Trojan.Generic.KD.377296 nelze odstranit

[vlkofly]

Dobrý den,

mám problém s odstraněním výše zmíněného viru, antivirus (F-secure) virus najde, ale neodstraní, jen doporučuje odstranit ručně. Složka ve které virus má být v počítači neexistuje. Předem díky za rady. Posílám také hlášení o kontrole a pod ním log z RSIT:

Hlášení o kontrole

7. leden 2012 10:58:34 - 11:28:10

Název počítače: KUBA-PC
Typ kontroly: Zkontrolovat cíl
Cíl: C:\

Výsledek: Nalezený malware: 1

Trojan.Generic.KD.377296 (Vir)
C:\$RECYCLE.BIN\S-1-5-21-3881053982-3192631720-181656082-1000\$RT8GFVL.zip\Picture14.JPG_www.facebook.com
Statistika

Zkontrolováno:
Soubory: 89084
Kontrola neproběhla.: 4
Výsledek:
Počet virů: 1
Spyware: 0
Podezřelé položky: 0
Položky riskwaru: 0
Akce:
Infekce odstraněna: 0
Přejmenováno: 0
Odstraněno: 0
V karanténě: 0
Selhalo: 0
Spouštěcí sektory:
Zkontrolováno: 2
Infikováno: 0
Podezřelé položky: 0
Infekce odstraněna: 0
Soubory nebyly zkontrolovány:
Soubor (klepnutím na odkaz získáte další informace) nelze otevřít. C:\HIBERFIL.SYS
Soubor (klepnutím na odkaz získáte další informace) nelze otevřít. C:\PAGEFILE.SYS
Soubor C:\Users\Kuba\AppData\Local\Temp\Wo-C.rar\dummy file name of encryted archive je zašifrován.
Soubor (klepnutím na odkaz získáte další informace) nelze otevřít. C:\$RECYCLE.BIN\S-1-5-21-3881053982-3192631720-181656082-1000\$RT8GFVL.ZIP\PICTURE14.JPG_WWW.FACEBOOK.COM
Možnosti

Verze definic:
Počet virů: 2012-01-07_04
Spyware: 2012-01-07_04
Nástroje pro vyhledávání virů:
F-Secure Aquarius: 11.00.01, 2012-01-07
F-Secure Hydra: 5.05.7110, 2012-01-06
F-Secure Online: 10.50.17252, 2011-11-07
F-Secure Gemini: 3.01.46, 2011-11-11
Možnosti kontroly:
Kontrolovat definované soubory: ANI ASP AX BAT BIN BOO CHM CMD COM CPL DLL DOC DOT DRV EML EXE HLP HTA HTM HTML HTT INF INI JOB JS JSE LNK LSP MDB MHT MPP MPT MSG MSO OCX PDF PHP PIF POT PPT RTF SCR SHS SWF SYS TD0 VBE VBS VXD WBK WMA WMV WMF WSC WSF WSH WRI XLS XLT XML CLASS ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
Kontrolovat archivy
Akce:
Počet virů: Dotázat se po kontrole
Spyware: Dotázat se po kontrole
Informace o chybě

Došlo k chybě „Soubor nelze otevřít“:

Chybové hlášení „Soubor nelze otevřít“ znamená, že kontrolní nástroj nemohl soubor otevřít a tento soubor nebyl zkontrolován. Obvykle můžete toto chybové hlášení ignorovat, neboť pro toto hlášení existuje mnoho důvodů, které nevyplývají z ohrožení bezpečnosti:
Soubor byl systémový soubor. Systémové soubory jsou chráněny operačním systémem záměrně. V tomto případě můžete toto hlášení ignorovat.
Ke čtení tohoto souboru nemáte dostatečná oprávnění. Chcete-li zkontrolovat soubor, přihlaste se pod uživatelským účtem s dostatečným oprávněním (např. pod účtem správce počítače) a kontrolu opakujte.
Při provádění kontroly soubor používala některá z aplikací. Chcete-li zkontrolovat tento soubor, ukončete všechny aplikace a kontrolu opakujte.
Autorská práva © 1998-2009 Podpora produktu | Odeslání vzorku virů společnosti F-Secure


