Prosim o kontrolu

[ANGILO]

Logfile of random's system information tool 1.09 (written by random/random)
Run by User at 2011-09-03 04:08:48
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 19 GB (50%) free of 38 GB
Total RAM: 991 MB (56% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1217375306.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default

prefs.js - "browser.startup.homepage" - "http://start.icq.com/"
prefs.js - "extensions.enabledItems" - "{800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7, {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03, {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198, toolbar@ask.com:3.12.5.17640, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.20"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.1.7&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe Flash Player 9.0
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

C:\Program Files\Mozilla Firefox\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
flashplayer.xpt
npnul32.dll
NPOFF12.DLL
NPSWF32.dll
NPSWF32_FlashUtil.exe

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\
toolbar@ask.com
{800b5000-a755-47e1-992b-48a1c1357f07}

C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\searchplugins\
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-18.xml
icqplugin-19.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.gif
icqplugin.src
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll [2008-12-30 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Foxit PDF Creator Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-07-26 1493160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Foxit PDF Creator Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-07-26 1493160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTPreset"=C:\WINDOWS\system32\VTPreset.exe [2004-02-24 45056]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"CnxDslTaskBar"=c:\program files\microcom\adsl deskporte usb\CnxDslTb.exe [2004-06-16 233472]
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2011-07-26 397992]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-04-21 281768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2007-12-02 1230848]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-09-20 202024]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-03-09 26100520]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2010-11-16 172856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Shortcut to RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe

C:\Documents and Settings\User\Start Menu\Programs\Startup
RocketDock.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
UberIcon.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
Y'z Toolbar.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-01-17 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoSMMyPictures"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

======List of files/folders created in the last 1 month======

2011-09-03 04:08:49 ----D---- C:\Program Files\trend micro
2011-09-03 04:08:48 ----D---- C:\rsit
2011-09-03 03:46:52 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2011-09-03 03:46:47 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2011-09-03 03:46:47 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys
2011-09-03 03:46:47 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2011-09-03 03:46:47 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys
2011-09-03 03:46:44 ----D---- C:\Program Files\Avira
2011-09-03 03:46:44 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2011-09-03 03:11:36 ----D---- C:\WINDOWS\temp
2011-09-03 03:11:32 ----A---- C:\ComboFix.txt
2011-09-03 02:53:26 ----A---- C:\WINDOWS\zip.exe
2011-09-03 02:53:26 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-09-03 02:53:26 ----A---- C:\WINDOWS\SWSC.exe
2011-09-03 02:53:26 ----A---- C:\WINDOWS\SWREG.exe
2011-09-03 02:53:26 ----A---- C:\WINDOWS\sed.exe
2011-09-03 02:53:26 ----A---- C:\WINDOWS\PEV.exe
2011-09-03 02:53:26 ----A---- C:\WINDOWS\NIRCMD.exe
2011-09-03 02:53:26 ----A---- C:\WINDOWS\MBR.exe
2011-09-03 02:53:26 ----A---- C:\WINDOWS\grep.exe
2011-09-03 02:53:01 ----D---- C:\WINDOWS\ERDNT
2011-09-03 02:52:40 ----D---- C:\Qoobox
2011-09-03 01:49:13 ----D---- C:\Documents and Settings\User\Application Data\Foxit Software
2011-09-03 01:47:13 ----D---- C:\Program Files\Ask.com
2011-09-03 01:45:07 ----D---- C:\Program Files\Foxit Software
2011-09-03 00:22:26 ----D---- C:\Program Files\CCleaner
2011-09-02 23:52:03 ----D---- C:\Documents and Settings\User\Application Data\Malwarebytes
2011-09-02 23:51:59 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-09-02 23:51:59 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-09-02 23:51:56 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-08-08 09:13:23 ----D---- C:\Program Files\Common Files\Adobe

======List of files/folders modified in the last 1 month======

2011-09-03 04:08:49 ----RD---- C:\Program Files
2011-09-03 03:46:52 ----D---- C:\WINDOWS\system32\drivers
2011-09-03 03:44:39 ----D---- C:\Config.Msi
2011-09-03 03:44:38 ----SHD---- C:\WINDOWS\Installer
2011-09-03 03:44:37 ----D---- C:\WINDOWS\WinSxS
2011-09-03 03:43:27 ----D---- C:\WINDOWS
2011-09-03 03:23:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2011-09-03 03:16:41 ----D---- C:\WINDOWS\Prefetch
2011-09-03 03:10:25 ----D---- C:\WINDOWS\repair
2011-09-03 03:08:11 ----A---- C:\WINDOWS\system.ini
2011-09-03 03:07:51 ----D---- C:\WINDOWS\system32\drivers\etc
2011-09-03 03:03:12 ----D---- C:\WINDOWS\system32
2011-09-03 03:03:12 ----D---- C:\WINDOWS\AppPatch
2011-09-03 03:03:04 ----D---- C:\Program Files\Common Files
2011-09-03 02:56:57 ----D---- C:\WINDOWS\system32\CatRoot2
2011-09-03 02:53:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-09-03 02:30:38 ----D---- C:\Documents and Settings\User\Application Data\Skype
2011-09-03 01:47:31 ----SD---- C:\WINDOWS\Tasks
2011-09-03 00:30:23 ----D---- C:\WINDOWS\SoftwareDistribution
2011-09-03 00:30:22 ----D---- C:\WINDOWS\Minidump
2011-09-03 00:30:22 ----D---- C:\WINDOWS\Debug
2011-09-02 23:37:43 ----D---- C:\Documents and Settings\User\Application Data\skypePM
2011-09-02 14:31:46 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2011-08-24 12:44:44 ----D---- C:\Program Files\Mozilla Firefox
2011-08-08 09:13:23 ----D---- C:\Documents and Settings\User\Application Data\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-01 27904]
R0 videX32;videX32; C:\WINDOWS\system32\drivers\videX32.sys [2007-12-15 9216]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2008-07-29 82380]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-07-21 138192]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-07-21 66616]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-12-15 62336]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 S3Psddr;S3Psddr; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2004-08-13 167168]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2007-12-15 20608]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2007-09-19 207488]
S1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
S3 catchme;catchme; \??\C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys []
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver; C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-06-16 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver; C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-06-16 614272]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver; C:\WINDOWS\system32\DRIVERS\CnxTgNP.sys [2004-06-16 60416]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-03 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-04-07 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-04-07 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-22 21568]
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-12-15 12160]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2007-01-17 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-01-17 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-07-21 269480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Security\Ad-Aware 2007\aawservice.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-04-07 65795]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

