System fix virus

[BuXo]

Dobrý deň, mám taký problém že dnes keď som spustil pc normálne išiel ale potom sa z ničoho nič reštartoval a nebolo vidno plochu a vyhadzovalo chyby v tom zmysle že nejde Harddisk C, že je prehriata ramka atď... pravdepodobne sú to trójske kone. Tu prikladám LOG, ďakujem za pomoc.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Mato at 2011-08-22 00:38:10
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 9 GB (12%) free of 80 GB
Total RAM: 2047 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:38:14, on 22.8.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Mato\My Documents\Preberanie\RSIT.exe
C:\Program Files\trend micro\Mato.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [RDReminder] C:\Program Files\RegClean Pro\RegCleanPro.exe -rem
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Exetender_298] "C:\Program Files\Frag Games\GPlayer.exe" /runonstartup (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8009 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for Tomas.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1715567821-725345543-1004.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1715567821-725345543-1005.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1715567821-725345543-1006.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1715567821-725345543-1007.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1715567821-725345543-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1715567821-725345543-1005.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1715567821-725345543-1006.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1715567821-725345543-1007.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "extensions.enabledItems" - "{800b5000-a755-47e1-992b-48a1c1357f07}:2, {DFF722C4-4A11-41A7-9939-C83A06B09897}:1.0, engine@conduit.com:3.2.5.2, {942cd1d4-9cc1-4d31-876a-ea8f489f7a59}:3.2.5.2, DTToolbar@toolbarnet.com:1.1.2.0185, {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2, toolbar@ask.com:3.11.3.15590, vshare@toolbar:1.0.2, {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3, {394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}:1.2.0, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16, {5b175400-2368-11de-8c30-0800200c9a66}:1.9, info@djzig.com:1.2.9"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@idsoftware.com/QuakeLive]
"Description"=
"Path"=C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660]
"Description"=12.0.1.660
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@unity3d.com/UnityPlayer]
"Description"=Unity Player 2.5.5b4
"Path"=C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18]
"Description"=Veetle TV Core
"Path"=C:\Program Files\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files\Veetle\Player\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@virtools.com/3DviaPlayer]
"Description"=3Dvia Player For Mozilla Based Broswer
"Path"=C:\Program Files\Virtools\3D Life Player\npvirtools.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsjsrealplayerplugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np32dsw.dll
npdeployJava1.dll
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpjplug.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
fcmdSrch.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\extensions\
engine@conduit.com
plugin2@gameplaylabs.com
vshare@toolbar
{20a82645-c095-46ed-80e3-08825760534b}
{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
{5b175400-2368-11de-8c30-0800200c9a66}
{7b13ec3e-999a-4b70-b9cb-2617b8323822}
{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\searchplugins\
askcom.xml
conduit.xml
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin.xml
web-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-07-14 386264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-07-11 3821568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-07 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-07 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-03 1848648]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-03-16 13670504]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-03-16 110696]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-12-14 47904]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-01-25 421160]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-01-07 253672]
"TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2011-07-14 273544]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2011-08-04 1955208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"RDReminder"=C:\Program Files\RegClean Pro\RegCleanPro.exe [2010-11-27 2564480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\záloha\Program Files\Mozilla Firefox\firefox.exe"="D:\záloha\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\FIFA10\FIFA10.exe"="C:\Program Files\FIFA10\FIFA10.exe:*:Enabled:FIFA10"
"D:\HRY\FIFA11\Game\fifa.exe"="D:\HRY\FIFA11\Game\fifa.exe:*:Enabled:FIFA 11"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Mozilla Firefox\plugin-container.exe"="C:\Program Files\Mozilla Firefox\plugin-container.exe:*:Enabled:Plugin Container for Firefox"
"D:\FIFA08\FIFA08.exe"="D:\FIFA08\FIFA08.exe:*:Enabled:FIFA08"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe"="C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\f1\F1_2010_game.exe"="D:\f1\F1_2010_game.exe:*:Enabled:F1 2010"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Documents and Settings\Tomas\My Documents\Preberanie\Flash-Player.exe"="C:\Documents and Settings\Tomas\My Documents\Preberanie\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Tomas\My Documents\Preberanie\Flash-Player.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Valve\Steam\SteamApps\buxo170\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\buxo170\counter-strike\hl.exe:*:Enabled:Counter-Strike"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-08-22 00:38:10 ----D---- C:\rsit
2011-08-22 00:34:16 ----D---- C:\Program Files\CCleaner
2011-08-22 00:25:50 ----SHD---- C:\RECYCLER
2011-08-21 22:16:49 ----A---- C:\Boot.bak
2011-08-21 22:16:42 ----RASHD---- C:\cmdcons
2011-08-21 18:17:07 ----A---- C:\WINDOWS\ntbtlog.txt
2011-08-19 21:06:25 ----D---- C:\Program Files\trend micro
2011-08-17 14:30:59 ----D---- C:\Program Files\Illustrator
2011-08-17 14:28:54 ----D---- C:\Program Files\Xenocode
2011-08-12 08:55:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2567680$
2011-08-12 08:54:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2011-08-12 08:54:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2570222$
2011-08-12 08:53:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2559049$
2011-08-12 08:53:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2011-08-12 08:53:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2562937$
2011-07-29 16:41:46 ----D---- C:\Documents and Settings\All Users\Application Data\nettrafficstat

======List of files/folders modified in the last 1 month======

2011-08-22 00:35:18 ----SD---- C:\WINDOWS\Tasks
2011-08-22 00:34:16 ----RD---- C:\Program Files
2011-08-22 00:31:49 ----D---- C:\WINDOWS\Temp
2011-08-22 00:31:47 ----D---- C:\Program Files\Common Files\Akamai
2011-08-22 00:30:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-22 00:26:28 ----D---- C:\WINDOWS\system32
2011-08-22 00:26:28 ----D---- C:\WINDOWS
2011-08-22 00:24:39 ----D---- C:\WINDOWS\Prefetch
2011-08-22 00:24:39 ----D---- C:\WINDOWS\Minidump
2011-08-22 00:23:10 ----SHD---- C:\System Volume Information
2011-08-22 00:23:10 ----D---- C:\WINDOWS\system32\Restore
2011-08-22 00:23:06 ----D---- C:\WINDOWS\system32\CatRoot2
2011-08-22 00:17:14 ----D---- C:\Documents and Settings\Mato\Application Data\Skype
2011-08-21 23:12:42 ----A---- C:\WINDOWS\system.ini
2011-08-21 23:12:35 ----D---- C:\WINDOWS\system32\drivers\etc
2011-08-21 23:12:16 ----D---- C:\Program Files\Common Files
2011-08-21 23:10:24 ----D---- C:\WINDOWS\system32\drivers
2011-08-21 23:10:24 ----D---- C:\WINDOWS\AppPatch
2011-08-21 23:01:11 ----D---- C:\Documents and Settings\Mato\Application Data\uTorrent
2011-08-21 22:59:21 ----SHD---- C:\WINDOWS\Installer
2011-08-21 22:59:20 ----D---- C:\Config.Msi
2011-08-21 22:54:40 ----D---- C:\Documents and Settings\All Users\Application Data\Skype Extras
2011-08-21 22:54:24 ----D---- C:\Program Files\DAEMON Tools Toolbar
2011-08-21 22:22:22 ----D---- C:\WINDOWS\system32\config
2011-08-21 22:16:49 ----RASH---- C:\boot.ini
2011-08-21 18:21:51 ----D---- C:\Documents and Settings
2011-08-21 17:07:55 ----D---- C:\Temp
2011-08-20 17:26:59 ----RD---- C:\Program Files\Skype
2011-08-20 17:26:58 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2011-08-19 18:57:49 ----D---- C:\Program Files\Mozilla Firefox
2011-08-19 17:23:32 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-08-19 15:28:13 ----D---- C:\WINDOWS\system32\wbem
2011-08-19 15:28:13 ----D---- C:\WINDOWS\Registration
2011-08-19 15:21:47 ----HD---- C:\WINDOWS\inf
2011-08-19 12:01:09 ----D---- C:\Program Files\Microsoft Security Client
2011-08-17 15:06:37 ----D---- C:\Documents and Settings\Mato\Application Data\Adobe
2011-08-16 22:54:40 ----D---- C:\Program Files\Common Files\Apple
2011-08-16 15:22:04 ----D---- C:\Documents and Settings\Mato\Application Data\MAXON
2011-08-13 19:19:57 ----D---- C:\WINDOWS\Microsoft.NET
2011-08-13 19:19:54 ----RSD---- C:\WINDOWS\assembly
2011-08-12 08:58:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-08-12 08:57:48 ----D---- C:\WINDOWS\WinSxS
2011-08-12 08:55:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-08-12 08:54:59 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2011-08-12 08:54:14 ----A---- C:\WINDOWS\imsins.BAK
2011-08-12 08:54:10 ----HD---- C:\WINDOWS\$hf_mig$
2011-08-11 17:42:17 ----RSD---- C:\WINDOWS\Fonts
2011-08-10 07:31:38 ----D---- C:\Program Files\VDOWNLOADER
2011-08-09 18:45:58 ----D---- C:\Program Files\LogMeIn Hamachi

