Poprosim o kontrolu logu

Zpráva

dodo65 · #1 Příspěvek od **dodo65** » 22 čer 2012 09:15

Prosim o kontrolu logu.Dakujem.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Dodo at 2012-06-22 10:12:23
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 170 GB (71%) free of 238 GB
Total RAM: 3070 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:13:05, on 22. 6. 2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\system32\conime.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Samsung\AllShare\AllShareAgent.exe
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
D:\Program files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Download Manager\idman.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Users\Dodo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dodo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dodo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dodo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dodo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Dodo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dodo\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Stahovanie\Stahovanie IDM\RSIT.exe
C:\Program Files\trend micro\Dodo.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={F9FB45B6- ... 2012-05-23 17:08:12&v=11.1.1.7&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000. ... 26189794A0}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:20069
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RewardsArcade - {597A9974-8CB0-4f41-B61F-ED065738A397} - C:\Program Files\RewardsArcade\RewardsArcade.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: VDownloader Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AllShareAgent] C:\Program Files\Samsung\AllShare\AllShareAgent.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Dodo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Dodo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [UpdateMes] C:\Users\Dodo\AppData\Roaming\Updatem\update_days\zupdate.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\idman.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart (User 'Default user')
O4 - Startup: Orezávač obrazovky a spúšťač programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O8 - Extra context menu item: Stiahnuť s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stiahnuť s IDM všetky prepojenia - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.taobao.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

--
End of file - 11580 bytes

======Scheduled tasks folder======

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3674888874-2202282250-4280628811-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3674888874-2202282250-4280628811-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3674888874-2202282250-4280628811-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3674888874-2202282250-4280628811-1000UA.job
C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Dodo.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default

prefs.js - "browser.startup.homepage" - "http://home.sweetim.com/?crg=3.1010000. ... 26189794A0}"
prefs.js - "extensions.enabledItems" - "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3, {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:2.5.6.0, {3112ca9c-de6d-4884-a869-9855de68056c}:7.0.20100326W, {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {20a82645-c095-46ed-80e3-08825760534b}:0.0.0, {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, toolbar@ask.com:3.6.6.117, {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, engine@conduit.com:3.2.5.2, {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.7.1.3, {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2, {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, wrc@avast.com:7.0.1426, crossriderapp498@crossrider.com:0.76.37, {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31, mozilla_cc@internetdownloadmanager.com:7.3.16, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.4"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... =CTXXXX&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"crossriderapp498@crossrider.com"=C:\Users\Dodo\AppData\Local\RewardsArcade\498\Firefox