-----------------EOF-----------------

[cernohous13]

Zdravím,

dávat log RSIT po spuštění ComboFixu je skoro zbytečné.
Zkopíruj sem obsah C:\ComboFix.txt

[ANGILO]

ComboFix 11-09-02.04 - User 03.09.2011 2:58.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.991.596 [GMT -7:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\wu1n.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-08-03 to 2011-09-03 )))))))))))))))))))))))))))))))
.
.
2011-09-03 09:00 . 2011-09-03 09:00 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\AskToolbar
2011-09-03 08:49 . 2011-09-03 08:49 -------- d-----w- c:\documents and settings\User\Application Data\Foxit Software
2011-09-03 08:47 . 2011-09-03 08:47 -------- d-----w- c:\program files\Ask.com
2011-09-03 08:45 . 2011-09-03 08:45 -------- d-----w- c:\program files\Foxit Software
2011-09-03 07:22 . 2011-09-03 07:22 -------- d-----w- c:\program files\CCleaner
2011-09-03 06:52 . 2011-09-03 06:52 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2011-09-03 06:51 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-03 06:51 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-03 06:51 . 2011-09-03 06:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-08 16:13 . 2011-08-08 16:16 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Adobe
2011-08-08 16:13 . 2011-08-08 16:13 -------- d-----w- c:\program files\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2007-12-15 . 409B44CE625776DB74EAA63F24E9D4E4 . 360704 . . [5.1.2600.3002] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2007-12-15 . F4E523B589D6FFD4996F70D0AC3EAFBB . 71000 . . [7.0.6000.374] . . c:\windows\system32\wuauclt.exe
.
[-] 2007-12-15 . 9049AEB84B3D03D191FED77596659A2F . 5019648 . . [7.00.6000.20641] . . c:\windows\system32\mshtml.dll
.
[-] 2007-12-15 . F94FCB933108FBE7F58E7185048240A1 . 1258496 . . [7.00.6000.20627] . . c:\windows\system32\wininet.dll
.
[-] 2007-12-15 . 1907F8C086A0C6CD93D7726E304D9721 . 3195392 . . [6.00.2900.2894] . . c:\windows\explorer.exe
.
[-] 2007-12-15 . 86889D12DB125D402D618ED36BF7E166 . 2221824 . . [5.1.2600.3093] . . c:\windows\system32\ntkrnlpa.exe
.
[-] 2007-12-15 . 31610D15A02CE89554172A03E5268EFA . 2345216 . . [5.1.2600.3093] . . c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-07-27 01:23 1493160 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-27 1493160]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-27 1493160]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-12-03 1230848]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2010-11-16 172856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="c:\program files\microcom\adsl deskporte usb\CnxDslTb.exe Microcom\ADSL DeskPorte USB" [X]
"VTPreset"="VTPreset.exe" [2004-02-24 45056]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-07-27 397992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-12-15 124928]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
RocketDock.lnk - c:\windows\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe [2006-5-14 344064]
UberIcon.lnk - c:\windows\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe [2006-2-5 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe [2002-9-30 131072]
Y'z Toolbar.lnk - c:\windows\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe [2002-9-29 90112]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Shortcut to RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [N/A]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"37023:UDP"= 37023:UDP:DebugBoot PublishWorks
"30496:TCP"= 30496:TCP:DebugBoot WorksUS
"3675:UDP"= 3675:UDP:DebugBoot NETOffline
"55928:TCP"= 55928:TCP:DebugBoot ModemWeb
.
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [14.7.2009 11:45 222968]
S2 winprov;Support Browser;c:\windows\system32\svchost.exe -k netsvcs [3.8.2004 21:00 14336]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [24.7.2008 19:34 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [24.7.2008 19:34 614272]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\drivers\CnxTgNP.sys [24.7.2008 19:40 60416]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
winprov
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2007-12-15 21:36 124928 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2009-05-24 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1100 series5E771253C1676EBED677BF361FDFC537825E15B8217375306.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 07:52]
.
2011-09-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-07-27 01:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 217.73.16.2 192.168.1.1
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Foxit PDF Creator Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.
- - - - ORPHANS REMOVED - - - -
.
Notify-WBSrv - c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-03 03:08
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winprov]
"ServiceDll"="c:\windows\system32\pkpdxxct.dll"
.
Completion time: 2011-09-03 03:11:30
ComboFix-quarantined-files.txt 2011-09-03 10:11
.
Pre-Run: 19 851 784 192 bytes free
Post-Run: 12 adresárov, 20 309 544 960 voľných bajtov
.
- - End Of File - - 8226E6C9B8D1742E019FC32852402469

[cernohous13]

Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFscriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.

ComboFix se spustí - počkej na log a vlož ho sem.

CFscript

Kód: Vybrat vše

KillAll::

File::
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
c:\windows\system32\pkpdxxct.dll

Folder::
c:\program files\Ask.com

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"ApnUpdater"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winprov]

Driver::
winprov

NetSvc::
winprov

Firefox::
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\
FF - Ext: Foxit PDF Creator Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com

Collect::
c:\windows\system32\pkpdxxct.dll

[ANGILO]