Logfile of random's system information tool 1.09 (written by random/random)
Run by Kuba at 2012-01-07 12:26:14
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 5 GB (4%) free of 148 GB
Total RAM: 3000 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:27:01, on 7.1.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxext.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\pdf24\pdf24.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\conime.exe
C:\Users\Kuba\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kuba\Downloads\RSIT.exe
C:\Program Files\trend micro\Kuba.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5735
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forumswatcher.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.forumswatcher.com/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1c9debde4cae503) (gupdate1c9debde4cae503) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

--
End of file - 12877 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\ParetoLogic Registration.job
C:\Windows\tasks\ParetoLogic Update Version2.job
C:\Windows\tasks\Scheduled scanning task.job
C:\Windows\tasks\User_Feed_Synchronization-{B1C2B13A-EE3D-41B7-BE37-6DF673C2ADF2}.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\bhlwjcfp.default

prefs.js - "browser.startup.homepage" - "http://birds.cz/avif/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.9"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pack.google.com/Google Updater;version=14]
"Description"=Google Updater
"Path"=C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448]
"Description"=6.0.12.448
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
aboutCertError.js
aboutPrivateBrowsing.js
aboutRights.js
aboutRobots.js
aboutSessionRestore.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GoogleDesktopMozilla.dll
GoogleDesktopMozillaStub.js
GoogleDesktopMozillaStub.xpt
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nppl3260.xpt
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsHandlerService.js
nsHelperAppDlg.js
nsJSRealPlayerPlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPostUpdateWin.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npnul32.dll
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
nprjplug.dll
nprpjplug.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
googledesktop.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\bhlwjcfp.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}

C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\bhlwjcfp.default\searchplugins\
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-08-30 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-12-15 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-05-14 312880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-12-22 342192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll [2011-11-30 1003576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-05-14 142896]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-12-22 342192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-25 1049896]
"BkupTray"=C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-06 34040]
"ArcadeDeluxeAgent"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2008-04-10 147456]
"CLMLServer"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2008-04-10 167936]
"PlayMovie"=C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [2008-04-18 167936]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-14 30192]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-06-13 6183456]
"Skytel"=C:\Windows\Skytel.exe [2007-11-21 1826816]
"PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-09-10 809480]
"eDataSecurity Loader"=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-05-14 526896]
"ePower_DMC"=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-06-11 409600]
"eRecoveryService"= []
"ProductReg"=C:\Program Files\Acer\WR_PopUp\ProductReg.exe [2008-09-23 6144]
"F-Secure Manager"=C:\Program Files\F-Secure\Common\FSM32.EXE [2009-08-05 199264]
"F-Secure TNB"=C:\Program Files\F-Secure\FSGUI\TNBUtil.exe [2009-08-05 2349664]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-12-15 198160]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-08-25 136216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-08-25 171032]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-08-25 170520]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2011-08-31 40368]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-29 937920]
"PDFPrint"=C:\Program Files\pdf24\pdf24.exe [2011-09-27 220744]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-24 68856]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-10-13 17351304]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-08-25 228864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-01-07 12:26:15 ----D---- C:\Program Files\trend micro
2012-01-07 12:26:14 ----D---- C:\rsit
2011-12-23 19:00:30 ----D---- C:\Program Files\DjVuZone
2011-12-13 20:33:07 ----A---- C:\Windows\system32\wininet.dll
2011-12-13 20:33:06 ----A---- C:\Windows\system32\mshtml.dll
2011-12-13 20:33:04 ----A---- C:\Windows\system32\urlmon.dll
2011-12-13 20:33:04 ----A---- C:\Windows\system32\mstime.dll
2011-12-13 20:33:04 ----A---- C:\Windows\system32\mshtmled.dll
2011-12-13 20:33:04 ----A---- C:\Windows\system32\ieframe.dll
2011-12-13 20:33:03 ----A---- C:\Windows\system32\url.dll
2011-12-13 20:33:03 ----A---- C:\Windows\system32\msfeeds.dll
2011-12-13 20:33:03 ----A---- C:\Windows\system32\iertutil.dll
2011-12-13 20:33:03 ----A---- C:\Windows\system32\iepeers.dll
2011-12-13 20:33:02 ----A---- C:\Windows\system32\ieapfltr.dll
2011-12-13 20:32:59 ----A---- C:\Windows\system32\EncDec.dll
2011-12-13 20:32:55 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-12-13 20:32:55 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-12-13 20:32:50 ----A---- C:\Windows\system32\win32k.sys
2011-12-13 20:32:45 ----A---- C:\Windows\system32\csrsrv.dll
2011-12-13 20:32:26 ----A---- C:\Windows\system32\tzres.dll