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=D:\Program files\Magic Video Converter\codec\real\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69]
"Description"=6.0.12.69
"Path"=D:\Program files\Magic Video Converter\codec\real\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
coFFPlgn.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nppl3260.xpt
npww.xpt
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
npnul32.dll
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
nprpjplug.dll
npww.dll
nsiqtscriptableplugin.xpt
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
avg-secure-search.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\
engine@conduit.com
plugin@yontoo.com
toolbar@ask.com
{3112ca9c-de6d-4884-a869-9855de68056c}
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
{ba14329e-9550-4989-b3f2-9732e92d17cc}
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
{EEE6C361-6118-11DC-9C72-001320C79847}
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\searchplugins\
conduit.xml
sweetim.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files\Internet Download Manager\IDMIECC.dll [2011-10-01 218544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-11-29 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{597A9974-8CB0-4f41-B61F-ED065738A397}]
RewardsArcade - C:\Program Files\RewardsArcade\RewardsArcade.dll [2011-11-03 528216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-03-08 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
Vuze Remote Toolbar - C:\Program Files\Vuze_Remote\tbVuze.dll [2010-06-13 2734688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
VDownloader Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-03-08 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetPacks Browser Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-04-24 1310000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
Yontoo - C:\Program Files\Yontoo\YontooIEClient.dll [2012-05-16 194928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_1.dll [2010-03-31 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_1.dll [2010-03-31 2349080]
{D4027C7F-154A-4066-A1AD-4243D8127440} - VDownloader Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]
{ba14329e-9550-4989-b3f2-9732e92d17cc} - Vuze Remote Toolbar - C:\Program Files\Vuze_Remote\tbVuze.dll [2010-06-13 2734688]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-11-29 3908192]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetPacks Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-04-24 1310000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2008-01-21 215552]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-07 4241512]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"AllShareAgent"=C:\Program Files\Samsung\AllShare\AllShareAgent.exe [2012-03-01 285072]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2012-02-16 114992]
"Sweetpacks Communicator"=C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe [2012-02-26 295728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=D:\Program files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"Google Update"=C:\Users\Dodo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-01 136176]
"ShowBatteryBar"=C:\Program Files\BatteryBar\ShowBatteryBar.exe [2009-05-28 90624]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"Facebook Update"=C:\Users\Dodo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-10 137536]
"UpdateMes"=C:\Users\Dodo\AppData\Roaming\Updatem\update_days\zupdate.exe [2012-03-30 30720]
"IDMan"=C:\Program Files\Internet Download Manager\idman.exe [2011-11-14 3437976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe [2008-04-01 266240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
C:\Windows\AsScrProlog.exe [2010-01-12 47672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\ASScrPro.exe [2010-01-12 33136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [2007-08-02 95504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2008-07-29 752168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
C:\Windows\Installer\{DC905847-D537-427F-BF91-47CC7ACCDE58}\_DF3A81D17C478A2A6C60A5.exe [2010-01-12 12862]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]

C:\Users\Dodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Orezávač obrazovky a spúšťač programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\wpdshserviceobj.dll [2009-10-01 87552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SolutoService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"EnableLUA"=2

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutorun"=0
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.FFDS"=ff_vfw.dll
"VIDC.HFYU"=huffyuv.dll
"VIDC.ZLIB"=avizlib.dll
"VIDC.CSCD"=camcodec.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"msacm.l3codecp"=l3codecp.acm
"vidc.tscc"=tsccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"msacm.sl_anet"=sl_anet.acm
"msacm.divxa32"=divxa32.acm
"msacm.vorbis"=vorbis.acm
"vidc.XVID"=xvidvfw.dll
"vidc.wmv3"=wmv9vcm.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-06-17 13:19:49 ----D---- C:\Program Files\Common Files\Skype
2012-06-13 16:56:53 ----A---- C:\Windows\system32\mshtmled.dll
2012-06-13 16:56:52 ----A---- C:\Windows\system32\iertutil.dll
2012-06-13 16:56:50 ----A---- C:\Windows\system32\ieUnatt.exe
2012-06-13 16:56:50 ----A---- C:\Windows\system32\ieui.dll
2012-06-13 16:56:49 ----A---- C:\Windows\system32\wininet.dll
2012-06-13 16:56:47 ----A---- C:\Windows\system32\url.dll
2012-06-13 16:56:46 ----A---- C:\Windows\system32\jscript.dll
2012-06-13 16:56:45 ----A---- C:\Windows\system32\jscript9.dll
2012-06-13 16:56:44 ----A---- C:\Windows\system32\jsproxy.dll
2012-06-13 16:56:42 ----A---- C:\Windows\system32\urlmon.dll
2012-06-13 16:56:37 ----A---- C:\Windows\system32\mshtml.dll
2012-06-13 16:56:34 ----A---- C:\Windows\system32\ieframe.dll
2012-06-13 16:21:04 ----A---- C:\Windows\system32\crypt32.dll
2012-06-13 16:21:03 ----A---- C:\Windows\system32\cryptsvc.dll
2012-06-13 16:21:03 ----A---- C:\Windows\system32\cryptnet.dll
2012-06-13 16:20:34 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-06-13 16:20:32 ----A---- C:\Windows\system32\win32k.sys
2012-05-24 12:08:28 ----D---- C:\Users\Dodo\AppData\Roaming\8A7D7E9D-76B1-4AFA-965D-8486AB7E139B
2012-05-23 17:37:24 ----D---- C:\Program Files\PowerQuest
2012-05-23 17:09:26 ----D---- C:\ProgramData\IObit
2012-05-23 17:09:13 ----D---- C:\Users\Dodo\AppData\Roaming\IObit
2012-05-23 17:09:00 ----D---- C:\Program Files\IObit
2012-05-23 17:07:18 ----HD---- C:\ProgramData\Common Files
2012-05-23 15:06:15 ----D---- C:\Program Files\TeamViewer
2012-05-23 13:34:36 ----D---- C:\Users\Dodo\AppData\Roaming\Acronis
2012-05-23 13:33:05 ----A---- C:\Windows\system32\drivers\timntr.sys
2012-05-23 13:31:14 ----A---- C:\Windows\system32\drivers\vididr.sys
2012-05-23 13:31:12 ----A---- C:\Windows\system32\drivers\vsflt53.sys