ComboFix 11-09-02.04 - User 03.09.2011 7:06.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.991.558 [GMT -7:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFscript.txt
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"c:\windows\system32\pkpdxxct.dll"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\datastore\cache.sqlite
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\defaults.js.bak
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\defaults\preferences\defaults.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\defaults\preferences\defaults.js.bak
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome.manifest
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\about.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\about.xul
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\bindings.xml
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\button-bindings.xml
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\cache.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\constants.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\core.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\custom-command-listener.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\dynamic-button-manager.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\dynamic-button.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\events.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\feeds.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\http-headers.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\json.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\lifecycle.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\listeners.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\locale.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\logger.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\network.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\newtab-manager.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\newtab-overlay.xul
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\newtab.html
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\newtab.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\notification-popup-controller.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\notification-popup-ff3.xul
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\notification-popup.xul
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\notification.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\observer.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\options.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\options.xul
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\preferences.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\prefetch.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\ss-popup-bindings.xml
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\suggestions.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\update.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\updateRdf.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\utilities.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\webframe-bindings.xml
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\webframe-manager.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\widget-controller.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\widget-popup.xul
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\content\widgets.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\abc.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\amazon_16x.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\as.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\ask_16x16.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\ask_32x32.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\ask_blue_logo.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\ask_browser_ff_chrome.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\asklogo.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\b-p.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\b.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\bbc_news.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\beppe_grillo.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\bg.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\bild.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\bl-pbl.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\bl-pbr.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\bl.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\blogs.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\br-pbl.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\br-pbr.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\br.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\business.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\businessRU.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\celebrity.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\close.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\cnn_16x.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\corriere_della_sera.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\creator.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\dictionary.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\el_mundo.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\email_16x.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\expansion.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\facebook_16x.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\film1.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\folha.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\foxit-logo.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\foxit-logo16.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\FoxitMessages.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\ft.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\ftd.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\g1.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\games_16x.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\gazzetta_dello_sport.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\globe_18x.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\gripper.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\highlighter_off.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\highlighter_on.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\history.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\hola.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\chevron.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\images.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\kicker.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\l.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\labels-de.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\labels-en.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\labels-es.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\labels-fr.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\labels-it.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\labels-nl.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\labels-pt.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\labels-ru.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\laposte.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\lemonde.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\lequipe.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\libero_it.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\links-BR.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\links-DE.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\links-ES.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\links-EU.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\links-FR.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\links-IT.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\links-NL.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\links-RU.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\links-UK.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\links-US.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\logo_32x32.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\magnify_search.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\maps.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\mtv.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\news.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\newsNL.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\newsRU.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\newtab.css
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\newtab_bkg.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\newtab_search_bkg.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\notification.css
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\oglobo.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\orkut.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\personas.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\preferences.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\Products.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\r.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\radiodigital.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\search.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\search_ask.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\search_ask_de.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\search_ask_es.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\search_ask_fr.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\search_ask_it.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\search_ask_nl.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\search_ask_pl.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\search_ask_pt.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\search_ask_ru.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\search_cobrand.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\search_current_site.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\search_de.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\search_es.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\search_fr.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\search_grey_73x24.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\search_it.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\search_nl.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\search_pl.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\search_pt.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\search_ru.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\service.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\shopping.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\sports.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\sportsNL.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\sportsRU.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\stocks.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\t-p.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\t.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\terra.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\titlebar_bg.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\tl-ptl.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\tl-ptr.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\tl.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\toolbar.css
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\toolbar.xul
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\tr-ptl.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\tr-ptr.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\tr.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\tv.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\tv_movie_de.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\uol.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\vk.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\voici_16x.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\weather.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\web.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\wordoftheday_16x.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\youtube_16x.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\skin\zoomall.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-03-Sep-2011-09-20-06-GMT\ff-config.zip
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\install.rdf
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\logs\asktb-log-1315041597352.html
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\toolbar@ask.com\logs\asktb-log-1315041630272.html
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cb_2cc.ico
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_2cb.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINPROV
-------\Service_winprov
.
.
((((((((((((((((((((((((( Files Created from 2011-08-03 to 2011-09-03 )))))))))))))))))))))))))))))))
.
.
2011-09-03 13:13 . 2011-09-03 13:13 -------- d-----w- c:\windows\system32\wbem\snmp
2011-09-03 13:13 . 2011-09-03 13:13 -------- d-----w- c:\windows\system32\xircom
2011-09-03 13:12 . 2011-09-03 13:12 -------- d-----w- c:\program files\microsoft frontpage
2011-09-03 11:08 . 2011-09-03 11:08 -------- d-----w- c:\program files\trend micro
2011-09-03 11:08 . 2011-09-03 11:09 -------- d-----w- C:\rsit
2011-09-03 10:46 . 2011-07-21 19:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-09-03 10:46 . 2011-07-21 19:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-09-03 10:46 . 2010-06-17 22:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-09-03 10:46 . 2010-06-17 22:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-09-03 10:46 . 2011-09-03 10:46 -------- d-----w- c:\program files\Avira
2011-09-03 10:46 . 2011-09-03 10:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-09-03 09:00 . 2011-09-03 10:43 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\AskToolbar
2011-09-03 08:49 . 2011-09-03 08:49 -------- d-----w- c:\documents and settings\User\Application Data\Foxit Software
2011-09-03 08:45 . 2011-09-03 08:45 -------- d-----w- c:\program files\Foxit Software
2011-09-03 07:22 . 2011-09-03 07:22 -------- d-----w- c:\program files\CCleaner
2011-09-03 06:52 . 2011-09-03 06:52 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2011-09-03 06:51 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-03 06:51 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-08 16:13 . 2011-08-08 16:16 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Adobe
2011-08-08 16:13 . 2011-08-08 16:13 -------- d-----w- c:\program files\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2007-12-15 . 409B44CE625776DB74EAA63F24E9D4E4 . 360704 . . [5.1.2600.3002] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2007-12-15 . F4E523B589D6FFD4996F70D0AC3EAFBB . 71000 . . [7.0.6000.374] . . c:\windows\system32\wuauclt.exe
.
[-] 2007-12-15 . 9049AEB84B3D03D191FED77596659A2F . 5019648 . . [7.00.6000.20641] . . c:\windows\system32\mshtml.dll
.
[-] 2007-12-15 . F94FCB933108FBE7F58E7185048240A1 . 1258496 . . [7.00.6000.20627] . . c:\windows\system32\wininet.dll
.
[-] 2007-12-15 . 1907F8C086A0C6CD93D7726E304D9721 . 3195392 . . [6.00.2900.2894] . . c:\windows\explorer.exe
.
[-] 2007-12-15 . 86889D12DB125D402D618ED36BF7E166 . 2221824 . . [5.1.2600.3093] . . c:\windows\system32\ntkrnlpa.exe
.
[-] 2007-12-15 . 31610D15A02CE89554172A03E5268EFA . 2345216 . . [5.1.2600.3093] . . c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((( SnapShot@2011-09-03_10.08.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 07:02 . 2009-07-12 07:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 07:05 . 2009-07-12 07:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 07:05 . 2009-07-12 07:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-09-03 10:46 . 2010-06-17 22:27 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2009-07-12 07:02 . 2009-07-12 07:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 07:05 . 2009-07-12 07:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2011-09-03 10:44 . 2011-09-03 10:44 219648 c:\windows\Installer\455e20.msi
+ 2009-07-12 07:02 . 2009-07-12 07:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-12-03 1230848]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2010-11-16 172856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="c:\program files\microcom\adsl deskporte usb\CnxDslTb.exe Microcom\ADSL DeskPorte USB" [X]
"VTPreset"="VTPreset.exe" [2004-02-24 45056]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-12-15 124928]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
RocketDock.lnk - c:\windows\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe [2006-5-14 344064]
UberIcon.lnk - c:\windows\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe [2006-2-5 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe [2002-9-30 131072]
Y'z Toolbar.lnk - c:\windows\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe [2002-9-29 90112]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Shortcut to RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [N/A]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55928:TCP"= 55928:TCP:DebugBoot ModemWeb
"30496:TCP"= 30496:TCP:DebugBoot WorksUS
"3675:UDP"= 3675:UDP:DebugBoot NETOffline
"37023:UDP"= 37023:UDP:DebugBoot PublishWorks
.
S3 CFcatchme;CFcatchme;\??\c:\docume~1\User\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\User\LOCALS~1\Temp\CFcatchme.sys [?]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [24.7.2008 19:34 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [24.7.2008 19:34 614272]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\drivers\CnxTgNP.sys [24.7.2008 19:40 60416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2007-12-15 21:36 124928 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2009-05-24 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1100 series5E771253C1676EBED677BF361FDFC537825E15B8217375306.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 07:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 217.73.16.2 192.168.1.1
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-03 07:28
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3244)
c:\windows\system32\SHDOCVW.dll
c:\windows\BricoPacks\Crystal Clear\YzShadow\YzShadow.dll
c:\windows\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.dll
c:\windows\BricoPacks\Crystal Clear\UberIcon\UberIcon.dll
c:\windows\system32\msi.dll
c:\windows\BricoPacks\Crystal Clear\RocketDock\MouseHook2.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\microcom\adsl deskporte usb\CnxDslTb.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\windows\system32\MsiExec.exe
c:\windows\system32\MsiExec.exe
.
**************************************************************************
.
Completion time: 2011-09-03 07:41:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-03 14:41
ComboFix2.txt 2011-09-03 10:11
.
Pre-Run: 20 010 164 224 bytes free
Post-Run: 13 adresárov, 19 939 106 816 voľných bajtov
.
- - End Of File - - 440AA00E991C32028876130E38655B0B

