C:\Windows\system32\catroot2
2012-08-12 21:22:59 ----D---- C:\Miranda IM
2012-08-12 21:22:57 ----D---- C:\Windows\registration
2012-08-12 21:22:36 ----HD---- C:\ProgramData
2012-08-12 17:06:51 ----D---- C:\Program Files\AVAST Software
2012-08-12 15:03:26 ----D---- C:\Windows\Panther
2012-08-12 15:03:26 ----D---- C:\Windows\Logs
2012-08-12 15:03:26 ----D---- C:\Windows\debug
2012-08-10 00:57:57 ----D---- C:\Windows\LiveKernelReports
2012-08-07 00:24:48 ----RSD---- C:\Windows\assembly
2012-08-07 00:24:48 ----D---- C:\Windows\Microsoft.NET
2012-08-07 00:24:03 ----D---- C:\Windows\Help
2012-08-07 00:22:16 ----RSD---- C:\Windows\Fonts
2012-08-07 00:20:43 ----D---- C:\ProgramData\Autodesk
2012-08-05 23:08:33 ----D---- C:\Windows\system32\catroot
2012-08-05 23:08:21 ----A---- C:\Windows\win.ini
2012-08-05 23:08:20 ----RSD---- C:\Windows\Media
2012-08-05 23:08:19 ----HD---- C:\Program Files\InstallShield Installation Information
2012-08-05 22:20:22 ----D---- C:\Program Files\Common Files
2012-08-05 19:34:35 ----D---- C:\ProgramData\PMB Files
2012-08-05 19:07:30 ----SD---- C:\ProgramData\Microsoft
2012-08-05 19:06:33 ----D---- C:\Windows\system32\NDF
2012-07-27 10:54:29 ----D---- C:\Windows\rescache
2012-07-27 08:04:07 ----D---- C:\Users\Seth\AppData\Roaming\Adobe
2012-07-27 08:02:22 ----D---- C:\Windows\winsxs
2012-07-18 13:27:51 ----D---- C:\Program Files\Windows Sidebar
2012-07-18 13:27:48 ----D---- C:\Program Files\Internet Explorer
2012-07-18 13:27:47 ----D---- C:\Program Files\Windows Media Player
2012-07-18 13:27:47 ----D---- C:\Program Files\DVD Maker
2012-07-18 13:27:44 ----D---- C:\Windows\system32\cs-CZ
2012-07-18 13:27:44 ----D---- C:\Windows\PolicyDefinitions

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-07-03 44784]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-07-03 721000]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-07-03 353688]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-07-03 54232]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2012-04-19 113072]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-07-03 21256]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-07-03 57656]
R3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 CEBFilter;CEBFilter; \??\C:\Program Files\C&E\OSD\OsdService\cebuffer.sys [2007-09-04 5120]
R3 CEIO;CEIO; \??\C:\Program Files\C&E\OSD\OsdService\ceio.sys [2007-08-31 4608]
R3 cKBFilter;cKBFilter; \??\C:\Program Files\C&E\OSD\OsdService\kbfiltr.sys [2007-08-31 7168]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-14 139776]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-07-14 1068032]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R2 avast! Antivirus;avast! Antivirus; D:\Programs\Avast\AvastSvc.exe [2012-07-03 44808]
R2 Browser Manager;Browser Manager; C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-08-12 1697312]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-08-14 136176]
S2 OsdService;OsdService; C:\Program Files\C&E\OSD\OsdService\OsdService.exe [2007-09-03 53248]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-05-28 651720]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-08-14 136176]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

#9 Příspěvek od **Rudy** » 14 srp 2012 18:00

Znovu spusťte OTM a do levého okna zkopírujte:

:files
C:\Program Files\Google\Update
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

:services
gupdate
gupdatem

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
[-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]

:commands
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt<. Avast během skenu vypněte a restartujte PC. Spybot je nutné odinstalovat, je nebezpečí kolize s Avastem.