======List of files/folders modified in the last 1 month======

2012-06-22 10:12:42 ----D---- C:\Windows\Prefetch
2012-06-22 10:12:34 ----D---- C:\Windows\temp
2012-06-22 10:12:33 ----D---- C:\Program Files\trend micro
2012-06-22 10:12:09 ----D---- C:\Users\Dodo\AppData\Roaming\Skype
2012-06-22 09:59:59 ----D---- C:\Users\Dodo\AppData\Roaming\vlc
2012-06-21 18:50:10 ----D---- C:\Windows\System32
2012-06-21 18:50:10 ----D---- C:\Windows\inf
2012-06-21 18:50:10 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-06-21 14:00:30 ----SHD---- C:\System Volume Information
2012-06-17 13:20:06 ----SHD---- C:\Windows\Installer
2012-06-17 13:20:05 ----D---- C:\ProgramData\Skype
2012-06-17 13:20:04 ----HD---- C:\Config.Msi
2012-06-17 13:19:49 ----RD---- C:\Program Files\Skype
2012-06-17 13:19:49 ----D---- C:\Program Files\Common Files
2012-06-15 09:55:09 ----D---- C:\Windows\rescache
2012-06-15 09:48:12 ----D---- C:\Windows\Microsoft.NET
2012-06-15 09:47:33 ----RSD---- C:\Windows\assembly
2012-06-15 09:40:16 ----A---- C:\Windows\system32\acovcnt.exe
2012-06-15 09:35:50 ----D---- C:\Windows\system32\sk-SK
2012-06-15 09:35:40 ----D---- C:\Users\Dodo\AppData\Roaming\DMCache
2012-06-14 13:57:11 ----D---- C:\Windows\winsxs
2012-06-14 13:23:36 ----D---- C:\Windows\system32\catroot
2012-06-14 13:18:51 ----D---- C:\Windows\system32\migration
2012-06-14 13:18:51 ----D---- C:\Windows\system32\drivers
2012-06-14 13:18:51 ----D---- C:\Program Files\Internet Explorer
2012-06-13 17:07:56 ----A---- C:\Windows\system32\mrt.exe
2012-06-13 16:57:28 ----D---- C:\Windows\system32\catroot2
2012-06-12 20:05:13 ----D---- C:\Users\Dodo\AppData\Roaming\Azureus
2012-06-03 13:12:31 ----RD---- C:\Program Files
2012-05-25 11:12:25 ----D---- C:\Users\Dodo\AppData\Roaming\dvdcss
2012-05-24 12:08:22 ----D---- C:\ProgramData
2012-05-24 12:00:34 ----HD---- C:\Program Files\InstallShield Installation Information
2012-05-23 17:36:02 ----D---- C:\Program Files\Common Files\InstallShield
2012-05-23 17:16:13 ----D---- C:\Windows\system32\config
2012-05-23 13:46:54 ----D---- C:\Windows