======List of files/folders modified in the last 1 month======

2012-01-07 12:26:19 ----D---- C:\Windows\Temp
2012-01-07 12:26:15 ----RD---- C:\Program Files
2012-01-07 11:54:45 ----D---- C:\Users\Kuba\AppData\Roaming\Skype
2012-01-07 10:59:28 ----D---- C:\Windows\System32
2012-01-07 10:59:28 ----D---- C:\Windows\inf
2012-01-07 10:59:28 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-01-07 10:54:04 ----D---- C:\Windows\Prefetch
2012-01-06 21:56:37 ----D---- C:\Windows\system32\catroot
2012-01-06 15:25:47 ----SHD---- C:\System Volume Information
2012-01-02 18:40:08 ----SHD---- C:\Windows\Installer
2012-01-02 18:38:49 ----D---- C:\Program Files\Garmin
2011-12-16 03:45:10 ----D---- C:\Windows\rescache
2011-12-16 03:39:32 ----D---- C:\Windows\winsxs
2011-12-16 03:25:14 ----D---- C:\Program Files\Windows Mail
2011-12-16 03:02:49 ----A---- C:\Windows\system32\mrt.exe
2011-12-16 03:02:14 ----D---- C:\Windows\system32\cs-CZ
2011-12-13 20:30:55 ----D---- C:\Windows\system32\catroot2
2011-12-13 20:28:02 ----D---- C:\Windows
2011-12-09 19:43:22 ----D---- C:\Windows\system32\Tasks
2011-12-09 19:43:20 ----RD---- C:\Program Files\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 fsbts;fsbts; C:\Windows\system32\Drivers\fsbts.sys [2011-08-17 42672]
R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2008-05-14 18992]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-31 13824]
R1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys [2009-08-05 68064]
R1 FSES;F-Secure Email Scanning Driver; C:\Windows\System32\drivers\fses.sys [2010-12-22 36792]
R1 FSFW;F-Secure Firewall Driver; C:\Windows\System32\drivers\fsdfw.sys [2010-12-22 73160]
R1 fsvista;F-Secure Vista Support Driver; \??\C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2009-08-05 12384]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 61424]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-03-21 15392]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R2 NTIPPKernel;NTIPPKernel; \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-05-14 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-05-14 60464]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-01 1202560]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-08-15 921600]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2011-09-10 148632]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-08-25 9024512]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-06-14 2152344]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-31 14848]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-08-12 61440]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-25 199472]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-02-21 299008]
S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-02-14 80424]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-07-16 80936]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-16 16168]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 grmnusb;Garmin USB Driver; C:\Windows\system32\drivers\grmnusb.sys [2009-04-17 9344]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-05-02 8064]
S3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2009-04-11 27648]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-05-14 500784]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe [2009-08-05 215648]
R2 FSMA;FSMA; C:\Program Files\F-Secure\Common\FSMA32.EXE [2009-08-05 186976]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2007-01-09 272024]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe [2010-05-20 522848]
R3 FSORSPClient;F-Secure ORSP Client; C:\Program Files\F-Secure\ORSP Client\fsorsp.exe [2011-05-23 61088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1c9debde4cae503;Služba Google Update (gupdate1c9debde4cae503); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-27 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-28 194104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-14 30192]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-27 133104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

[vyosek]

Zdravim a pekny den preji

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Zvolte moznost 2 a potvrte enterem
• Utilita provede svou cinnost a da log - ten sem vlozte
• Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

• Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
• Spustte a kliknete na Deletion
• Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

[vlkofly]

Konečně vir smazán , veliké díky za rady, všechny logy jsem dal zde: http://www.ulozto.cz/12363790/log-rar

Big up vyosek !!! Jste fakt dobří.