Lord Seth · #10 Příspěvek od **Lord Seth** » 14 srp 2012 18:34

Provedeno, posílám nový log. Jinak co se týče nutnosti odinstalovat Spybota, jak je to "horké" ? Neboť ho používám velmi dlouho i vedle s Avastem a nalezne mi více věcí než například superantispyware nebo MWAB, mám s ním opravdu dobré zkušenosti, ale pokud je to velká potíž, dám ho pryč.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Seth at 2012-08-14 19:33:18
Microsoft Windows 7 Ultimate
System drive C: has 19 GB (55%) free of 35 GB
Total RAM: 3070 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:33:28, on 14.8.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Program Files\C&E\OSD\osd.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
D:\Programs\Avast\AvastUI.exe
C:\Program Files\Skype\Phone\Skype.exe
D:\Programs\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Seth\Desktop\RSIT(2).exe
C:\Program Files\trend micro\Seth.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programs\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programs\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [avast] "D:\Programs\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programs\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~2\browse~1\22565~1.25\{16cdf~1\browse~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - D:\Programs\Avast\AvastSvc.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: OsdService - Unknown owner - C:\Program Files\C&E\OSD\OsdService\OsdService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 4049 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\Seth\AppData\Roaming\Mozilla\Firefox\Profiles\v6fu0en0.default

prefs.js - "browser.startup.homepage" - "http://search.babylon.com/?affID=112555 ... 1060d169ac"

"wrc@avast.com"=D:\Programs\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
babylon.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

C:\Users\Seth\AppData\Roaming\Mozilla\Firefox\Profiles\v6fu0en0.default\extensions\
{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - D:\Programs\Avast\aswWebRepIE.dll [2012-07-03 1160792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0F4A166-B8D4-48b8-9D63-80849FE137CB}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - D:\Programs\Avast\aswWebRepIE.dll [2012-07-03 1160792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"OSD"=C:\Program Files\C&E\OSD\osd.exe [2007-09-20 561152]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-07-19 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-07-19 8466432]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-07-19 81920]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2012-04-19 336952]
"avast"=D:\Programs\Avast\avastUI.exe [2012-07-03 4273976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-07-13 17418928]
"SpybotSD TeaTimer"=D:\Programs\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~2\browse~1\22565~1.25\{16cdf~1\browse~1.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2012-08-14 19:28:35 ----D---- C:\_OTM
2012-08-14 11:52:24 ----D---- C:\rsit
2012-08-14 11:28:07 ----D---- C:\Program Files\Google
2012-08-14 11:28:05 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2012-08-14 11:28:04 ----A---- C:\Windows\system32\drivers\aswSP.sys
2012-08-14 11:28:00 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2012-08-14 11:27:57 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2012-08-14 11:27:56 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2012-08-14 11:27:55 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2012-08-14 11:27:38 ----A---- C:\Windows\avastSS.scr
2012-08-14 11:27:37 ----A---- C:\Windows\system32\aswBoot.exe
2012-08-12 22:23:51 ----D---- C:\Program Files\trend micro
2012-08-12 22:20:44 ----A---- C:\Windows\wininit.ini
2012-08-12 19:56:00 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-08-12 14:58:18 ----D---- C:\Users\Seth\AppData\Roaming\Mozilla
2012-08-12 14:57:24 ----D---- C:\Windows\system32\Extensions
2012-08-12 14:57:23 ----D---- C:\Windows\system32\searchplugins
2012-08-12 14:50:09 ----D---- C:\ProgramData\Browser Manager
2012-08-12 14:49:49 ----A---- C:\user.js
2012-08-12 14:49:34 ----D---- C:\Users\Seth\AppData\Roaming\YourFileDownloader
2012-08-12 14:49:34 ----D---- C:\Program Files\YourFileDownloader
2012-08-09 15:37:56 ----D---- C:\Windows\system32\appmgmt
2012-08-08 20:09:09 ----HD---- C:\Windows\PIF
2012-08-08 00:34:02 ----D---- C:\Users\Seth\AppData\Roaming\Unity
2012-08-05 23:08:19 ----D---- C:\Windows\Options
2012-08-05 23:08:19 ----D---- C:\Windows\BisonCam
2012-08-05 23:08:06 ----D---- C:\Users\Seth\AppData\Roaming\InstallShield
2012-08-05 22:20:30 ----D---- C:\Users\Seth\AppData\Roaming\Skype
2012-08-05 22:20:22 ----RD---- C:\Program Files\Skype
2012-08-05 22:20:22 ----D---- C:\Program Files\Common Files\Skype
2012-08-05 22:20:16 ----D---- C:\ProgramData\Skype
2012-07-27 08:01:50 ----D---- C:\Program Files\Common Files\Adobe
2012-07-27 08:01:50 ----D---- C:\Program Files\Adobe
2012-07-27 08:00:31 ----D---- C:\ProgramData\Adobe
2012-07-26 12:34:30 ----D---- C:\Users\Seth\AppData\Roaming\LolClient