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvgts;nvgts; C:\WINDOWS\system32\DRIVERS\nvgts.sys [2010-04-09 168040]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-12-23 691696]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R2 X4HSEx_Pr298;X4HSEx_Pr298; \??\C:\Program Files\Frag Games\X4HSEx.Sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-01-22 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-03-16 10232352]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2010-03-04 70912]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2010-03-04 13824]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S1 MpKslb7bcfcd7;MpKslb7bcfcd7; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{400F6153-11D5-44AC-BF1D-C4BDC411FC76}\MpKslb7bcfcd7.sys []
S1 MpKslc18237df;MpKslc18237df; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{400F6153-11D5-44AC-BF1D-C4BDC411FC76}\MpKslc18237df.sys []
S3 aii64szp;aii64szp; C:\WINDOWS\system32\drivers\aii64szp.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-02-28 5888]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-12-14 41984]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-01-05 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 1361288]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-07 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-03-16 154216]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-07-10 75136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-01-25 820008]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-05 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-05 136176]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-01-30 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Zdravím!
Nechápu, proč chcete řešit log ze srpna 2011:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Mato at 2011-08-22 00:38:10
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 9 GB (12%) free of 80 GB
Total RAM: 2047 MB (74% free)

??

[BuXo]

Najskôr mi vyhodilo chybu: Write access was denied to the location you specified. Try a different location please.

A potom mi vyhodilo ten log. Neviem prečo je tam august.

[BuXo]

Prosím vás keďže je ten predchádzajúci log zlý pridávam sem LOG z DDS a len dodám že ten vírus spôsobuje že je všetko skryté, nieje vidno plochu...

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_29
Run by Mato at 16:30:49 on 2012-03-18
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2047.1076 [GMT 1:00]
.
AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\real\realplayer\update\realsched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\WINDOWS\system32\PrintDisp.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Valve\Steam\steam.exe
C:\Program Files\ICQ7.7\ICQ.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PrintCtrl.exe
C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\attrib.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=fccdb60a000000000000002215d3ceac
mStart Page = hxxp://startsear.ch/?aff=1
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
mSearchAssistant = hxxp://start.facemoods.com/?a=stonicus&s={searchTerms}&f=4
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
mURLSearchHooks: H - No File
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
mURLSearchHooks: H - No File
BHO: BFlix Class: {0c9f4179-6ce2-4c6a-a3e5-67ff3592a12e} - c:\program files\bflix\BFlix.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: IE5BarLauncherBHO Class: {78f3a323-798e-4aea-9a57-88f4b05fd5dd} - c:\program files\vshare.tv plugin\BarLcher.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SweetPacks Browser Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: VShareToolBar: {7ac3e13b-3bca-4158-b330-f66dbb03c1b5} - c:\program files\vshare.tv plugin\BarLcher.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: SweetPacks Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [RDReminder] c:\program files\regclean pro\RegCleanPro.exe -rem
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam] "c:\program files\valve\steam\steam.exe" -silent
uRun: [Akamai NetSession Interface] "c:\documents and settings\mato\local settings\application data\akamai\netsession_win.exe"
uRun: [ICQ] ~"c:\program files\icq7.7\ICQ.exe" silent loginmode=4
uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SoundMax] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [PrintDisp] c:\windows\system32\PrintDisp.exe
mRun: [fvmJCJEUlfbO.exe] c:\documents and settings\all users\application data\fvmJCJEUlfbO.exe
mRun: [ISTray] "c:\program files\pc tools\pc tools security\pctsGui.exe" /hideGUI
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Exetender_298] "c:\program files\frag games\GPlayer.exe" /runonstartup
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\icq7.7\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: Interfaces\{498A9E67-B36F-4BCB-8F4A-F93E483698A3} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mato\application data\mozilla\firefox\profiles\onlthvrx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://google.sk/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109981
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.ovrDmn - isearch.babylon.com
FF - user.js: extensions.BabylonToolbar_i.id - fccdb60a000000000000002215d3ceac
FF - user.js: extensions.BabylonToolbar_i.hardId - fccdb60a000000000000002215d3ceac
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15409
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:56:06
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-3-18 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-3-18 342168]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-3-18 185560]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-2-28 14336]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_2_5\bin\fbguard.exe [2011-9-29 98304]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2012-2-19 217088]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-2-28 1373576]
R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2012-1-2 247872]
R2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2012-3-10 65536]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2012-3-18 402336]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2012-3-18 1117624]
R2 X4HSEx_Pr298;X4HSEx_Pr298;c:\program files\frag games\X4HSEx.sys [2011-6-19 56424]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_2_5\bin\fbserver.exe [2011-9-29 3735552]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2012-2-19 36640]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2006-2-28 69120]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S1 MpKslb7bcfcd7;MpKslb7bcfcd7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{400f6153-11d5-44ac-bf1d-c4bdc411fc76}\mpkslb7bcfcd7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{400f6153-11d5-44ac-bf1d-c4bdc411fc76}\MpKslb7bcfcd7.sys [?]
S1 MpKslc18237df;MpKslc18237df;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{400f6153-11d5-44ac-bf1d-c4bdc411fc76}\mpkslc18237df.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{400f6153-11d5-44ac-bf1d-c4bdc411fc76}\MpKslc18237df.sys [?]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools security\bdt\BDTUpdateService.exe [2012-3-18 550864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-5 136176]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-2-19 30312]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2012-2-19 20032]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-5 136176]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-3-18 56840]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-2-19 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-2-19 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-2-19 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2012-2-19 114280]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\drivers\gtkdrv.sys [2012-1-4 16128]
.
=============== Created Last 30 ================
.
2012-03-18 15:04:45 -------- d-----w- c:\windows\system32\WCID
2012-03-18 14:51:45 767952 ----a-w- c:\windows\BDTSupport.dll
2012-03-18 14:51:45 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-03-18 14:51:45 2250704 ----a-w- c:\windows\PCTBDCore.dll
2012-03-18 14:51:45 1681360 ----a-w- c:\windows\PCTBDRes.dll
2012-03-18 14:51:45 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-03-18 14:50:30 253352 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-03-18 14:50:23 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-03-18 14:50:20 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-03-18 14:50:14 -------- d-----w- c:\program files\PC Tools
2012-03-18 14:36:46 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-03-18 14:36:46 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-03-18 14:36:41 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-03-18 14:36:41 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-03-18 14:36:40 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-03-18 14:36:40 -------- d--h--w- c:\program files\common files\PC Tools
2012-03-18 14:35:41 -------- d--h--w- c:\documents and settings\all users\application data\PC Tools
2012-03-18 14:35:40 -------- d--h--w- c:\documents and settings\mato\application data\TestApp
2012-03-18 10:36:53 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-03-18 09:37:01 347136 ----a-w- c:\documents and settings\all users\application data\BiomfnwQWGB2YA.exe
2012-03-18 06:44:40 347136 ---ha-w- c:\documents and settings\all users\application data\UFrtkpR0Nt1S1T.exe
2012-03-18 06:42:15 441856 ----a-w- c:\documents and settings\all users\application data\fvmJCJEUlfbO.exe
2012-03-10 13:19:43 -------- d--h--w- c:\documents and settings\mato\application data\Aspell
2012-03-10 12:59:48 103 ---ha-w- c:\windows\system32\libmysql50.dll
2012-03-10 12:59:47 103 ---ha-w- c:\windows\system32\libmysql.dll
2012-03-10 12:59:47 103 ---ha-w- c:\windows\ctf.exe
2012-03-10 11:45:53 -------- d--h--w- c:\documents and settings\mato\application data\CAD-KAS
2012-03-10 11:45:45 75776 ---ha-w- c:\windows\cadkasdeinst01e.exe
2012-03-10 11:41:55 -------- d--h--w- c:\program files\AVI to MP4 Converter
2012-03-10 11:28:30 99704 ---ha-w- c:\program files\mozilla firefox\Eula.exe
2012-03-10 10:56:02 -------- d--h--w- c:\program files\Labels
2012-03-07 16:43:15 -------- d--h--w- c:\documents and settings\all users\application data\PMB Files
2012-03-07 16:35:56 -------- d--h--w- c:\program files\Pando Networks
2012-03-05 00:45:22 -------- d--h--w- c:\documents and settings\mato\application data\MAGIX
2012-03-05 00:42:46 -------- d--h--w- c:\program files\MAGIX
2012-03-05 00:42:39 -------- d--h--w- c:\program files\MSXML 4.0
2012-03-05 00:42:31 -------- d--h--w- c:\documents and settings\all users\application data\MAGIX
2012-03-05 00:42:29 -------- d--h--w- c:\program files\common files\MAGIX Services
2012-03-05 00:16:57 -------- d--h--w- c:\windows\system32\mem
2012-03-05 00:16:57 -------- d--h--w- c:\program files\Music Editing Master
2012-03-04 09:03:00 -------- d--h--w- c:\program files\NCSoft
2012-02-19 14:43:07 -------- d--h--w- c:\documents and settings\mato\local settings\application data\Samsung
2012-02-19 14:39:18 4659712 ---ha-w- c:\windows\system32\Redemption.dll
2012-02-19 14:39:02 821824 ---ha-w- c:\windows\system32\dgderapi.dll
2012-02-19 14:39:02 319456 ---ha-w- c:\windows\system32\DIFxAPI.dll
2012-02-19 14:39:02 20032 ---ha-w- c:\windows\system32\drivers\dgderdrv.sys
2012-02-19 14:35:14 -------- d--h--w- c:\documents and settings\mato\local settings\application data\Downloaded Installations
2012-02-19 14:26:09 10472 ---ha-w- c:\windows\system32\drivers\ssadcm.sys
2012-02-19 14:26:08 1416680 ---ha-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2012-02-19 14:26:08 10344 ---ha-w- c:\windows\system32\drivers\ssadwh.sys
2012-02-19 14:26:02 12616 ---ha-w- c:\windows\system32\drivers\sscdcm.sys
2012-02-19 14:26:02 12488 ---ha-w- c:\windows\system32\drivers\sscdwh.sys
2012-02-19 14:25:09 36640 ---ha-w- c:\windows\system32\FsUsbExDisk.Sys
2012-02-19 14:25:09 217088 ---ha-w- c:\windows\system32\FsUsbExService.Exe
2012-02-19 14:25:09 110592 ---ha-w- c:\windows\system32\FsUsbExDevice.Dll
2012-02-19 14:23:27 -------- d--h--w- c:\program files\PC Connectivity Solution
2012-02-19 14:21:18 -------- d--h--w- c:\documents and settings\mato\application data\Samsung
2012-02-19 14:21:17 -------- d--h--w- c:\program files\MarkAny
2012-02-19 14:21:15 -------- d--h--w- c:\documents and settings\all users\application data\Samsung
2012-02-19 14:21:05 -------- d--h--w- c:\program files\Samsung
2012-02-19 14:20:58 -------- d--h--w- c:\program files\common files\Samsung
2012-02-18 23:49:10 -------- d--h--w- c:\program files\XTCS COUNTER STRIKE
.
==================== Find3M ====================
.
2012-03-10 13:18:34 1218627 ---ha-w- c:\windows\unins000.exe
2012-02-19 06:14:12 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-17 13:20:50 52 ---ha-w- c:\windows\SW_Win9423X24.DLL
2012-02-11 12:40:45 107888 ---ha-w- c:\windows\system32\CmdLineExt.dll
2012-02-03 09:22:18 1860096 ---ha-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ---h--w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ---ha-w- c:\windows\system32\drivers\rdpwd.sys
2012-01-04 14:28:36 16128 ---ha-w- c:\windows\system32\drivers\gtkdrv.sys
2010-01-26 17:11:08 444283 -c-ha-w- c:\program files\common files\WinPcapNmap.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: MAXTOR_S rev.4.AA -> Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A2F6FA9]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH EBX; MOV EBX, [EBP+0xc]; PUSH ESI; XOR EDX, EDX; CMP [0x8a2fed34], EDX; PUSH EDI; MOV EDI, [EBX+0x60]; JZ 0x187; MOV EAX, [EBP+0x8]; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A32D578]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E13B9] -> [0x8A32DD58]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; PUSH CS; POP DS; PUSH CS; POP ES; PUSHAD ; MOV [0x7e00], DL; MOV BYTE [0x7e04], 0x1e; MOV AH, 0x48; MOV SI, 0x7e04; INT 0x13; MOV AL, 0x50; JB 0x196; SUB WORD [0x413], 0x14; }
user != kernel MBR !!!
.
============= FINISH: 16:38:41,59 ===============