S pozdravem a ještě jednou dík

vlkofly

[vyosek]

Ja si sem logy vlozim a jeste neutikejte, bude treba to docistit

############################## | UsbFix 7.014 | [Deletion]

User: Kuba (Administrator) # KUBA-PC [Acer Aspire 5735]
Updated 24/06/10 by El Desaparecido / C_XX
Started at 16:13:23 | 07/01/2012
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
CPU 2: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
Microsoft® Windows Vista™ Home Premium (6.0.6002 32-Bit) # Service Pack 2
Internet Explorer 7.0.6002.18005

Windows Firewall: Disabled /!\
RAM -> 3000 Mb
C:\ (%systemdrive%) -> Fixed drive # 144 Gb (19 Mb free - 13%) [ACER] # NTFS
D:\ -> Fixed drive # 144 Gb (68 Mb free - 47%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> Removable drive # 8 Gb (942 Mb free - 12%) [ADATA UFD] # FAT32

################## | Files # Infected Folders |


################## | Registry |


################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{83844dc3-7012-11df-9b0a-001d72d58761}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{b630a29d-26d6-11e0-8efc-001d72d58761}

################## | Listing |

[07/01/2012 - 16:19:35 | SHD ] C:\$RECYCLE.BIN
[24/12/2008 - 20:45:08 | D ] C:\Acer
[18/09/2006 - 22:43:36 | A | 24] C:\autoexec.bat
[03/11/2010 - 15:37:30 | D ] C:\BioEdit
[25/12/2008 - 11:57:38 | D ] C:\Book
[30/11/2009 - 08:08:47 | SHD ] C:\Boot
[11/04/2009 - 07:36:36 | RASH | 333257] C:\bootmgr
[06/02/2008 - 00:25:41 | RAS | 8192] C:\BOOTSECT.BAK
[18/09/2006 - 22:43:37 | A | 10] C:\config.sys
[02/11/2006 - 14:02:03 | SHD ] C:\Documents and Settings
[24/12/2008 - 20:50:07 | D ] C:\Elements
[27/04/2010 - 18:19:03 | D ] C:\Garmin
[07/01/2012 - 16:09:38 | ASH | 3146633216] C:\hiberfil.sys
[30/04/2008 - 08:21:30 | D ] C:\Intel
[23/02/2009 - 11:51:33 | RASH | 0] C:\IO.SYS
[23/02/2009 - 11:51:33 | RASH | 0] C:\MSDOS.SYS
[08/05/2008 - 23:32:42 | RHD ] C:\MSOCache
[07/01/2012 - 16:09:36 | ASH | 3460423680] C:\pagefile.sys
[06/10/2008 - 19:03:52 | ASH | 3195] C:\Patch.rev
[21/01/2008 - 03:32:31 | D ] C:\PerfLogs
[09/05/2008 - 10:36:21 | RASH | 146] C:\preload.rev
[07/01/2012 - 12:26:15 | RD ] C:\Program Files
[07/06/2011 - 15:47:53 | HD ] C:\ProgramData
[24/12/2008 - 20:35:06 | A | 651] C:\RHDSetup.log
[07/01/2012 - 12:27:07 | D ] C:\rsit
[07/01/2012 - 15:10:16 | SHD ] C:\System Volume Information
[07/01/2012 - 16:19:35 | D ] C:\UsbFix
[07/01/2012 - 16:13:24 | A | 2427] C:\UsbFix.txt
[24/12/2008 - 20:26:54 | RD ] C:\Users
[27/04/2010 - 18:19:03 | D ] C:\WebUpdater
[13/12/2011 - 20:28:02 | D ] C:\Windows
[07/01/2012 - 16:19:35 | SHD ] D:\$RECYCLE.BIN
[19/11/2010 - 15:21:46 | D ] D:\Age Of Empires 2