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AsDsm;AsDsm; C:\Windows\system32\drivers\AsDsm.sys [2007-08-10 29752]
R0 lullaby;lullaby; C:\Windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-12-27 721904]
R0 vidsflt53;Acronis Disk Storage Filter (53); C:\Windows\system32\DRIVERS\vsflt53.sys [2012-05-23 83392]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2012-03-07 35672]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-03-07 612184]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-03-07 337880]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-03-07 53848]
R1 PQNTDrv;PQNTDrv; C:\Windows\system32\drivers\PQNTDrv.sys [2003-04-16 4228]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-03-07 20696]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
R2 IDMWFP;IDMWFP; C:\Windows\system32\DRIVERS\idmwfp.sys [2011-07-06 89376]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-10-20 50704]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-30 1184768]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-09-24 5161472]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-16 2156312]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2008-06-03 15928]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-11-11 47360]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2009-09-25 159232]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2008-09-09 48128]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2008-08-11 1752704]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-07-09 81960]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2008-05-13 100392]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-05-13 17320]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cpuz135;cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys []
S3 CRFILTER;USB Mass Storage Filter; C:\Windows\system32\DRIVERS\CRFILTER.sys [2008-04-07 6656]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 winusb;WinUsb Driver; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340); C:\Windows\system32\drivers\WPRO_40_1340.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2008-03-31 225280]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-09-24 172032]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-10-02 94208]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-07 44768]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-07-29 522792]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2009-07-24 189728]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 SamsungAllShareV2.0;Samsung AllShare PC; C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-03-02 25504]
R2 SBSDWSCService;SBSD Security Center Service; D:\Program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
R2 TeamViewer7;TeamViewer 7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-17 136176]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-06-05 160944]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-17 136176]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 SimpleSlideShowServer;SimpleSlideShowServer; C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [2012-03-02 27584]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]

-----------------EOF-----------------

#2 Příspěvek od **Mc_Murphy** » 22 čer 2012 11:42

Zdravím.

Vydž minutku, na logu se intenzivně pracuje. Obrázek

#3 Příspěvek od **Mc_Murphy** » 22 čer 2012 11:59

Nóó, řádně to máš zaflákané, jen co je pravda. Celá ZOO i s babkou pokladní.

Tak jdeme na to.

A doufám, že tentokrát prohlídku dokončíš, ne jako posledně s kolegyní motji.

Jako první odinstaluj Spybot - Search & Destroy. Program má svá nejlepší léta již dávno za sebou a není schopen čelit aktuálním hrozbám.

Také doporučuji svižně odinstalovat Advanced SystemCare 5 a následně i vše od IObit. Jsou to čínské šmejdy, které hledají nesmyslné a neexistující problémy. Tvůrci software ukradli databázi havěti jiné renomované společnosti a účinek na PC je spíše nulový až negativní.

Dále, pokud je tam najdeš, tak v nabídce Přidat nebo odebrat programy odinstaluj tyto toolbary:

BS Player Toolbar, VDownloader Toolbar, Vuze Remote Toolbar, Conduit Engine, SweetIM a SweetPacks Toolbar for Internet Explorer.

Toolbary (lišty prohlížečů) jsou veliká "zdržovadla" systému a v případě například Ask.com Toolbar, Conduit Engine a dalších se dá hovořit už i o havěti a Ty jich tam máš pěkně nechutnou sbírku.

Všechny tyto věci (které tam najdeš, některé tam být nemusí) odinstaluj a pak se vrhni na další postup.
ComboFix stáhni samozřejmě nový, ne že budeš používat ten, co Ti tam zůstal po poslední nedokončené prohlídce!!