[Rudy]

Poprosím o log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[BuXo]

Pri Stage 50 Combofix reštartoval moje PC a pri následnom spustení to už ako keby nepokračovalo, log sa nezobrazil...V čom môže byť problém?

[Rudy]

Zkuste spustit v nouz. režimu.

[BuXo]

Tak po spustení explorer.exe v núdzovom režime sa mi zobrazila aj plocha a všetky súbory, a našiel som aj ten prvý log, ktorý bol vytvorený keď som vám písal že ho nevyhodilo, tu je:

ComboFix 12-03-17.01 - Mato 18.03.2012 21:50:34.3.2 - x86 NETWORK
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2047.1730 [GMT 1:00]
Running from: C:\Documents and Settings\Mato\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users\Application Data\~00X8Hx1dhnQjXT
C:\Documents and Settings\All Users\Application Data\~00X8Hx1dhnQjXTr
C:\Documents and Settings\All Users\Application Data\~BiomfnwQWGB2YA
C:\Documents and Settings\All Users\Application Data\~BiomfnwQWGB2YAr
C:\Documents and Settings\All Users\Application Data\~j0VSXp0dD8PYmn
C:\Documents and Settings\All Users\Application Data\~j0VSXp0dD8PYmnr
C:\Documents and Settings\All Users\Application Data\~UFrtkpR0Nt1S1T
C:\Documents and Settings\All Users\Application Data\~UFrtkpR0Nt1S1Tr
C:\Documents and Settings\All Users\Application Data\00X8Hx1dhnQjXT
C:\Documents and Settings\All Users\Application Data\00X8Hx1dhnQjXT.exe
C:\Documents and Settings\All Users\Application Data\100
C:\Documents and Settings\All Users\Application Data\BiomfnwQWGB2YA
C:\Documents and Settings\All Users\Application Data\BiomfnwQWGB2YA.exe
C:\Documents and Settings\All Users\Application Data\j0VSXp0dD8PYmn
C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\All Users\Application Data\UFrtkpR0Nt1S1T
C:\Documents and Settings\All Users\Application Data\UFrtkpR0Nt1S1T.exe
C:\Documents and Settings\Guest\Application Data\facemoods.com
C:\Documents and Settings\Mato\Application Data\facemoods.com
C:\Documents and Settings\Mato\Desktop\System Check.lnk
C:\Documents and Settings\Mato\Start Menu\Programs\System Check
C:\Documents and Settings\Mato\Start Menu\Programs\System Check\System Check.lnk
C:\Documents and Settings\Mato\Start Menu\Programs\System Check\Uninstall System Check.lnk
C:\Documents and Settings\Ocino\Application Data\facemoods.com
C:\Documents and Settings\Ocino\Desktop\System Check.lnk
C:\Documents and Settings\Ocino\Start Menu\Programs\System Check
C:\Documents and Settings\Ocino\Start Menu\Programs\System Check\System Check.lnk
C:\Documents and Settings\Ocino\Start Menu\Programs\System Check\Uninstall System Check.lnk
C:\Documents and Settings\Tomas\Application Data\facemoods.com
C:\Documents and Settings\Tomas\Desktop\System Check.lnk
C:\Documents and Settings\Tomas\Local Settings\Application Data\assembly\tmp
C:\Documents and Settings\Tomas\Start Menu\Programs\System Check
C:\Documents and Settings\Tomas\Start Menu\Programs\System Check\System Check.lnk
C:\Documents and Settings\Tomas\Start Menu\Programs\System Check\Uninstall System Check.lnk
C:\Program Files\facemoods.com
C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoods.crx
C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoods.png
C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
C:\Program Files\facemoods.com\facemoods\1.4.17.11\uninstall.exe
C:\WINDOWS\ctf.exe
C:\WINDOWS\pkunzip.pif
C:\WINDOWS\pkzip.pif
C:\WINDOWS\SW_Win9423X24.DLL
C:\WINDOWS\system32\libmysql.dll
C:\WINDOWS\system32\libmysql50.dll
C:\WINDOWS\system32\muzapp.exe
C:\WINDOWS\XSxS
D:\Setup.exe