[11/11/2010 - 19:17:58 | D ] D:\Age Of Empires 2 & The Conquerors Expansion
[11/12/2010 - 23:01:49 | D ] D:\bioclanky
[24/11/2010 - 01:18:08 | D ] D:\ce935ac6320cd3058c9d9410c6cb6b
[11/12/2010 - 13:31:52 | D ] D:\Dan Barta & Illustratosphere - Animage (2008)
[06/01/2012 - 21:52:50 | D ] D:\filmy
[07/01/2012 - 15:54:16 | D ] D:\fotky
[22/11/2011 - 20:38:54 | D ] D:\muzika
[05/01/2011 - 16:22:06 | A | 125952] D:\Mykologie seminárka.doc
[25/12/2008 - 02:17:19 | SHD ] D:\System Volume Information
[31/10/2011 - 10:11:48 | D ] D:\záloha 31-10-11 laborka
[18/05/2011 - 14:51:32 | A | 8142558] F:\Manyas Bird NP.pptx
[18/08/2011 - 22:08:06 | D ] F:\Dachsteingruppe
[23/08/2011 - 17:55:24 | D ] F:\Srpen výběr
[12/09/2011 - 11:11:22 | A | 69301] F:\ZapisovyListPrintServlet.pdf
[18/05/2011 - 23:18:24 | D ] F:\birdwatching
[06/10/2011 - 19:26:18 | D ] F:\Praktický Eng
[17/08/2011 - 14:20:50 | A | 699294] F:\pathogens bonobo.pdf
[18/08/2011 - 13:43:54 | D ] F:\laborka
[19/05/2011 - 08:44:32 | D ] F:\Fotky duben 2011
[04/09/2011 - 16:35:30 | A | 68980] F:\Jakub Vlcek esej evolucni bio 2011.docx
[25/10/2011 - 19:47:38 | D ] F:\cv1_2011
[16/08/2011 - 20:59:42 | D ] F:\výběr mezioborovka 2011
[18/08/2011 - 12:06:58 | A | 347923] F:\sexual selection.full.pdf
[25/10/2011 - 18:21:12 | D ] F:\Moleckology
[06/01/2012 - 19:16:18 | A | 14914] F:\running.xlsx
[22/05/2011 - 18:17:22 | D ] F:\Šumava květen 2011
[13/10/2011 - 07:20:14 | A | 8898048] F:\2- VB cvika human.ppt
[04/10/2011 - 21:20:34 | D ] F:\Ekotech2011
[07/10/2011 - 17:14:56 | D ] F:\idiomatický jazyk
[11/10/2011 - 09:57:04 | D ] F:\eng IV Klee
[12/04/2011 - 23:26:38 | A | 734464000] F:\Strazca divociny 2009 DVDRip XviD SK.avi
[07/10/2011 - 17:15:58 | D ] F:\molekular biology
[04/11/2011 - 17:51:12 | A | 296] F:\WMPInfo.xml
[14/10/2011 - 11:18:56 | D ] F:\Turecko Gruzie Ptáci
[26/10/2011 - 20:47:58 | A | 6683648] F:\3-DevBio-chicken.ppt
[04/11/2011 - 18:32:48 | A | 17349] F:\CV 2011.docx
[22/12/2011 - 10:00:00 | A | 352817] F:\slevomat-dv-20111222.pdf
[11/12/2011 - 11:16:28 | A | 5551551] F:\Ptáci Mezioborové exkurze 2011.pptx
[22/12/2011 - 10:07:50 | A | 288656] F:\slevomat-dv-20111222m.pdf
[30/05/2011 - 19:31:18 | A | 4028928] F:\Mikrobiologie otázky.doc
[12/12/2011 - 13:15:48 | A | 17561913] F:\Ptaci Mezioborove exkurze 2011-final.pptx
[06/01/2012 - 21:52:52 | A | 733392896] F:\Eternal-Sunshine-of-the-Spotless-Mind-(Věčný-svit-neposkvrněné-duše)-[2004]-ENG.avi
[02/05/2011 - 21:58:04 | A | 112640] F:\07-Text-nervy.doc
[02/05/2011 - 21:56:24 | A | 120320] F:\08-Text-smysly.doc
[28/06/2011 - 11:34:46 | D ] F:\the best of Croatia