PROSÍM, ČTI NÁVOD DŮKLADNĚ - TATO UTILITA MÁ VELKOU SCHOPNOST MAZAT A JE NUTNÉ JI APLIKOVAT JEN NA DOPORUČENÍ, JINAK TI MŮŽE JÍT SYSTÉM DO KYTEK

Stáhni a ulož na Plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypni všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary apod.
Vypni všechny běžící aplikace - ICQ, Skype, browsery, prostě všechny programy, ať běží pouze ComboFix.
Pokud máš Win XP, spusť pod účtem Správce/Administrator.
Pokud máš Win Vista či Win 7, klikni na ComboFix pravým myšítkem a dej Run As Administrator či Spustit jako správce.
Ihned po startu se zobrazí stránka s licenčním ujednáním - pokračuj kliknutím na [Ano].
Pokud Ti ComboFix nabídne instalaci Konzoly pro zotavení, tak souhlas.
Dále postupuj dle pokynů. Během scanu nech PC naprosto v klidu - nespouštěj žádné aplikace a neklikej do zobrazujícího se okna!
Scan by měl trvat cca 10 min, ale pokud bude PC hodne zaneseno, může se čas samozřejmě prodloužit.
Po dokončení scanu a případném restartu ComboFix zobrazí log, který případně najdeš v C:\ComboFix.txt. Jeho obsah mi sem vlož.
Detailní postup včetně obrázků najdeš zde: http://www.bleepingcomputer.com/combofi ... t-combofix

dodo65 · #4 Příspěvek od **dodo65** » 22 čer 2012 13:18

Hura uz som to vsetko spravil.Tu je ten log:

ComboFix 12-06-21.03 - Dodo . 06. 2012 14:00:00.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.3070.1674 [GMT 2:00]
Running from: d:\stahovanie\Stahovanie IDM\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\ASPG_icon.ico
c:\program files\RewardsArcade
c:\program files\RewardsArcade\appAPIinternalWrapper.js
c:\program files\RewardsArcade\fb.js
c:\program files\RewardsArcade\jquery.js
c:\program files\RewardsArcade\json.js
c:\program files\RewardsArcade\RewardsArcade.dll
c:\program files\RewardsArcade\RewardsArcade.exe
c:\program files\RewardsArcade\Uninstall.exe
c:\program files\RewardsArcade\UserConfirmation.exe
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-22 12:11 . 2012-06-22 12:11 -------- d-----w- c:\users\Dodo\AppData\Local\temp
2012-06-22 12:11 . 2012-06-22 12:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-20 10:03 . 2012-06-20 10:03 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{15D86C6F-07FB-402E-8CE0-DCEBFB310877}\offreg.dll
2012-06-19 17:11 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{15D86C6F-07FB-402E-8CE0-DCEBFB310877}\mpengine.dll
2012-06-17 11:19 . 2012-06-17 11:19 -------- d-----w- c:\program files\Common Files\Skype
2012-06-13 14:21 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 14:21 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 14:21 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 14:20 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 14:20 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-05-24 10:08 . 2012-05-24 10:08 -------- d-----w- c:\users\Dodo\AppData\Roaming\8A7D7E9D-76B1-4AFA-965D-8486AB7E139B
2012-05-23 15:37 . 2012-05-23 15:42 -------- d-----w- c:\program files\PowerQuest
2012-05-23 15:09 . 2012-05-23 15:09 -------- d-----w- c:\programdata\IObit
2012-05-23 15:09 . 2012-05-23 15:09 -------- d-----w- c:\users\Dodo\AppData\Roaming\IObit
2012-05-23 15:09 . 2012-05-23 15:09 -------- d-----w- c:\program files\IObit
2012-05-23 15:07 . 2012-05-23 15:07 -------- d--h--w- c:\programdata\Common Files
2012-05-23 13:06 . 2012-05-23 13:06 -------- d-----w- c:\program files\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-15 07:40 . 2010-01-12 11:50 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-05-23 11:33 . 2012-05-23 11:33 601408 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-05-23 11:31 . 2012-05-23 11:31 125472 ----a-w- c:\windows\system32\drivers\vididr.sys
2012-05-23 11:31 . 2012-05-23 11:31 83392 ----a-w- c:\windows\system32\drivers\vsflt53.sys
2012-04-03 08:16 . 2012-05-10 16:44 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-10 16:44 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39 . 2012-05-10 16:43 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-10 02:18 . 2010-07-12 13:35 2131336 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2008-07-01 19:28 . 2008-07-01 19:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2008-06-30 13:44 . 2010-01-12 13:26 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 17:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 14:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 90624]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Facebook Update"="c:\users\Dodo\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-01-10 137536]
"UpdateMes"="c:\users\Dodo\AppData\Roaming\Updatem\update_days\zupdate.exe" [2012-03-30 30720]
"IDMan"="c:\program files\Internet Download Manager\idman.exe" [2011-11-14 3437976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AllShareAgent"="c:\program files\Samsung\AllShare\AllShareAgent.exe" [2012-03-01 285072]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
.
c:\users\Dodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Orezávač obrazovky a spúšťač programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
backup=c:\windows\pss\FancyStart daemon.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
2008-03-31 23:09 266240 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2010-01-12 11:15 47672 ----a-w- c:\windows\AsScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2010-01-12 11:15 33136 ----a-w- c:\windows\ASScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 20:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 10:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
2007-08-02 21:08 95504 ----a-w- c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 09:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 10:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3674888874-2202282250-4280628811-1000Core.job
- c:\users\Dodo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-10 21:27]
.
2012-06-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3674888874-2202282250-4280628811-1000UA.job
- c:\users\Dodo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-10 21:27]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-17 10:25]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-17 10:25]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3674888874-2202282250-4280628811-1000Core.job