((((((((((((((((((((((((( Files Created from 2012-02-18 to 2012-03-18 )))))))))))))))))))))))))))))))


2012-03-18 19:00:25 . 2012-03-18 19:00:25 127 ----a-w- C:\WINDOWS\system32\JSSBB.bat
2012-03-18 15:04:45 . 2012-03-18 15:04:46 -------- d--h--w- C:\WINDOWS\system32\WCID
2012-03-18 14:51:45 . 2012-02-17 14:08:40 149456 ---ha-w- C:\WINDOWS\SGDetectionTool.dll
2012-03-18 14:36:40 . 2012-02-24 09:36:44 185560 ---ha-w- C:\WINDOWS\system32\drivers\PCTSD.sys
2012-03-18 14:35:41 . 2012-03-18 14:50:21 -------- d--h--w- C:\Documents and Settings\All Users\Application Data\PC Tools
2012-03-18 14:35:40 . 2012-03-18 14:35:40 -------- d--h--w- C:\Documents and Settings\Mato\Application Data\TestApp
2012-03-18 10:36:53 . 2012-03-18 18:58:44 -------- d--h--w- C:\Program Files\GridinSoft Trojan Killer
2012-03-11 07:09:03 . 2012-03-11 10:28:59 -------- d--h--w- C:\Documents and Settings\Tomas\Application Data\ExpressFiles
2012-03-11 07:08:40 . 2012-03-11 07:12:25 -------- d--h--w- C:\Documents and Settings\Tomas\Local Settings\Application Data\Babylon
2012-03-11 07:08:36 . 2012-03-11 10:56:07 -------- d--h--w- C:\Documents and Settings\Tomas\Application Data\Babylon
2012-03-10 13:19:43 . 2012-03-10 13:19:43 -------- d--h--w- C:\Documents and Settings\Mato\Application Data\Aspell
2012-03-10 11:45:53 . 2012-03-10 11:45:53 -------- d--h--w- C:\Documents and Settings\Mato\Application Data\CAD-KAS
2012-03-10 11:45:45 . 2012-03-10 11:45:45 75776 ---ha-w- C:\WINDOWS\cadkasdeinst01e.exe
2012-03-10 11:41:55 . 2012-03-10 11:41:55 -------- d--h--w- C:\Program Files\AVI to MP4 Converter
2012-03-10 11:28:30 . 2012-03-10 11:28:31 99704 ---ha-w- C:\Program Files\Mozilla Firefox\Eula.exe
2012-03-10 10:56:02 . 2012-03-10 11:38:46 -------- d--h--w- C:\Program Files\Labels
2012-03-07 16:43:18 . 2012-03-07 18:00:17 -------- d--h--w- C:\Documents and Settings\Tomas\Local Settings\Application Data\PMB Files
2012-03-07 16:43:15 . 2012-03-07 16:43:15 -------- d--h--w- C:\Documents and Settings\All Users\Application Data\PMB Files
2012-03-07 16:35:56 . 2012-03-07 16:35:56 -------- d--h--w- C:\Program Files\Pando Networks
2012-03-05 07:29:43 . 2012-03-05 07:29:50 -------- d--h--w- C:\Documents and Settings\Tomas\Application Data\MAGIX
2012-03-05 00:45:22 . 2012-03-05 00:45:52 -------- d--h--w- C:\Documents and Settings\Mato\Application Data\MAGIX
2012-03-05 00:42:46 . 2012-03-05 00:43:11 -------- d--h--w- C:\Program Files\MAGIX
2012-03-05 00:42:39 . 2012-03-05 00:42:39 -------- d--h--w- C:\Program Files\MSXML 4.0
2012-03-05 00:42:31 . 2012-03-05 00:45:52 -------- d--h--w- C:\Documents and Settings\All Users\Application Data\MAGIX
2012-03-05 00:42:29 . 2012-03-05 00:43:11 -------- d--h--w- C:\Program Files\Common Files\MAGIX Services
2012-03-05 00:16:57 . 2012-03-05 00:19:51 -------- d--h--w- C:\Program Files\Music Editing Master
2012-03-05 00:16:57 . 2012-03-05 00:16:58 -------- d--h--w- C:\WINDOWS\system32\mem
2012-03-04 09:03:22 . 2012-03-18 21:34:19 -------- d--h--w- C:\Documents and Settings\Tomas\Local Settings\Application Data\assembly
2012-03-04 09:03:00 . 2012-03-04 09:03:00 -------- d--h--w- C:\Program Files\NCSoft
2012-03-04 09:02:34 . 2012-03-04 09:02:34 -------- d--h--w- C:\Documents and Settings\Tomas\Application Data\InstallShield
2012-03-04 09:02:00 . 2012-03-04 09:02:31 -------- d--h--w- C:\Documents and Settings\Tomas\Application Data\GetRightToGo
2012-02-19 14:43:07 . 2012-02-19 14:43:07 -------- d--h--w- C:\Documents and Settings\Mato\Local Settings\Application Data\Samsung
2012-02-19 14:39:18 . 2011-06-07 10:13:44 4659712 ---ha-w- C:\WINDOWS\system32\Redemption.dll
2012-02-19 14:39:02 . 2011-06-07 10:13:36 821824 ---ha-w- C:\WINDOWS\system32\dgderapi.dll
2012-02-19 14:39:02 . 2011-06-07 10:13:36 319456 ---ha-w- C:\WINDOWS\system32\DIFxAPI.dll
2012-02-19 14:39:02 . 2011-06-07 10:13:36 20032 ---ha-w- C:\WINDOWS\system32\drivers\dgderdrv.sys
2012-02-19 14:35:14 . 2012-02-19 14:35:14 -------- d--h--w- C:\Documents and Settings\Mato\Local Settings\Application Data\Downloaded Installations
2012-02-19 14:26:09 . 2011-06-02 05:47:22 10472 ---ha-w- C:\WINDOWS\system32\drivers\ssadcm.sys
2012-02-19 14:26:08 . 2011-06-02 05:47:22 10344 ---ha-w- C:\WINDOWS\system32\drivers\ssadwh.sys
2012-02-19 14:26:08 . 2010-07-28 13:33:06 1416680 ---ha-w- C:\WINDOWS\system32\drivers\WdfCoInstaller01005.dll
2012-02-19 14:26:02 . 2010-12-21 05:55:02 12616 ---ha-w- C:\WINDOWS\system32\drivers\sscdcm.sys
2012-02-19 14:26:02 . 2010-12-21 05:55:02 12488 ---ha-w- C:\WINDOWS\system32\drivers\sscdwh.sys
2012-02-19 14:25:09 . 2010-11-15 07:10:18 36640 ---ha-w- C:\WINDOWS\system32\FsUsbExDisk.Sys
2012-02-19 14:25:09 . 2010-11-15 07:10:18 217088 ---ha-w- C:\WINDOWS\system32\FsUsbExService.Exe
2012-02-19 14:25:09 . 2010-11-15 07:10:18 110592 ---ha-w- C:\WINDOWS\system32\FsUsbExDevice.Dll
2012-02-19 14:23:27 . 2012-02-19 14:35:42 -------- d--h--w- C:\Program Files\PC Connectivity Solution
2012-02-19 14:21:18 . 2012-02-19 14:37:28 -------- d--h--w- C:\Documents and Settings\Mato\Application Data\Samsung
2012-02-19 14:21:17 . 2012-02-19 14:21:17 -------- d--h--w- C:\Program Files\MarkAny
2012-02-19 14:21:15 . 2012-02-19 14:38:03 -------- d--h--w- C:\Documents and Settings\All Users\Application Data\Samsung
2012-02-19 14:21:05 . 2012-02-19 14:25:48 -------- d--h--w- C:\Program Files\Samsung
2012-02-19 14:20:58 . 2012-02-19 14:21:32 -------- d--h--w- C:\Program Files\Common Files\Samsung
2012-02-18 23:49:10 . 2012-02-18 23:49:10 -------- d--h--w- C:\Program Files\XTCS COUNTER STRIKE
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-02-19 06:14:12 . 2011-05-16 14:23:19 414368 ---ha-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2012-02-11 12:40:45 . 2011-03-26 11:12:41 107888 ---ha-w- C:\WINDOWS\system32\CmdLineExt.dll
2012-02-03 09:22:18 . 2006-02-28 12:00:00 1860096 ---ha-w- C:\WINDOWS\system32\win32k.sys
2012-01-11 19:06:47 . 2012-02-16 10:44:36 3072 ---h--w- C:\WINDOWS\system32\iacenc.dll
2012-01-09 16:20:25 . 2010-12-21 21:04:57 139784 ---ha-w- C:\WINDOWS\system32\drivers\rdpwd.sys
2010-01-26 17:11:08 . 2010-12-23 22:30:45 444283 -c-ha-w- C:\Program Files\Common Files\WinPcapNmap.exe
2012-02-16 15:16:36 . 2011-03-24 20:22:39 134104 ---ha-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2012-01-15 11:27:58 130864]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-01-15 11:27:58 1330480 ---ha-w- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-01-15 11:27:58 1330480]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-01-15 11:27:58 1330480]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 09:16:20 357696]
"RDReminder"="C:\Program Files\RegClean Pro\RegCleanPro.exe" [2010-11-27 13:34:00 2564480]
"Steam"="C:\Program Files\Valve\Steam\steam.exe" [2012-01-04 17:53:38 1242448]
"Akamai NetSession Interface"="C:\Documents and Settings\Mato\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-02-02 01:44:30 3329824]
"KiesHelper"="C:\Program Files\Samsung\Kies\KiesHelper.exe" [2011-06-24 14:54:30 941968]
"KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe" [2011-06-24 14:54:36 3373968]
"KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-06-24 14:54:46 20880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 16:20:00 689488]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 16:06:00 1848648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2010-03-16 02:37:50 13670504]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2010-03-16 02:37:50 110696]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 20:34:36 868352]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 17:36:46 30040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-11-29 16:38:18 421888]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 16:17:16 47904]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-01-25 14:08:14 421160]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 08:44:43 35760]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2011-07-11 21:47:06 74752]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 12:06:06 254696]
"TkBellExe"="C:\Program Files\real\realplayer\update\realsched.exe" [2011-11-27 12:04:50 296056]
"SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2012-01-19 11:30:04 114992]
"LogMeIn Hamachi Ui"="C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 16:38:56 1987976]
"PrintDisp"="C:\WINDOWS\system32\PrintDisp.exe" [2011-02-19 07:55:18 826368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 00:12:16 15360]
"Exetender_298"="C:\Program Files\Frag Games\GPlayer.exe" [2010-10-27 16:20:08 4889600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\záloha\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\FIFA10\\FIFA10.exe"=
"D:\\HRY\\FIFA11\\Game\\fifa.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=
"C:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires Online\\Spartan.exe"=
"C:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\PES2012\\pes2012.exe"=
"C:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"C:\\Documents and Settings\\Mato\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"C:\\Documents and Settings\\Tomas\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"D:\\fmanager12\\Football Manager 2012\\instalovane\\fm.exe"=
"D:\\Unreal Anthology\\UT2004\\System\\UT2004.exe"=
"C:\\Program Files\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\ICQ7.7\\ICQ.exe"=
"C:\\Program Files\\Winamp\\winamp.exe"=
"C:\\Documents and Settings\\Mato\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"C:\\Documents and Settings\\Tomas\\My Documents\\Preberanie\\SweetImSetup.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold_Crusader_Extreme.exe"=
"C:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
"C:\\Program Files\\XTCS COUNTER STRIKE\\XTCS-Counter-Strike-1.6-Final-Release\\XTCS Counter-Strike 1.6 Final Release\\cstrike.exe"=
"C:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\buxo170\\counter-strike\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56167:TCP"= 56167:TCP:Pando Media Booster
"56167:UDP"= 56167:UDP:Pando Media Booster
"1052:TCP"= 1052:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 PCTCore;PCTools KDS;C:\WINDOWS\system32\drivers\PCTCore.sys [18.3.2012 15:36:41 331880]
R0 pctDS;PC Tools Data Store;C:\WINDOWS\system32\drivers\pctDS.sys [18.3.2012 15:36:46 342168]
R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [23.12.2010 18:08:44 691696]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [28.2.2012 17:38:52 1373576]
S1 MpKslb7bcfcd7;MpKslb7bcfcd7;\??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{400F6153-11D5-44AC-BF1D-C4BDC411FC76}\MpKslb7bcfcd7.sys --> c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{400F6153-11D5-44AC-BF1D-C4BDC411FC76}\MpKslb7bcfcd7.sys [?]
S1 MpKslc18237df;MpKslc18237df;\??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{400F6153-11D5-44AC-BF1D-C4BDC411FC76}\MpKslc18237df.sys --> c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{400F6153-11D5-44AC-BF1D-C4BDC411FC76}\MpKslc18237df.sys [?]
S1 PCTSD;PC Tools Spyware Doctor Driver;C:\WINDOWS\system32\drivers\PCTSD.sys [18.3.2012 15:36:40 185560]
S2 Akamai;Akamai NetSession Interface;C:\WINDOWS\System32\svchost.exe -k Akamai [28.2.2006 13:00:00 14336]
S2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [18.3.2012 15:51:45 550864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16:28 130384]
S2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [27.8.2009 17:09:10 1253376]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [29.9.2011 19:50:37 98304]
S2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [19.2.2012 15:25:09 217088]
S2 gupdate;Služba Google Update (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [5.7.2011 16:51:52 136176]
S2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2.1.2012 18:52:46 247872]
S2 Printer Control;Printer Control;C:\WINDOWS\system32\PrintCtrl.exe [10.3.2012 14:18:16 65536]
S2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe [18.3.2012 15:50:16 402336]
S2 X4HSEx_Pr298;X4HSEx_Pr298;C:\Program Files\Frag Games\X4HSEx.sys [19.6.2011 7:34:34 56424]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\WINDOWS\system32\drivers\ssadadb.sys [19.2.2012 15:40:38 30312]
S3 dgderdrv;dgderdrv;C:\WINDOWS\system32\drivers\dgderdrv.sys [19.2.2012 15:39:02 20032]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [29.9.2011 19:50:38 3735552]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7.8.2008 11:10:02 3276800]
S3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [19.2.2012 15:25:09 36640]
S3 gupdatem;Služba Google Update (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [5.7.2011 16:51:52 136176]
S3 PCTBD;PC Tools Browser Defender Driver;C:\WINDOWS\system32\drivers\PCTBD.sys [18.3.2012 15:51:45 56840]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\WINDOWS\system32\drivers\ssadbus.sys [19.2.2012 15:40:37 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\WINDOWS\system32\drivers\ssadmdfl.sys [19.2.2012 15:40:38 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\WINDOWS\system32\drivers\ssadmdm.sys [19.2.2012 15:40:38 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\WINDOWS\system32\drivers\ssadserd.sys [19.2.2012 15:40:38 114280]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16:28 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

Contents of the 'Scheduled Tasks' folder

2012-03-13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50:20 . 2009-10-22 10:50:20]

2012-03-18 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-05 15:51:52 . 2011-07-05 15:51:37]

2012-03-18 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-05 15:51:52 . 2011-07-05 15:51:37]

2012-03-18 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1715567821-725345543-1004.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14:16 . 2011-11-08 15:14:16]

2012-03-18 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1715567821-725345543-1005.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14:16 . 2011-11-08 15:14:16]