======List of files/folders modified in the last 1 month======

2012-08-14 19:32:28 ----D---- C:\Windows\Temp
2012-08-14 19:32:22 ----D---- C:\Windows\system32\Tasks
2012-08-14 19:28:02 ----D---- C:\Windows\Prefetch
2012-08-14 12:39:05 ----D---- C:\Windows\system32\config
2012-08-14 12:33:09 ----SHD---- C:\Windows\Installer
2012-08-14 12:33:09 ----HD---- C:\Config.Msi
2012-08-14 12:33:09 ----D---- C:\Windows\Tasks
2012-08-14 11:43:44 ----D---- C:\Windows
2012-08-14 11:42:31 ----D---- C:\Program Files\WinRAR
2012-08-14 11:42:22 ----D---- C:\Program Files\PowerISO
2012-08-14 11:42:21 ----D---- C:\Program Files\Plus500
2012-08-14 11:42:18 ----D---- C:\Program Files\Mozilla Firefox
2012-08-14 11:41:48 ----D---- C:\Program Files\Common Files\Autodesk Shared
2012-08-14 11:41:31 ----D---- C:\Program Files\CDBurnerXP
2012-08-14 11:36:52 ----D---- C:\Instalace
2012-08-14 11:31:03 ----D---- C:\Windows\System32
2012-08-14 11:28:07 ----RD---- C:\Program Files
2012-08-14 11:28:05 ----D---- C:\Windows\system32\drivers
2012-08-14 11:27:21 ----D---- C:\ProgramData\AVAST Software
2012-08-14 11:27:18 ----SHD---- C:\System Volume Information
2012-08-13 09:49:55 ----D---- C:\Windows\system32\LogFiles
2012-08-12 22:27:54 ----D---- C:\Windows\inf
2012-08-12 22:27:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-08-12 21:24:00 ----D---- C:\Windows\system32\wfp
2012-08-12 21:23:58 ----D---- C:\Windows\system32\wbem
2012-08-12 21:23:06 ----D---- C:\Windows\system32\DriverStore
2012-08-12 21:23:06 ----D---- C:\Windows\system32\catroot2
2012-08-12 21:22:59 ----D---- C:\Miranda IM
2012-08-12 21:22:57 ----D---- C:\Windows\registration
2012-08-12 21:22:36 ----HD---- C:\ProgramData
2012-08-12 17:06:51 ----D---- C:\Program Files\AVAST Software
2012-08-12 15:03:26 ----D---- C:\Windows\Panther
2012-08-12 15:03:26 ----D---- C:\Windows\Logs
2012-08-12 15:03:26 ----D---- C:\Windows\debug
2012-08-10 00:57:57 ----D---- C:\Windows\LiveKernelReports
2012-08-07 00:24:48 ----RSD---- C:\Windows\assembly
2012-08-07 00:24:48 ----D---- C:\Windows\Microsoft.NET
2012-08-07 00:24:03 ----D---- C:\Windows\Help
2012-08-07 00:22:16 ----RSD---- C:\Windows\Fonts
2012-08-07 00:20:43 ----D---- C:\ProgramData\Autodesk
2012-08-05 23:08:33 ----D---- C:\Windows\system32\catroot
2012-08-05 23:08:21 ----A---- C:\Windows\win.ini
2012-08-05 23:08:20 ----RSD---- C:\Windows\Media
2012-08-05 23:08:19 ----HD---- C:\Program Files\InstallShield Installation Information
2012-08-05 22:20:22 ----D---- C:\Program Files\Common Files
2012-08-05 19:34:35 ----D---- C:\ProgramData\PMB Files
2012-08-05 19:07:30 ----SD---- C:\ProgramData\Microsoft
2012-08-05 19:06:33 ----D---- C:\Windows\system32\NDF
2012-07-27 10:54:29 ----D---- C:\Windows\rescache
2012-07-27 08:04:07 ----D---- C:\Users\Seth\AppData\Roaming\Adobe
2012-07-27 08:02:22 ----D---- C:\Windows\winsxs
2012-07-18 13:27:51 ----D---- C:\Program Files\Windows Sidebar
2012-07-18 13:27:48 ----D---- C:\Program Files\Internet Explorer
2012-07-18 13:27:47 ----D---- C:\Program Files\Windows Media Player
2012-07-18 13:27:47 ----D---- C:\Program Files\DVD Maker
2012-07-18 13:27:44 ----D---- C:\Windows\system32\cs-CZ
2012-07-18 13:27:44 ----D---- C:\Windows\PolicyDefinitions