- c:\users\Dodo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-01 14:58]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3674888874-2202282250-4280628811-1000UA.job
- c:\users\Dodo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-01 14:58]
.
.
------- Supplementary Scan -------
.
uStart Page = https://isearch.avg.com/?cid={F9FB45B6- ... 2012-05-23 17:08&v=11.1.1.7&sap=hp
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={50BE4820-A334-11E1-A404-0026189794A0}
uInternet Settings,ProxyServer = 127.0.0.1:20069
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all with Free Download Manager
IE: Download selected with Free Download Manager
IE: Download video with Free Download Manager
IE: Download with Free Download Manager
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stiahnuť s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stiahnuť s IDM všetky prepojenia - c:\program files\Internet Download Manager\IEGetAll.htm
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
TCP: DhcpNameServer = 192.168.1.1 192.168.1.254
FF - ProfilePath - c:\users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={50BE4820-A334-11E1-A404-0026189794A0}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CTXXXX&q=
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 20069
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 20069
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 20069
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 20069
FF - prefs.js: network.proxy.type - 1
FF - user.js: extentions.y2layers.installId - 600e1144-0443-420b-ba39-c7ef56c2bc4b
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\BS_Player\tbBS_1.dll
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
BHO-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\BS_Player\tbBS_1.dll
Toolbar-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\BS_Player\tbBS_1.dll
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - c:\program files\BS_Player\tbBS_1.dll
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKU-Default-Run-Advanced SystemCare 5 - c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
SafeBoot-SolutoService
AddRemove-1ClickDownloader - c:\program files\1ClickDownload\uninst.exe
AddRemove-RewardsArcade - c:\program files\RewardsArcade\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-22 14:11
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Dodo\AppData\Local\Temp\catchme.dll 53248 bytes executable
C:\ADSM_PData_0150
C:\avast! sandbox
.
scan completed successfully
hidden files: 3
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"=hex:51,66,7a,6c,4c,1d,38,12,ab,6e,c5,
fa,46,55,6a,0f,f0,4a,56,85,a9,bc,fd,b1
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=hex:51,66,7a,6c,4c,1d,38,12,f0,31,07,
be,62,db,e7,0c,cc,e4,d4,72,ec,73,53,d8
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=hex:51,66,7a,6c,4c,1d,38,12,94,83,60,
bb,86,ad,dc,08,d0,28,de,c7,86,fa,1f,e8
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,35,c0,f5,
ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46,
04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{597A9974-8CB0-4F41-B61F-ED065738A397}"=hex:51,66,7a,6c,4c,1d,38,12,1a,9a,69,
5d,82,c2,2f,0a,c9,09,ae,46,52,66,e7,83
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EEE6C35C-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,32,c0,f5,
ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{10149DAF-506B-4488-8376-DF24F0185196}"=hex:51,66,7a,6c,4c,1d,38,12,c1,9e,07,
14,59,1e,e6,01,fc,60,9c,64,f5,46,15,82
"{768A0066-4952-458C-84EB-01F7DB4F63B2}"=hex:51,66,7a,6c,4c,1d,38,12,08,03,99,
72,60,07,e2,00,fb,fd,42,b7,de,11,27,a6
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:7a,a2,85,f9,f6,38,cd,01
.
[HKEY_USERS\S-1-5-21-3674888874-2202282250-4280628811-1000_Classes\CLSID\{02bb26df-951c-4609-93f4-f5a7ddba09c3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000a4
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3674888874-2202282250-4280628811-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):46,f6,2d,0f,44,86,c6,7f,aa,71,09,af,31,4c,8a,70,91,54,e6,c4,54,
3b,0a,fc,fb,02,6b,11,3c,de,5d,2c,1f,8e,ef,e5,35,e2,15,ee,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3674888874-2202282250-4280628811-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):58,b1,dd,4b,82,1c,32,62,c9,0d,a7,ae,b6,e1,12,7d,58,86,90,05,cb,
97,58,b2,55,b0,f1,4e,7b,97,60,8e,bb,d0,d2,24,18,15,e8,09,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3674888874-2202282250-4280628811-1000_Classes\CLSID\{8f7dc02d-5371-4402-9ab4-3099ec1c120d}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000016a
"Therad"=dword:00000018
.
Completion time: 2012-06-22 14:15:49
ComboFix-quarantined-files.txt 2012-06-22 12:15
ComboFix2.txt 2010-01-22 10:20
.
Pre-Run: 178 904 625 152 bytes free
Post-Run: 178 512 384 000 bytes free
.
- - End Of File - - FDAA02F8BE4699B6A3949201B82DFD6C