2012-03-18 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1715567821-725345543-1006.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14:16 . 2011-11-08 15:14:16]

2012-03-18 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1715567821-725345543-1007.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14:16 . 2011-11-08 15:14:16]

2012-03-18 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1715567821-725345543-1004.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14:16 . 2011-11-08 15:14:16]

2012-03-14 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1715567821-725345543-1005.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14:16 . 2011-11-08 15:14:16]

2012-03-13 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1715567821-725345543-1006.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14:16 . 2011-11-08 15:14:16]

2012-03-14 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1715567821-725345543-1007.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14:16 . 2011-11-08 15:14:16]


------- Supplementary Scan -------

uStart Page = hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=fccdb60a000000000000002215d3ceac
mStart Page = hxxp://startsear.ch/?aff=1
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
LSP: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://google.sk/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109981
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.ovrDmn - isearch.babylon.com
FF - user.js: extensions.BabylonToolbar_i.id - fccdb60a000000000000002215d3ceac
FF - user.js: extensions.BabylonToolbar_i.hardId - fccdb60a000000000000002215d3ceac
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15409
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:56:06
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

- - - - ORPHANS REMOVED - - - -

HKCU-Run-ICQ - ~C:\Program Files\ICQ7.7\ICQ.exe
HKLM-Run-facemoods - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
HKLM-Run-fvmJCJEUlfbO.exe - C:\Documents and Settings\All Users\Application Data\fvmJCJEUlfbO.exe
SafeBoot-MsMpSvc
AddRemove-BFlix - C:\Program Files\BFlix\uninstall.exe
AddRemove-Convert PDF To Image_is1 - C:\Program Files\Softinterface
AddRemove-CraftBukkit - C:\Documents and Settings\Mato\Desktop\minecraftserver\Uninstall.exe
AddRemove-facemoods - C:\Program Files\facemoods.com\facemoods\1.4.17.11\uninstall.exe
AddRemove-Floorball League_is1 - C:\Program Files\Prodigium Game Studios\Floorball League\unins000.exe
AddRemove-Language Teacher DEMO - C:\DOCUME~1\Ocino\LOCALS~1\Temp\UN32.EXE
AddRemove-NetDevil_LEGO_Universe_is1 - C:\Program Files\LEGO Software\LEGO Universe\installer\LEGO Universe\uninstall.exe
AddRemove-NSS - C:\PROGRA~1\NORTON~2\Engine\311~1.6\InstWrap.exe
AddRemove-PunkBusterSvc - C:\Program Files\EA Games\Battlefield Heroes\pbsvc_heroes.exe
AddRemove-RealPlayer 15.0 - c:\program files\real\realplayer\Update\r1puninst.exe
AddRemove-Ultra AVI Converter_is1 - C:\Program Files\Ultra AVI Converter\unins000.exe
AddRemove-01_Simmental - C:\Program Files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - C:\Program Files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - C:\Program Files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - C:\Program Files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - C:\Program Files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - C:\Program Files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - C:\Program Files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - C:\Program Files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - C:\Program Files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - C:\Program Files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - C:\Program Files\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - C:\Program Files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - C:\Program Files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - C:\Program Files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - C:\Program Files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - C:\Program Files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - C:\Program Files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - C:\Program Files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - C:\Program Files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - C:\Program Files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - C:\Program Files\Samsung\USB Drivers\25_escape\Uninstall.exe

[Rudy]

Ještě dočistíme. Otevřze poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
C:\WINDOWS\system32\JSSBB.bat
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
C:\Program Files\GridinSoft Trojan Killer
C:\Program Files\SweetIM
C:\Program Files\Google\Update

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1052:TCP"=-
"5000:UDP"=-

Driver:
Akamai
gupdate
gupdatem

Firefox::
FF - ProfilePath - C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.0.0&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109981
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.ovrDmn - isearch.babylon.com
FF - user.js: extensions.BabylonToolbar_i.id - fccdb60a000000000000002215d3ceac
FF - user.js: extensions.BabylonToolbar_i.hardId - fccdb60a000000000000002215d3ceac
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15409
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:56:06
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Uložte na plochu jako CFScript.txt.Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[BuXo]

Hotovo! už funguje aj RSIT

tu je aktuálny log:


Logfile of random's system information tool 1.09 (written by random/random)
Run by Mato at 2012-03-19 18:43:47
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 8 GB (10%) free of 80 GB
Total RAM: 2047 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:43:51, on 19.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PrintCtrl.exe
C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\real\realplayer\update\realsched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\WINDOWS\system32\PrintDisp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Valve\Steam\steam.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\32788R22FWJFW\cmd.3XE
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Mato\Desktop\Plocha\RSIT.exe
C:\Program Files\trend micro\Mato.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.babylon.com/?babsrc=HP_s ... 2215d3ceac
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [PrintDisp] C:\WINDOWS\system32\PrintDisp.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [RDReminder] C:\Program Files\RegClean Pro\RegCleanPro.exe -rem
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Mato\Local Settings\Application Data\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Exetender_298] "C:\Program Files\Frag Games\GPlayer.exe" /runonstartup (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Printer Control - ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM - C:\WINDOWS\system32\PrintCtrl.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe

--
End of file - 12761 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1715567821-725345543-1004.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1715567821-725345543-1005.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1715567821-725345543-1006.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1715567821-725345543-1007.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1715567821-725345543-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1715567821-725345543-1005.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1715567821-725345543-1006.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1715567821-725345543-1007.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://google.sk/"
prefs.js - "extensions.enabledItems" - "{800b5000-a755-47e1-992b-48a1c1357f07}:2, {DFF722C4-4A11-41A7-9939-C83A06B09897}:1.0, engine@conduit.com:3.2.5.2, {942cd1d4-9cc1-4d31-876a-ea8f489f7a59}:3.2.5.2, DTToolbar@toolbarnet.com:1.1.2.0185, {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2, toolbar@ask.com:3.11.3.15590, vshare@toolbar:1.0.2, {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3, {394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}:1.2.0, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16, {5b175400-2368-11de-8c30-0800200c9a66}:1.9, info@djzig.com:1.2.9"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... 2.0.0.0&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]
"Description"=ZoneAlarm Toolbar Api
"Path"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@idsoftware.com/QuakeLive]
"Description"=
"Path"=C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198]
"Description"=15.0.0.198
"Path"=c:\program files\real\realplayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@unity3d.com/UnityPlayer]
"Description"=Unity Player 2.5.5b4
"Path"=C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19]
"Description"=Veetle TV Core
"Path"=C:\Program Files\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files\Veetle\Player\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@virtools.com/3DviaPlayer]
"Description"=3Dvia Player For Mozilla Based Broswer
"Path"=C:\Program Files\Virtools\3D Life Player\npvirtools.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np32dsw.dll
npdeployJava1.dll
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
nppl3260.xpt
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpjplug.dll
npvsharetvplg.dll
npwachk.dll
nsjsrealplayerplugin.xpt
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
babylon.xml
dunaj-sk.xml
eBay.xml
fcmdSrch.xml
fcmdSrchstonicus.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\extensions\
plugin2@gameplaylabs.com
vshare@toolbar
{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
{5b175400-2368-11de-8c30-0800200c9a66}
{7b13ec3e-999a-4b70-b9cb-2617b8323822}
{800b5000-a755-47e1-992b-48a1c1357f07}
{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