[cernohous13]

Zdá se, že nemáš aktualizovanou Aviru
AV: AntiVir Desktop *Disabled/Outdated

Doinstaluj SP3

potom udělej aktuální RSIT ať vidím, jestli už můžu uklízet

najdi C:\Qoobox - zabal v RARu nebo ZIPu a odešli na http://vyosek.ic.cz/havet/uploader.php

[ANGILO]

Logfile of random's system information tool 1.09 (written by random/random)
Run by User at 2011-09-03 10:27:25
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (47%) free of 38 GB
Total RAM: 991 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:27:57, on 3.9.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\program files\microcom\adsl deskporte usb\CnxDslTb.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\trend micro\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "c:\program files\microcom\adsl deskporte usb\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Shortcut to RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Security\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6788 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1217375306.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default

prefs.js - "browser.startup.homepage" - "http://start.icq.com/"
prefs.js - "extensions.enabledItems" - "{800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7, {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03, {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198, toolbar@ask.com:3.12.5.17640, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.20"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.1.7&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe Flash Player 9.0
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

C:\Program Files\Mozilla Firefox\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
flashplayer.xpt
npnul32.dll
NPOFF12.DLL
NPSWF32.dll
NPSWF32_FlashUtil.exe

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}

C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\1fpgg3s8.default\searchplugins\
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-18.xml
icqplugin-19.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.gif
icqplugin.src
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll [2008-12-30 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTPreset"=C:\WINDOWS\system32\VTPreset.exe [2004-02-24 45056]
"CnxDslTaskBar"=c:\program files\microcom\adsl deskporte usb\CnxDslTb.exe [2004-06-16 233472]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-04-21 281768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2007-12-02 1230848]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-03-09 26100520]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2010-11-16 172856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Shortcut to RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe

C:\Documents and Settings\User\Start Menu\Programs\Startup
RocketDock.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
UberIcon.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
Y'z Toolbar.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-01-17 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoSMMyPictures"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