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
F:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | E.O.F |


RogueKiller V6.2.2 [12/31/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Kuba [Admin rights]
Mode: Remove -- Date : 01/07/2012 15:15:10

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] a8e1e0f2596ba200d0eb7f5c192a432f
[BSP] 5c394c31dbb3bb2bc3f21f97a3238b4d : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS [HIDDEN!] Offset (sectors): 2048 | Size: 10485 Mo
1 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 20482048 | Size: 154801 Mo
2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 322828288 | Size: 154783 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 1b59dd49226c4413831dcb2793cb81cc
[BSP] a83a24340e59ea8cbbf2d8eaa19e98b0 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32 [VISIBLE] Offset (sectors): 63 | Size: 8092 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



RogueKiller V6.2.2 [12/31/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Kuba [Admin rights]
Mode: HOSTSFix -- Date : 01/07/2012 15:15:43

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



RogueKiller V6.2.2 [12/31/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Kuba [Admin rights]
Mode: ProxyFix -- Date : 01/07/2012 15:16:00

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

[vyosek]

Spustte HJT a provedeme fixnuti polozek

• HJT najdete zde C:\Program Files\trend micro\Kuba.exe
• Otevre se Vam okno, kliknete na Do a system scan only
• V dalsim okne najdete radky které jsem Vam vypsal nize, vedle nich je ctverecek, do ktereho udelate zatrzitko
• R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  R3 - URLSearchHook: (no name) - - (no file)
  O1 - Hosts: ::1 localhost
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
  O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
  O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
• Kliknete na Fix checked (vlevo dole)
• HJT se Vas zepta zda opravdu ANO, s tim souhlasite a je hotovo

Stahnete OTM (viz muj podpis)

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :commands
  [CLEARALLRESTOREPOINTS]
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  
  :services
  gupdate
  gupdatem
  
  :reg
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
  
  :files
  C:\PROGRA~1\ICQTOO~1
  C:\$RECYCLE.BIN\
  D:\$RECYCLE.BIN
  C:\Windows\tasks\Google Software Updater.job
  C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
  C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
  C:\Windows\tasks\ParetoLogic Registration.job
  C:\Windows\tasks\ParetoLogic Update Version2.job
  C:\Windows\tasks\Scheduled scanning task.job
  C:\Windows\tasks\User_Feed_Synchronization-{B1C2B13A-EE3D-41B7-BE37-6DF673C2ADF2}.job
  C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\bhlwjcfp.default\searchplugins\icqplugin*.*
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp

• Kliknete na cervene tlacitko MoveIt!
• Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

[vlkofly]

V tom HJT mi vyjely jiné řádky (odkaz se liší třeba až za třetím lomítkem) a některé které jste mi vypsal tam vůbec nejsou např.: O1 - Hosts: ::1 localhost...postupoval jsem přesně podle návodu, dokonce dvakrát. Co s tím?

Dodávám, že jsem musel po proceduře v USBfix počítač restartovat, zda to nehrálo nějakou roli?

[vyosek]

Pokud tam nektery neni, tak jej preskocte...

[vlkofly]

Stačí pouze log? nebo potřebujete celý obsah složky C:\_OTM\MovedFiles ?