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-07-03 44784]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-07-03 721000]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-07-03 353688]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-07-03 54232]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2012-04-19 113072]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-07-03 21256]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-07-03 57656]
R3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 CEBFilter;CEBFilter; \??\C:\Program Files\C&E\OSD\OsdService\cebuffer.sys [2007-09-04 5120]
R3 CEIO;CEIO; \??\C:\Program Files\C&E\OSD\OsdService\ceio.sys [2007-08-31 4608]
R3 cKBFilter;cKBFilter; \??\C:\Program Files\C&E\OSD\OsdService\kbfiltr.sys [2007-08-31 7168]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-14 139776]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-07-14 1068032]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R2 avast! Antivirus;avast! Antivirus; D:\Programs\Avast\AvastSvc.exe [2012-07-03 44808]
R2 Browser Manager;Browser Manager; C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-08-12 1697312]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S2 OsdService;OsdService; C:\Program Files\C&E\OSD\OsdService\OsdService.exe [2007-09-03 53248]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-05-28 651720]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

#11 Příspěvek od **Rudy** » 14 srp 2012 18:48

Provedeno, posílám nový log. Jinak co se týče nutnosti odinstalovat Spybota, jak je to "horké" ? Neboť ho používám velmi dlouho i vedle s Avastem a nalezne mi více věcí než například superantispyware nebo MWAB, mám s ním opravdu dobré zkušenosti, ale pokud je to velká potíž, dám ho pryč.

Vypněte TeaTimer a nemělo by se nic stát. Spybot je ale sw, který ja dávno za svým zenitem. S vypnutým TeaTimerem by nemělo ke kolizi dojít.

Dvouklikem na soubor C:\Program Files\trend micro\Seth.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v oteveném okně vlevo ve čtverečcích zaškrtněte:

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)

Klikněte na >FixChecked<. Pak znovu spusťte OTM a klikněte na >CleanUp<. OTM po sobě uklidí. Nakonec restartujte PC.

Lord Seth · #12 Příspěvek od **Lord Seth** » 14 srp 2012 18:57

myslím, že se to nesmazalo, všechny aplikace jsem měl zavřené

Lord Seth · #13 Příspěvek od **Lord Seth** » 14 srp 2012 18:57

#14 Příspěvek od **Rudy** » 14 srp 2012 19:04

Ne všechno jde fixnout. Toto jsou jen neškodné pozůstatky, které, kdyby šly fixnout zmizely by z registry. Nic víc, nic míň.

Lord Seth · #15 Příspěvek od **Lord Seth** » 14 srp 2012 19:10

dobrá, od OTM uklizeno a restartováno, nicméně babylon pořád setrvává...

co dál?

co kdybych prostě přeinstaloval mozzilu?

VIRY.CZ

Problem s Babylonem - Lord Seth

Problem s Babylonem - Lord Seth

Re: Problem s Babylonem - Lord Seth

Re: Problem s Babylonem - Lord Seth

Re: Problem s Babylonem - Lord Seth

Re: Problem s Babylonem - Lord Seth

Re: Problem s Babylonem - Lord Seth

Re: Problem s Babylonem - Lord Seth

Re: Problem s Babylonem - Lord Seth

Re: Problem s Babylonem - Lord Seth

Re: Problem s Babylonem - Lord Seth

Re: Problem s Babylonem - Lord Seth

Re: Problem s Babylonem - Lord Seth

Re: Problem s Babylonem - Lord Seth

Re: Problem s Babylonem - Lord Seth

Re: Problem s Babylonem - Lord Seth