======List of files/folders created in the last 1 month======

2011-09-03 10:22:55 ----SHD---- C:\RECYCLER
2011-09-03 10:13:50 ----D---- C:\WINDOWS\Prefetch
2011-09-03 10:03:50 ----N---- C:\WINDOWS\system32\smtpapi.dll
2011-09-03 10:03:50 ----N---- C:\WINDOWS\system32\rwnh.dll
2011-09-03 10:03:50 ----N---- C:\WINDOWS\system32\drivers\irbus.sys
2011-09-03 10:03:50 ----N---- C:\WINDOWS\system32\comsdupd.exe
2011-09-03 10:03:38 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2011-09-03 10:03:38 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2011-09-03 10:03:37 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2011-09-03 10:03:37 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2011-09-03 10:03:36 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2011-09-03 10:03:36 ----N---- C:\WINDOWS\system32\azroles.dll
2011-09-03 10:03:36 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2011-09-03 10:03:36 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2011-09-03 10:03:36 ----N---- C:\WINDOWS\system32\ati3duag.dll
2011-09-03 10:03:35 ----N---- C:\WINDOWS\system32\dot3msm.dll
2011-09-03 10:03:35 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2011-09-03 10:03:35 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2011-09-03 10:03:35 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2011-09-03 10:03:35 ----N---- C:\WINDOWS\system32\dot3api.dll
2011-09-03 10:03:35 ----N---- C:\WINDOWS\system32\dimsroam.dll
2011-09-03 10:03:35 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2011-09-03 10:03:35 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2011-09-03 10:03:35 ----N---- C:\WINDOWS\system32\credssp.dll
2011-09-03 10:03:34 ----N---- C:\WINDOWS\system32\dot3ui.dll
2011-09-03 10:03:34 ----N---- C:\WINDOWS\system32\dot3svc.dll
2011-09-03 10:03:33 ----N---- C:\WINDOWS\system32\eapsvc.dll
2011-09-03 10:03:33 ----N---- C:\WINDOWS\system32\eapqec.dll
2011-09-03 10:03:33 ----N---- C:\WINDOWS\system32\eappprxy.dll
2011-09-03 10:03:33 ----N---- C:\WINDOWS\system32\eapphost.dll
2011-09-03 10:03:33 ----N---- C:\WINDOWS\system32\eappgnui.dll
2011-09-03 10:03:33 ----N---- C:\WINDOWS\system32\eappcfg.dll
2011-09-03 10:03:33 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2011-09-03 10:03:33 ----N---- C:\WINDOWS\system32\eapolqec.dll
2011-09-03 10:03:32 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2011-09-03 10:03:29 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2011-09-03 10:03:29 ----N---- C:\WINDOWS\system32\kmsvc.dll
2011-09-03 10:03:28 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2011-09-03 10:03:27 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2011-09-03 10:03:27 ----N---- C:\WINDOWS\system32\mssha.dll
2011-09-03 10:03:26 ----N---- C:\WINDOWS\system32\napstat.exe
2011-09-03 10:03:26 ----N---- C:\WINDOWS\system32\napmontr.dll
2011-09-03 10:03:26 ----N---- C:\WINDOWS\system32\napipsec.dll
2011-09-03 10:03:26 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2011-09-03 10:03:24 ----N---- C:\WINDOWS\system32\onex.dll
2011-09-03 10:03:24 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2011-09-03 10:03:23 ----N---- C:\WINDOWS\system32\rasqec.dll
2011-09-03 10:03:23 ----N---- C:\WINDOWS\system32\qutil.dll
2011-09-03 10:03:23 ----N---- C:\WINDOWS\system32\qcliprov.dll
2011-09-03 10:03:23 ----N---- C:\WINDOWS\system32\qagentrt.dll
2011-09-03 10:03:23 ----N---- C:\WINDOWS\system32\qagent.dll
2011-09-03 10:03:23 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2011-09-03 10:03:22 ----N---- C:\WINDOWS\system32\tspkg.dll
2011-09-03 10:03:22 ----N---- C:\WINDOWS\system32\slserv.exe
2011-09-03 10:03:22 ----N---- C:\WINDOWS\system32\slrundll.exe
2011-09-03 10:03:22 ----N---- C:\WINDOWS\system32\slgen.dll
2011-09-03 10:03:22 ----N---- C:\WINDOWS\system32\slextspk.dll
2011-09-03 10:03:22 ----N---- C:\WINDOWS\system32\slcoinst.dll
2011-09-03 10:03:22 ----N---- C:\WINDOWS\system32\setupn.exe
2011-09-03 10:03:21 ----N---- C:\WINDOWS\system32\tzchange.exe
2011-09-03 10:03:20 ----N---- C:\WINDOWS\system32\wmphoto.dll
2011-09-03 10:03:20 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2011-09-03 10:03:20 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2011-09-03 10:03:18 ----N---- C:\WINDOWS\slrundll.exe
2011-09-03 10:03:17 ----D---- C:\WINDOWS\system32\scripting
2011-09-03 10:03:15 ----D---- C:\WINDOWS\system32\bits
2011-09-03 09:56:55 ----D---- C:\WINDOWS\ServicePackFiles
2011-09-03 09:52:32 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2011-09-03 09:52:32 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2011-09-03 09:52:32 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys
2011-09-03 09:52:32 ----N---- C:\WINDOWS\system32\drivers\amdagp.sys
2011-09-03 09:52:32 ----N---- C:\WINDOWS\system32\drivers\alim1541.sys
2011-09-03 09:52:32 ----N---- C:\WINDOWS\system32\drivers\agpcpq.sys
2011-09-03 09:52:32 ----N---- C:\WINDOWS\system32\drivers\agp440.sys
2011-09-03 09:52:32 ----N---- C:\WINDOWS\system32\drivers\adv11nt5.dll
2011-09-03 09:52:32 ----N---- C:\WINDOWS\system32\drivers\adv09nt5.dll
2011-09-03 09:52:32 ----N---- C:\WINDOWS\system32\drivers\adv08nt5.dll
2011-09-03 09:52:32 ----N---- C:\WINDOWS\system32\drivers\adv07nt5.dll
2011-09-03 09:52:32 ----N---- C:\WINDOWS\system32\drivers\adv05nt5.dll
2011-09-03 09:52:32 ----N---- C:\WINDOWS\system32\drivers\adv02nt5.dll
2011-09-03 09:52:32 ----N---- C:\WINDOWS\system32\drivers\adv01nt5.dll
2011-09-03 09:52:31 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2011-09-03 09:52:31 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2011-09-03 09:52:31 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2011-09-03 09:52:31 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2011-09-03 09:52:31 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2011-09-03 09:52:31 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys
2011-09-03 09:52:31 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2011-09-03 09:52:31 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys
2011-09-03 09:52:30 ----N---- C:\WINDOWS\system32\drivers\atv02nt5.dll
2011-09-03 09:52:30 ----N---- C:\WINDOWS\system32\drivers\atv01nt5.dll
2011-09-03 09:52:30 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys
2011-09-03 09:52:30 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys
2011-09-03 09:52:30 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys
2011-09-03 09:52:30 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys
2011-09-03 09:52:30 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys
2011-09-03 09:52:30 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys
2011-09-03 09:52:30 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys
2011-09-03 09:52:30 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys
2011-09-03 09:52:30 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys
2011-09-03 09:52:30 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys
2011-09-03 09:52:30 ----N---- C:\WINDOWS\system32\drivers\ati2mtag.sys
2011-09-03 09:52:29 ----N---- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2011-09-03 09:52:29 ----N---- C:\WINDOWS\system32\drivers\bthusb.sys
2011-09-03 09:52:29 ----N---- C:\WINDOWS\system32\drivers\bthprint.sys
2011-09-03 09:52:29 ----N---- C:\WINDOWS\system32\drivers\bthport.sys
2011-09-03 09:52:29 ----N---- C:\WINDOWS\system32\drivers\bthpan.sys
2011-09-03 09:52:29 ----N---- C:\WINDOWS\system32\drivers\bthmodem.sys
2011-09-03 09:52:29 ----N---- C:\WINDOWS\system32\drivers\bthenum.sys
2011-09-03 09:52:29 ----N---- C:\WINDOWS\system32\drivers\atv10nt5.dll
2011-09-03 09:52:29 ----N---- C:\WINDOWS\system32\drivers\atv06nt5.dll
2011-09-03 09:52:29 ----N---- C:\WINDOWS\system32\drivers\atv04nt5.dll
2011-09-03 09:52:28 ----N---- C:\WINDOWS\system32\drivers\gagp30kx.sys
2011-09-03 09:52:27 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2011-09-03 09:52:27 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2011-09-03 09:52:27 ----N---- C:\WINDOWS\system32\drivers\hidir.sys
2011-09-03 09:52:27 ----N---- C:\WINDOWS\system32\drivers\hidbth.sys
2011-09-03 09:52:26 ----N---- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2011-09-03 09:52:26 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2011-09-03 09:52:25 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys
2011-09-03 09:52:25 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2011-09-03 09:52:24 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2011-09-03 09:52:24 ----N---- C:\WINDOWS\system32\drivers\mutohpen.sys
2011-09-03 09:52:24 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys
2011-09-03 09:52:23 ----N---- C:\WINDOWS\system32\drivers\rndismpx.sys
2011-09-03 09:52:23 ----N---- C:\WINDOWS\system32\drivers\rfcomm.sys
2011-09-03 09:52:23 ----N---- C:\WINDOWS\system32\drivers\recagent.sys
2011-09-03 09:52:23 ----N---- C:\WINDOWS\system32\drivers\nv4_mini.sys
2011-09-03 09:52:22 ----N---- C:\WINDOWS\system32\drivers\smbali.sys
2011-09-03 09:52:22 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys
2011-09-03 09:52:22 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys
2011-09-03 09:52:22 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys
2011-09-03 09:52:22 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys
2011-09-03 09:52:22 ----N---- C:\WINDOWS\system32\drivers\sisagp.sys
2011-09-03 09:52:22 ----N---- C:\WINDOWS\system32\drivers\siint5.dll
2011-09-03 09:52:21 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys
2011-09-03 09:52:21 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys
2011-09-03 09:52:21 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys
2011-09-03 09:52:21 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys
2011-09-03 09:52:21 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys
2011-09-03 09:52:21 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys
2011-09-03 09:52:21 ----N---- C:\WINDOWS\system32\drivers\wacompen.sys
2011-09-03 09:52:21 ----N---- C:\WINDOWS\system32\drivers\viaagp.sys
2011-09-03 09:52:21 ----N---- C:\WINDOWS\system32\drivers\vchnt5.dll
2011-09-03 09:52:21 ----N---- C:\WINDOWS\system32\drivers\usbvideo.sys
2011-09-03 09:52:21 ----N---- C:\WINDOWS\system32\drivers\usb8023x.sys
2011-09-03 09:52:21 ----N---- C:\WINDOWS\system32\drivers\uagp35.sys
2011-09-03 09:50:27 ----N---- C:\WINDOWS\system32\spmsg.dll
2011-09-03 09:50:23 ----A---- C:\WINDOWS\002848_.tmp
2011-09-03 09:49:51 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-09-03 09:49:07 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2011-09-03 09:42:17 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2011-09-03 07:41:38 ----D---- C:\WINDOWS\temp
2011-09-03 07:41:29 ----A---- C:\ComboFix.txt
2011-09-03 06:13:31 ----D---- C:\Program Files\xerox
2011-09-03 06:13:03 ----D---- C:\WINDOWS\system32\xircom
2011-09-03 06:12:54 ----D---- C:\Program Files\microsoft frontpage
2011-09-03 04:08:49 ----D---- C:\Program Files\trend micro
2011-09-03 04:08:48 ----D---- C:\rsit
2011-09-03 03:46:52 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2011-09-03 03:46:47 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2011-09-03 03:46:47 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys
2011-09-03 03:46:47 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2011-09-03 03:46:47 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys
2011-09-03 03:46:44 ----D---- C:\Program Files\Avira
2011-09-03 03:46:44 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2011-09-03 02:53:26 ----A---- C:\WINDOWS\zip.exe
2011-09-03 02:53:26 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-09-03 02:53:26 ----A---- C:\WINDOWS\SWSC.exe
2011-09-03 02:53:26 ----A---- C:\WINDOWS\SWREG.exe
2011-09-03 02:53:26 ----A---- C:\WINDOWS\sed.exe
2011-09-03 02:53:26 ----A---- C:\WINDOWS\PEV.exe
2011-09-03 02:53:26 ----A---- C:\WINDOWS\NIRCMD.exe
2011-09-03 02:53:26 ----A---- C:\WINDOWS\MBR.exe
2011-09-03 02:53:26 ----A---- C:\WINDOWS\grep.exe
2011-09-03 02:53:01 ----D---- C:\WINDOWS\ERDNT
2011-09-03 02:52:40 ----D---- C:\Qoobox
2011-09-03 01:49:13 ----D---- C:\Documents and Settings\User\Application Data\Foxit Software
2011-09-03 01:45:07 ----D---- C:\Program Files\Foxit Software
2011-09-03 00:22:26 ----D---- C:\Program Files\CCleaner
2011-09-02 23:52:03 ----D---- C:\Documents and Settings\User\Application Data\Malwarebytes
2011-09-02 23:51:59 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-09-02 23:51:59 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-08-08 09:13:23 ----D---- C:\Program Files\Common Files\Adobe