C:\Documents and Settings\Mato\Application Data\Mozilla\Firefox\Profiles\onlthvrx.default\searchplugins\
askcom.xml
conduit.xml
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin.xml
startsear.xml
web-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
Babylon toolbar helper - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll [2011-08-14 270960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-11-27 425680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetPacks Browser Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-01-15 1330480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2011-08-17 1055808]
{98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll [2011-08-14 237680]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetPacks Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-01-15 1330480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-03 1848648]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-03-16 13670504]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-03-16 110696]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-12-14 47904]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-01-25 421160]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2011-07-11 74752]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"TkBellExe"=C:\Program Files\real\realplayer\update\realsched.exe [2011-11-27 296056]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2012-01-19 114992]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-02-28 1987976]
"PrintDisp"=C:\WINDOWS\system32\PrintDisp.exe [2011-02-19 826368]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"RDReminder"=C:\Program Files\RegClean Pro\RegCleanPro.exe [2010-11-27 2564480]
"Steam"=C:\Program Files\Valve\Steam\steam.exe [2012-01-04 1242448]
"Akamai NetSession Interface"=C:\Documents and Settings\Mato\Local Settings\Application Data\Akamai\netsession_win.exe [2012-02-02 3329824]
"KiesHelper"=C:\Program Files\Samsung\Kies\KiesHelper.exe [2011-06-24 941968]
"KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2011-06-24 3373968]
"KiesPDLR"=C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2011-06-24 20880]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdAuxService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdCoreService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\záloha\Program Files\Mozilla Firefox\firefox.exe"="D:\záloha\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\FIFA10\FIFA10.exe"="C:\Program Files\FIFA10\FIFA10.exe:*:Enabled:FIFA10"
"D:\HRY\FIFA11\Game\fifa.exe"="D:\HRY\FIFA11\Game\fifa.exe:*:Enabled:FIFA 11"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Mozilla Firefox\plugin-container.exe"="C:\Program Files\Mozilla Firefox\plugin-container.exe:*:Enabled:Plugin Container for Firefox"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe"="C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Microsoft Games\Age of Empires Online\Spartan.exe"="C:\Program Files\Microsoft Games\Age of Empires Online\Spartan.exe:*:Enabled:Age of Empires Online"
"C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe"="C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe:*:Enabled:SAMBC"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\PES2012\pes2012.exe"="D:\PES2012\pes2012.exe:*:Enabled:Pro Evolution Soccer 2012"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Documents and Settings\Mato\Local Settings\Application Data\Akamai\netsession_win.exe"="C:\Documents and Settings\Mato\Local Settings\Application Data\Akamai\netsession_win.exe:*:Disabled:netsession_win"
"C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\netsession_win.exe"="C:\Documents and Settings\Tomas\Local Settings\Application Data\Akamai\netsession_win.exe:*:Disabled:Akamai NetSession Client"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\fmanager12\Football Manager 2012\instalovane\fm.exe"="D:\fmanager12\Football Manager 2012\instalovane\fm.exe:*:Enabled:Football Manager 2012 12.0.2f230123"
"D:\Unreal Anthology\UT2004\System\UT2004.exe"="D:\Unreal Anthology\UT2004\System\UT2004.exe:*:Enabled:UT2004"
"C:\Program Files\Valve\Steam\Steam.exe"="C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\ICQ7.7\ICQ.exe"="C:\Program Files\ICQ7.7\ICQ.exe:*:Enabled:ICQ7.7"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\Documents and Settings\Mato\Application Data\GameRanger\GameRanger\GameRanger.exe"="C:\Documents and Settings\Mato\Application Data\GameRanger\GameRanger\GameRanger.exe:*:Enabled:GameRanger"
"C:\Documents and Settings\Tomas\My Documents\Preberanie\SweetImSetup.exe"="C:\Documents and Settings\Tomas\My Documents\Preberanie\SweetImSetup.exe:*:Enabled:SweetIM Installer"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold_Crusader_Extreme.exe"="C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold_Crusader_Extreme.exe:*:Enabled:Stronghold Crusader"
"C:\Program Files\Veetle\Player\VeetleNet.exe"="C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet"
"C:\Program Files\XTCS COUNTER STRIKE\XTCS-Counter-Strike-1.6-Final-Release\XTCS Counter-Strike 1.6 Final Release\cstrike.exe"="C:\Program Files\XTCS COUNTER STRIKE\XTCS-Counter-Strike-1.6-Final-Release\XTCS Counter-Strike 1.6 Final Release\cstrike.exe:*:Enabled:XTCS Counter-Strike 1.6 Final Release"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\Valve\Steam\SteamApps\buxo170\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\buxo170\counter-strike\hl.exe:*:Enabled:Counter-Strike"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.7\ICQ.exe"="C:\Program Files\ICQ7.7\ICQ.exe:*:Enabled:ICQ7.7"
"C:\Program Files\Veetle\Player\VeetleNet.exe"="C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

======List of files/folders created in the last 1 month======

2012-03-19 18:42:10 ----SD---- C:\32788R22FWJFW
2012-03-19 15:38:25 ----SHD---- C:\RECYCLER
2012-03-19 14:58:37 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2012-03-18 23:12:08 ----D---- C:\WINDOWS\temp
2012-03-18 23:11:51 ----A---- C:\ComboFix.txt
2012-03-18 21:41:49 ----D---- C:\ComboFix
2012-03-18 20:13:04 ----A---- C:\WINDOWS\zip.exe
2012-03-18 20:13:04 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-03-18 20:13:04 ----A---- C:\WINDOWS\SWSC.exe
2012-03-18 20:13:04 ----A---- C:\WINDOWS\SWREG.exe
2012-03-18 20:13:04 ----A---- C:\WINDOWS\sed.exe
2012-03-18 20:13:04 ----A---- C:\WINDOWS\PEV.exe
2012-03-18 20:13:04 ----A---- C:\WINDOWS\NIRCMD.exe
2012-03-18 20:13:04 ----A---- C:\WINDOWS\MBR.exe
2012-03-18 20:13:04 ----A---- C:\WINDOWS\grep.exe
2012-03-18 20:00:52 ----D---- C:\WINDOWS\ERDNT
2012-03-18 20:00:25 ----A---- C:\WINDOWS\system32\JSSBB.bat
2012-03-18 17:55:19 ----AD---- C:\Qoobox
2012-03-18 16:04:45 ----D---- C:\WINDOWS\system32\WCID
2012-03-18 15:51:45 ----A---- C:\WINDOWS\system32\drivers\PCTBD.sys
2012-03-18 15:51:45 ----A---- C:\WINDOWS\SGDetectionTool.dll
2012-03-18 15:51:45 ----A---- C:\WINDOWS\PCTBDRes.dll
2012-03-18 15:51:45 ----A---- C:\WINDOWS\PCTBDCore.dll
2012-03-18 15:51:45 ----A---- C:\WINDOWS\BDTSupport.dll
2012-03-18 15:50:30 ----A---- C:\WINDOWS\system32\drivers\pctgntdi.sys
2012-03-18 15:50:23 ----A---- C:\WINDOWS\system32\drivers\pctBTFix.sys
2012-03-18 15:50:20 ----A---- C:\WINDOWS\system32\drivers\pctplsg.sys
2012-03-18 15:50:14 ----D---- C:\Program Files\PC Tools
2012-03-18 15:36:46 ----A---- C:\WINDOWS\system32\drivers\pctEFA.sys
2012-03-18 15:36:46 ----A---- C:\WINDOWS\system32\drivers\pctDS.sys
2012-03-18 15:36:41 ----A---- C:\WINDOWS\system32\drivers\PCTCore.sys
2012-03-18 15:36:41 ----A---- C:\WINDOWS\system32\drivers\PCTAppEvent.sys
2012-03-18 15:36:40 ----D---- C:\Program Files\Common Files\PC Tools
2012-03-18 15:36:40 ----A---- C:\WINDOWS\system32\drivers\PCTSD.sys
2012-03-18 15:35:41 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2012-03-18 15:35:40 ----D---- C:\Documents and Settings\Mato\Application Data\TestApp
2012-03-18 11:36:53 ----D---- C:\Program Files\GridinSoft Trojan Killer
2012-03-14 22:20:22 ----DC---- C:\WINDOWS\$NtUninstallKB2641653$
2012-03-14 22:20:18 ----DC---- C:\WINDOWS\$NtUninstallKB2621440$
2012-03-14 22:20:12 ----DC---- C:\WINDOWS\$NtUninstallKB2647518$
2012-03-10 14:19:43 ----D---- C:\Documents and Settings\Mato\Application Data\Aspell
2012-03-10 14:18:35 ----A---- C:\WINDOWS\system32\SaveTo.dll
2012-03-10 14:18:17 ----A---- C:\WINDOWS\system32\PrintDisp.exe
2012-03-10 14:18:16 ----A---- C:\WINDOWS\system32\PrintCtrl.exe
2012-03-10 14:18:16 ----A---- C:\WINDOWS\system32\CPDF.dll
2012-03-10 14:18:16 ----A---- C:\WINDOWS\system32\ActPDF.dll
2012-03-10 14:18:12 ----A---- C:\WINDOWS\system32\ActPub.exe
2012-03-10 14:18:09 ----D---- C:\WINDOWS\Infix PDF
2012-03-10 14:18:09 ----A---- C:\WINDOWS\system32\SetupDrv.exe
2012-03-10 14:18:09 ----A---- C:\WINDOWS\system32\SetPrinter.exe
2012-03-10 14:18:09 ----A---- C:\WINDOWS\system32\PrtTools.exe
2012-03-10 14:18:09 ----A---- C:\WINDOWS\system32\PrtPass.exe
2012-03-10 14:18:09 ----A---- C:\WINDOWS\system32\PrtClient.exe
2012-03-10 14:18:09 ----A---- C:\WINDOWS\system32\PrintLog.exe
2012-03-10 14:18:03 ----D---- C:\Documents and Settings\All Users\Application Data\Iceni
2012-03-10 14:18:03 ----D---- C:\Documents and Settings\All Users\Application Data\Aspell
2012-03-10 14:18:01 ----D---- C:\Program Files\Iceni
2012-03-10 12:45:53 ----D---- C:\Documents and Settings\Mato\Application Data\CAD-KAS
2012-03-10 12:45:45 ----A---- C:\WINDOWS\cadkasdeinst01e.exe
2012-03-10 12:41:55 ----D---- C:\Program Files\AVI to MP4 Converter
2012-03-10 11:56:02 ----D---- C:\Program Files\Labels
2012-03-07 17:43:15 ----D---- C:\Documents and Settings\All Users\Application Data\PMB Files
2012-03-07 17:35:56 ----D---- C:\Program Files\Pando Networks
2012-03-05 02:06:09 ----A---- C:\WINDOWS\Robota.INI
2012-03-05 01:45:22 ----D---- C:\Documents and Settings\Mato\Application Data\MAGIX
2012-03-05 01:42:46 ----D---- C:\Program Files\MAGIX
2012-03-05 01:42:39 ----D---- C:\Program Files\MSXML 4.0
2012-03-05 01:42:31 ----D---- C:\Documents and Settings\All Users\Application Data\MAGIX
2012-03-05 01:42:29 ----D---- C:\Program Files\Common Files\MAGIX Services
2012-03-05 01:16:57 ----D---- C:\WINDOWS\system32\mem
2012-03-05 01:16:57 ----D---- C:\Program Files\Music Editing Master
2012-03-04 10:03:00 ----D---- C:\Program Files\NCSoft