All processes killed
========== COMMANDS ==========

Restore point Set: OTM Restore Point
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Flash cache emptied: 116 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kuba
->Temp folder emptied: 1782879882 bytes
->Temporary Internet Files folder emptied: 67941787 bytes
->Java cache emptied: 13727653 bytes
->FireFox cache emptied: 163553388 bytes
->Google Chrome cache emptied: 55174278 bytes
->Flash cache emptied: 155867 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 400190546 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 13613244 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2 382,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Kuba
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

========== SERVICES/DRIVERS ==========
Error: No service named gupdate was found to stop!
Service\Driver key gupdate not found.
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
========== FILES ==========
C:\PROGRA~1\ICQToolbar\Cache folder moved successfully.
C:\PROGRA~1\ICQToolbar folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-3881053982-3192631720-181656082-1000 folder moved successfully.
C:\$RECYCLE.BIN folder moved successfully.
D:\$RECYCLE.BIN\S-1-5-21-3881053982-3192631720-181656082-1000 folder moved successfully.
D:\$RECYCLE.BIN folder moved successfully.
C:\Windows\tasks\Google Software Updater.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\ParetoLogic Registration.job moved successfully.
C:\Windows\tasks\ParetoLogic Update Version2.job moved successfully.
C:\Windows\tasks\Scheduled scanning task.job moved successfully.
C:\Windows\tasks\User_Feed_Synchronization-{B1C2B13A-EE3D-41B7-BE37-6DF673C2ADF2}.job moved successfully.
C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\bhlwjcfp.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\bhlwjcfp.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\bhlwjcfp.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\bhlwjcfp.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\bhlwjcfp.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\bhlwjcfp.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\bhlwjcfp.default\searchplugins\icqplugin.xml moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.

OTM by OldTimer - Version 3.1.19.0 log created on 01072012_184514

Files moved on Reboot...
File C:\Windows\temp\FML1597.tmp not found!
File C:\Windows\temp\FML86DE.tmp not found!
File C:\Windows\temp\FMLF9C4.tmp not found!

Registry entries deleted on Reboot...

[vyosek]

Tohle mi staci

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Napiste co PC

[vyosek]

Jeste poprosim o tohle
Stahnete aswMBR http://public.avast.com/%7Egmerek/aswMBR.exe a ulozte jej na plochu.

• Utilitu spustte a prikazte ji, at skenuje - klik na Scan
• Kliknutim na Save log ulozte log aswMBR na plochu
• Obsah logu aswMBR mi sem vlozte

[vlkofly]

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-07 19:41:50
-----------------------------
19:41:50.816 OS Version: Windows 6.0.6002 Service Pack 2
19:41:50.816 Number of processors: 2 586 0xF0D
19:41:50.832 ComputerName: KUBA-PC UserName: Kuba
19:42:20.487 Initialize success
19:42:42.920 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:42:42.920 Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 3
19:42:42.982 Disk 0 MBR read successfully
19:42:42.982 Disk 0 MBR scan
19:42:42.982 Disk 0 unknown MBR code
19:42:42.998 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048
19:42:43.029 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147630 MB offset 20482048
19:42:43.045 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 147613 MB offset 322828288
19:42:43.060 Disk 0 scanning sectors +625139712
19:42:43.138 Disk 0 scanning C:\Windows\system32\drivers
19:42:52.233 Service scanning
19:42:54.636 Modules scanning
19:43:02.186 Disk 0 trace - called modules:
19:43:02.217 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS
19:43:02.748 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864389b8]
19:43:02.748 3 CLASSPNP.SYS[837af8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85317af8]
19:43:02.763 Scan finished successfully
19:43:21.624 Disk 0 MBR has been saved successfully to "C:\Users\Kuba\Desktop\MBR.dat"
19:43:21.639 The log file has been saved successfully to "C:\Users\Kuba\Desktop\aswMBR.txt"

[vyosek]

Uploadnete mi prosim nekam tento soubor C:\Users\Kuba\Desktop\MBR.dat

[vlkofly]

http://www.ulozto.cz/12367284/mbr-dat Počítač jede o poznání rychleji, bohužel jsem student a asi vám moc nepřispěji, i když by jste si to za Váš servis opravdu zasloužili, každopádně rozšířím povědomí o Vašem neskutečně užitečném fóru mezi své přátelé.

Velké díky

S pozdravem

Jakub Vlček

[vyosek]

Dekuji za zaslani, bude slouzit k dalsimu vyzkumu utilit

Soubory aswMBR a i ten MBR.dat muzete smazat

Nemate zac, rad jsem pomohl Zase nekdy