======List of files/folders modified in the last 1 month======

2011-09-03 10:22:58 ----D---- C:\WINDOWS\Debug
2011-09-03 10:22:58 ----D---- C:\WINDOWS
2011-09-03 10:19:25 ----D---- C:\WINDOWS\system32
2011-09-03 10:19:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-09-03 10:18:49 ----D---- C:\Documents and Settings\User\Application Data\Skype
2011-09-03 10:14:19 ----D---- C:\WINDOWS\system32\CatRoot2
2011-09-03 10:13:07 ----D---- C:\WINDOWS\system32\Setup
2011-09-03 10:13:07 ----D---- C:\WINDOWS\AppPatch
2011-09-03 10:13:06 ----D---- C:\WINDOWS\system32\wbem
2011-09-03 10:13:05 ----RSD---- C:\WINDOWS\Fonts
2011-09-03 10:12:59 ----D---- C:\WINDOWS\system32\drivers
2011-09-03 10:12:22 ----D---- C:\WINDOWS\security
2011-09-03 10:10:31 ----HD---- C:\WINDOWS\inf
2011-09-03 10:10:10 ----D---- C:\WINDOWS\system32\CatRoot
2011-09-03 10:04:31 ----D---- C:\WINDOWS\WinSxS
2011-09-03 10:04:21 ----D---- C:\Program Files\Messenger
2011-09-03 10:04:15 ----D---- C:\WINDOWS\system32\dllcache
2011-09-03 10:03:48 ----D---- C:\WINDOWS\system32\inetsrv
2011-09-03 10:03:47 ----D---- C:\WINDOWS\Network Diagnostic
2011-09-03 10:03:47 ----D---- C:\WINDOWS\ime
2011-09-03 10:03:46 ----D---- C:\WINDOWS\Help
2011-09-03 10:03:18 ----D---- C:\WINDOWS\system32\usmt
2011-09-03 10:03:18 ----D---- C:\WINDOWS\system32\en-us
2011-09-03 10:03:16 ----SHD---- C:\WINDOWS\Installer
2011-09-03 10:03:16 ----D---- C:\WINDOWS\l2schemas
2011-09-03 10:03:15 ----D---- C:\WINDOWS\PeerNet
2011-09-03 10:03:14 ----D---- C:\Program Files\Movie Maker
2011-09-03 09:56:31 ----D---- C:\WINDOWS\system32\Restore
2011-09-03 09:56:30 ----D---- C:\WINDOWS\system32\npp
2011-09-03 09:56:29 ----D---- C:\WINDOWS\msagent
2011-09-03 09:56:26 ----D---- C:\WINDOWS\srchasst
2011-09-03 09:56:24 ----D---- C:\Program Files\NetMeeting
2011-09-03 09:56:21 ----D---- C:\WINDOWS\system32\Com
2011-09-03 09:56:16 ----D---- C:\Program Files\Windows Media Player
2011-09-03 09:56:15 ----D---- C:\Program Files\Windows NT
2011-09-03 09:56:15 ----D---- C:\Program Files\Outlook Express
2011-09-03 09:56:08 ----D---- C:\Program Files\Common Files\System
2011-09-03 09:55:43 ----D---- C:\WINDOWS\system32\oobe
2011-09-03 09:55:40 ----D---- C:\WINDOWS\system
2011-09-03 09:42:13 ----D---- C:\WINDOWS\ehome
2011-09-03 09:11:58 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-09-03 08:00:24 ----D---- C:\Documents and Settings\User\Application Data\skypePM
2011-09-03 07:45:13 ----D---- C:\Config.Msi
2011-09-03 07:38:46 ----SD---- C:\WINDOWS\Tasks
2011-09-03 07:26:10 ----A---- C:\WINDOWS\system.ini
2011-09-03 07:25:20 ----D---- C:\WINDOWS\system32\drivers\etc
2011-09-03 07:23:08 ----D---- C:\WINDOWS\system32\config
2011-09-03 07:21:20 ----RD---- C:\Program Files
2011-09-03 07:13:54 ----D---- C:\Program Files\Common Files
2011-09-03 06:14:16 ----D---- C:\WINDOWS\SoftwareDistribution
2011-09-03 03:23:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2011-09-03 03:10:25 ----D---- C:\WINDOWS\repair
2011-09-03 00:30:22 ----D---- C:\WINDOWS\Minidump
2011-08-24 12:44:44 ----D---- C:\Program Files\Mozilla Firefox
2011-08-08 09:13:23 ----D---- C:\Documents and Settings\User\Application Data\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-01 27904]
R0 videX32;videX32; C:\WINDOWS\system32\drivers\videX32.sys [2007-12-15 9216]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2008-07-29 82380]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-07-21 138192]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-07-21 66616]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-12-15 62336]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 S3Psddr;S3Psddr; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2004-08-13 167168]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2007-09-19 207488]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CFcatchme;CFcatchme; \??\C:\DOCUME~1\User\LOCALS~1\Temp\CFcatchme.sys []
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver; C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-06-16 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver; C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-06-16 614272]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver; C:\WINDOWS\system32\DRIVERS\CnxTgNP.sys [2004-06-16 60416]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-04-07 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-04-07 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-22 21568]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-12-15 12160]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2007-01-17 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-01-17 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-07-21 269480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
S2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Security\Ad-Aware 2007\aawservice.exe []
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-04-07 65795]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

[cernohous13]

Ještě ti nedám pokoj

Stáhni OTM z jednoho odkazu a rozbal nejlépe na plochu.
http://oldtimer.geekstogo.com/OTM.exe
http://www.itxassociates.com/OT-Tools/OTM.exe

Spusť program „OTM.exe“ (pro Vistu a Win7 – pravým a „Run As Administrator“).
Do okna pod žlutou čáru vlož celý text zeleným písmem ze „Scriptu“

Klikni na červené „Moveit!“

Při nabídce restartu „YES“
a log potom najdeš v C:\_OTM\MovedFiles\

Script OTM

Kód: Vybrat vše

:Commands
[emptytemp]

:Files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s
C:\Program Files\Security\Ad-Aware 2007

:Services
ICQ Service
aawservice
NMIndexingService

:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

Log mi dej a pak už budu opravdu po sobě uklízet

[ANGILO]

Este taky problemik, po restarte sa stale spusta "Windows Installer" OMEGA - chyba mu omega.msi ktory bol dakde v tmp ....
Odkial sa to stale spusta.