======List of files/folders modified in the last 1 month======

2012-03-19 18:43:49 ----D---- C:\Program Files\trend micro
2012-03-19 18:40:10 ----D---- C:\Program Files\Common Files
2012-03-19 15:31:03 ----D---- C:\Program Files\Mozilla Firefox
2012-03-19 15:00:53 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-19 14:58:37 ----D---- C:\Program Files\Common Files\Akamai
2012-03-19 14:58:36 ----D---- C:\WINDOWS
2012-03-18 23:12:15 ----A---- C:\WINDOWS\ntbtlog.txt
2012-03-18 22:52:53 ----SD---- C:\WINDOWS\Tasks
2012-03-18 22:39:58 ----A---- C:\WINDOWS\system.ini
2012-03-18 22:37:03 ----D---- C:\WINDOWS\system32\drivers\etc
2012-03-18 22:34:27 ----RD---- C:\Program Files
2012-03-18 22:33:22 ----D---- C:\WINDOWS\system32
2012-03-18 22:21:39 ----D---- C:\WINDOWS\system32\drivers
2012-03-18 22:14:06 ----D---- C:\WINDOWS\AppPatch
2012-03-18 20:13:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-03-18 17:10:23 ----D---- C:\rsit
2012-03-18 16:06:20 ----D---- C:\WINDOWS\Prefetch
2012-03-18 11:37:11 ----D---- C:\WINDOWS\inf
2012-03-17 00:32:29 ----D---- C:\Documents and Settings\Mato\Application Data\Adobe
2012-03-14 22:20:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-03-14 22:20:22 ----D---- C:\WINDOWS\$hf_mig$
2012-03-14 22:20:20 ----A---- C:\WINDOWS\imsins.BAK
2012-03-14 22:19:33 ----D---- C:\Config.Msi
2012-03-14 22:19:31 ----SHD---- C:\WINDOWS\Installer
2012-03-14 22:19:29 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-03-11 01:48:01 ----D---- C:\Documents and Settings\Mato\Application Data\Skype
2012-03-10 13:56:07 ----A---- C:\user.js
2012-03-08 13:14:46 ----D---- C:\Documents and Settings\Mato\Application Data\ICQ
2012-03-06 07:14:05 ----D---- C:\WINDOWS\WinSxS
2012-03-05 01:44:48 ----RSD---- C:\WINDOWS\Fonts
2012-03-05 01:42:42 ----D---- C:\WINDOWS\Help
2012-03-05 01:17:10 ----SD---- C:\Documents and Settings\Mato\Application Data\Microsoft
2012-03-04 10:03:00 ----D---- C:\Program Files\InstallShield Installation Information
2012-03-01 09:38:30 ----D---- C:\Program Files\LogMeIn Hamachi
2012-02-26 12:31:10 ----D---- C:\Documents and Settings\Mato\Application Data\.minecraft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvgts;nvgts; C:\WINDOWS\system32\DRIVERS\nvgts.sys [2010-04-09 168040]
R0 PCTCore;PCTools KDS; C:\WINDOWS\system32\drivers\PCTCore.sys [2011-11-14 331880]
R0 pctDS;PC Tools Data Store; C:\WINDOWS\system32\drivers\pctDS.sys [2011-12-01 342168]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-12-23 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 PCTSD;PC Tools Spyware Doctor Driver; C:\WINDOWS\System32\Drivers\PCTSD.sys [2012-02-24 185560]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
R2 X4HSEx_Pr298;X4HSEx_Pr298; \??\C:\Program Files\Frag Games\X4HSEx.Sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-01-22 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-03-15 10232352]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2010-03-04 70912]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2010-03-04 13824]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S1 MpKslb7bcfcd7;MpKslb7bcfcd7; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{400F6153-11D5-44AC-BF1D-C4BDC411FC76}\MpKslb7bcfcd7.sys []
S1 MpKslc18237df;MpKslc18237df; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{400F6153-11D5-44AC-BF1D-C4BDC411FC76}\MpKslc18237df.sys []
S3 agycobgt;agycobgt; C:\WINDOWS\system32\drivers\agycobgt.sys []
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\WINDOWS\System32\Drivers\ssadadb.sys [2010-12-21 30312]
S3 catchme;catchme; \??\C:\DOCUME~1\Mato\LOCALS~1\Temp\catchme.sys []
S3 dgderdrv;dgderdrv; C:\WINDOWS\System32\drivers\dgderdrv.sys [2011-06-07 20032]
S3 PCTBD;PC Tools Browser Defender Driver; C:\WINDOWS\System32\Drivers\PCTBD.sys [2011-09-28 56840]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-02-28 5888]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\ssadbus.sys [2011-06-02 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys [2011-06-02 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\WINDOWS\system32\DRIVERS\ssadmdm.sys [2011-06-02 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\ssadserd.sys [2011-06-02 114280]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2010-12-21 104648]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2010-12-21 14920]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2010-12-21 132424]
S3 sscdserd;SAMSUNG Mobile Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2010-12-21 110280]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-12-14 41984]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2009-01-30 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-01-05 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2010-11-15 217088]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 1373576]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2011-08-17 247872]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-03 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-03-16 154216]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-07-10 75136]
R2 Printer Control;Printer Control; C:\WINDOWS\system32\PrintCtrl.exe [2009-10-28 65536]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe [2012-02-24 402336]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-01-25 820008]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-02-17 550864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-05 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-05 136176]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe [2012-02-24 1117624]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-01-30 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Rudy]

Odinstalujte SweetIm. Jinak by mělo být čisto.

[BuXo]

Odinštalované, a ešte by som sa chcel spýtať že odvtedy čo som mal ten vírus mi google nechce načítať obrázky, v resp. načíta iba prvé 3 riadky, neviete prosím vás kde môže byť problém? Vďaka.

[Rudy]

Google web, nebo GoogleChrome?

[BuXo]

Google Web...

[Rudy]

OK. Dělá to v IE i Firefoxu?