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: User
->Temp folder emptied: 1520 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 139765 bytes
->FireFox cache emptied: 28550056 bytes
->Flash cache emptied: 419 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 27,00 mb

========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\Installer\MSI185.tmp moved successfully.
C:\WINDOWS\Installer\MSI27.tmp moved successfully.
C:\WINDOWS\Installer\MSI29A.tmp moved successfully.
C:\WINDOWS\Installer\MSI3.tmp moved successfully.
C:\WINDOWS\Installer\MSI32.tmp moved successfully.
C:\WINDOWS\Installer\MSI39.tmp moved successfully.
C:\WINDOWS\Installer\MSI4.tmp moved successfully.
C:\WINDOWS\Installer\MSI5.tmp moved successfully.
C:\WINDOWS\Installer\MSI5E.tmp moved successfully.
C:\WINDOWS\Installer\MSI6.tmp moved successfully.
C:\WINDOWS\Installer\MSI7.tmp moved successfully.
C:\WINDOWS\Installer\MSI9.tmp moved successfully.
C:\WINDOWS\Installer\MSIA.tmp moved successfully.
C:\WINDOWS\Installer\MSIB.tmp moved successfully.
C:\WINDOWS\Installer\MSIC.tmp moved successfully.
C:\WINDOWS\Installer\MSID.tmp moved successfully.
C:\WINDOWS\Installer\MSIE.tmp moved successfully.
C:\WINDOWS\Installer\MSIE6.tmp moved successfully.
C:\WINDOWS\Installer\MSIF.tmp moved successfully.
C:\WINDOWS\Installer\MSIF4.tmp moved successfully.
C:\WINDOWS\Installer\MSIFF.tmp moved successfully.
C:\WINDOWS\twain_32\hpqgends.tmp moved successfully.
File/Folder C:\Program Files\Security\Ad-Aware 2007 not found.
========== SERVICES/DRIVERS ==========
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
Service aawservice stopped successfully!
Service aawservice deleted successfully!
Service NMIndexingService stopped successfully!
Service NMIndexingService deleted successfully!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a3e09be-1e45-494b-9174-d7385b45bbf5}\ not found.

OTM by OldTimer - Version 3.1.18.0 log created on 09032011_114351

Files moved on Reboot...

Registry entries deleted on Reboot...

[cernohous13]

Stáhni "System Look" - http://jpshortstuff.247fixes.com/SystemLook.exe
Spusť jej a do okna zkopíruj

Kód: Vybrat vše

:filefind
omega.msi
:regfind
omega.msi

Klik na Look a po scanu sem zkopíruj výsledek hledání

Start -> Spustit... (nebo kl.Win+R)
napiš devmgmt.msc -> OK
u kterého ovladače je žlutá značka ? nebo !

máš tušení k čemu ta OMEGA patří?

[ANGILO]

Nazdar a diky za trpezlivost
Odpovede postupne:
1. Log:
SystemLook 30.07.11 by jpshortstuff
Log created at 00:46 on 04/09/2011 by User


Administrator - Elevation successful

========== filefind ==========

Searching for "omega.msi"
No files found.

========== regfind ==========

Searching for "omega.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\48BF628993EB4684BA1B548B0FF40389\SourceList]
"PackageName"="OMEGA.MSI"

-= EOF =-

2. ovladace
Identifikacie hardveru
PCI\VEN_11C1&DEV_048F&SUBSYS_00011848&REV_02
PCI\VEN_11C1&DEV_048F&SUBSYS_00011848
PCI\VEN_11C1&DEV_048F&CC_078000
PCI\VEN_11C1&DEV_048F&CC_0780

3. Omega
Podvojne uctovnictvo od Fy KROS - asi bol spusteny priamo zo stiahnutia lebo cesta kde hlada .msi je
"C:\DOCUME~1\User\LOCALS~1\Temp\RarSFX2\"

[cernohous13]

Výborně - hlášku bych mohl v registrech zrušit.

Podvojne uctovnictvo od Fy KROS ti normálně funguje? - potřebuješ ho? - chceš ho znovu instalovat?

ovladače by měly patřit k modemu - není to něco staršího? zdá se, že ti síť funguje

[ANGILO]

Omega - zrusit, modem - nepotrebujem.

[cernohous13]

Otevři Poznámkový blok (Notepad) a vlož zelený text ze scriptu.

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\48BF628993EB4684BA1B548B0FF40389]

Soubor ulož jako -> oprava.reg - Uložit jako typ -> Všechny soubory
Zavři a dvojklikem na ikonu spusť - jen problikne a opraví registry - po akci jej smažeš.

na ovladač modemu klik pravým -> Odinstalovat
(nic škodlivého - jen pořádek)

ComboFix odinstalujeme
jdi Start -> Spustit... a zkopíruj ComboFix /Uninstall (pozor, za x je mezera) -> OK

Stáhni a spusť T-cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe - uklidí po použitých čističích.
Po spuštění ignoruj případné varování antiviru - je to v pořádku
Po provedení akce T-cleaner smažeš

Stáhni TempFolderCleaner http://oldtimer.geekstogo.com/TFC.exe
Zavři všechny programy a spusť. Po ukončení akce bude PC restartován.
Pokud ne, restartuj sám.
(čistí Temp složky , nečistí URL, historii, prefetch ani cookies)

stáhni program OTC tady: http://oldtimer.geekstogo.com/OTC.exe - spusť ho -> "CleanUp" (smaže dříve použité čističe)

Vypni Obnovení systému -> restartuj -> zapni Obnovení systému http://www.viry.cz/forum/viewtopic.php?t=47040

Mohu doporučit kontrolu a vyčištění Ccleanerem

Stáhni Ccleaner - http://www.slunecnice.cz/sw/ccleaner/
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.

Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx

Ten si můžeš nechat i na budoucí občasné čištění.

Po vyčištění by se hodila defragmentace
doporučuji http://www.slunecnice.cz/sw/defraggler/ + čeština

Kdyby něco z návodu nefungovalo, pokračuj dalším krokem - při problému napiš.

[ANGILO]

Vykonal som vsetky odporucane kroky, ale po kazdom restarte sa stale spusta Instalator - neviem s cim, hodnu chvilu len swapuje a potom nabehne a CPU vytazuje okolo 50% pri necinnosti ????
Nejake napady co by to mohlo byt ?
Dakujem moc za trpezlivost.