#5 Příspěvek od **Mc_Murphy** » 23 čer 2012 06:49

Následující soubory otestuj na stránkách VirusTotal.

c:\windows\system32\acovcnt.exe
c:\users\Dodo\AppData\Roaming\Updatem\update_days\zupdate.exe
c:\program files\Internet Download Manager\idman.exe
Klikni na [Choose File].
Soubor nehledej, jen vlož cestu souboru, který chci otestovat.
Klikni na [Scan it!].
Pokud na Tebe vyskočí obrazovka podobná té, co je níže, klikni na [Reanalyse]!
Výsledek všech tří analýz mi sem vlož (jako odkaz).

dodo65 · #6 Příspěvek od **dodo65** » 24 čer 2012 08:17

Ahoj.Tu su ti tri odkazy:

https://www.virustotal.com/file/aaf659e ... 340521533/

https://www.virustotal.com/file/01a11e2 ... 340521954/

https://www.virustotal.com/file/8da8372 ... 340522083/

#7 Příspěvek od **Mc_Murphy** » 24 čer 2012 13:20

Výborně, všechny tři soubory jsou čisté. Tak jdeme na dočištění.

Pokud jsi tak ještě neučinil, přesuň ComboFix na Plochu.

Otevři si Poznámkový blok (Start >> Spustit... (nebo Win+R) >> do okénka napiš notepad >> [Enter]).
Zkopíruj do něj tento script:

Kód: Vybrat vše

KillAll::

Driver::
AdobeARMservice
gupdate
gupdatem
SkypeUpdate

Folder::
c:\programdata\IObit
c:\users\Dodo\AppData\Roaming\IObit
c:\program files\IObit
c:\program files\Ask.com
c:\users\Dodo\AppData\Local\Facebook
c:\program files\SweetIM
C:\Program Files\Vuze_Remote
C:\Program Files\ConduitEngine

File::
c:\program files\Common Files\AskToolbarInstaller.exe
c:\users\Dodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orezávač obrazovky a spúšťač programu OneNote 2007.lnk
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3674888874-2202282250-4280628811-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3674888874-2202282250-4280628811-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3674888874-2202282250-4280628811-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3674888874-2202282250-4280628811-1000UA.job
C:\Program Files\BS_Player\tbBS_1.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=-
"Facebook Update"=-
"UpdateMes"=-
"IDMan"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"SunJavaUpdateSched"=-
"Sweetpacks Communicator"=-
[-HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
[-HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
[-HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000

DDS::
uStart Page = https://isearch.avg.com/?cid={F9FB45B6-D785-44AA-BA01-5E464B10AA66}&mid=2b60153a9afb47d0bd5ed16f5e737d53-fb7cc8d0fe449712f5bcb67225cf775a91fd345e&lang=en&ds=ft011&pr=sa&d=2012-05-23 17:08&v=11.1.1.7&sap=hp
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={50BE4820-A334-11E1-A404-0026189794A0}
uInternet Settings,ProxyServer = 127.0.0.1:20069
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com

Firefox::
FF - ProfilePath - c:\users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={50BE4820-A334-11E1-A404-0026189794A0}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... =CTXXXX&q=
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 20069
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 20069
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 20069
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 20069
FF - prefs.js: network.proxy.type - 1
FF - user.js: extentions.y2layers.installId - 600e1144-0443-420b-ba39-c7ef56c2bc4b
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
[HKEY_USERS\S-1-5-21-3674888874-2202282250-4280628811-1000_Classes\CLSID\{02bb26df-951c-4609-93f4-f5a7ddba09c3}]
[HKEY_USERS\S-1-5-21-3674888874-2202282250-4280628811-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[HKEY_USERS\S-1-5-21-3674888874-2202282250-4280628811-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
[HKEY_USERS\S-1-5-21-3674888874-2202282250-4280628811-1000_Classes\CLSID\{8f7dc02d-5371-4402-9ab4-3099ec1c120d}]

ClearJavaCache::

AtJob::

Reboot::

Ulož vytvořený TXT jako CFScript.txt
Přetáhni vytvořený CFScript.txt nad ComboFix a pusť (viz obrázek).
Po aplikaci scriptu (a případném restartu PC) na Tebe vyskočí log. Jeho obsah mi sem vlož.

Může se stát, že po aplikaci scriptu nenaběhnou Windows. V tom případě restartuj PC, hned při náběhu mačkej klávesu F8 a zvol Poslední známou konfiguraci.

dodo65 · #8 Příspěvek od **dodo65** » 24 čer 2012 13:39

Som to spravil ako si mi napisal a ziadny log nevyskocil.

dodo65 · #9 Příspěvek od **dodo65** » 24 čer 2012 14:07

Uz to vyskocilo:

ComboFix 12-06-23.06 - Dodo . 06. 2012 14:43:03.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.3070.1941 [GMT 2:00]
Running from: c:\users\Dodo\Desktop\ComboFix.exe
Command switches used :: c:\users\Dodo\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\BS_Player\tbBS_1.dll"
"c:\program files\Common Files\AskToolbarInstaller.exe"
"c:\users\Dodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orezávač obrazovky a spúšťač programu OneNote 2007.lnk"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3674888874-2202282250-4280628811-1000Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3674888874-2202282250-4280628811-1000UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3674888874-2202282250-4280628811-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3674888874-2202282250-4280628811-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_2c3d.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\IObit
c:\program files\IObit\Advanced SystemCare 5\UpdateHistory.txt
c:\program files\SweetIM
c:\program files\SweetIM\Communicator\mgcommon.dll
c:\program files\SweetIM\Communicator\mgcommunication.dll
c:\program files\SweetIM\Communicator\mgsimcommon.dll
c:\program files\SweetIM\Communicator\mgxml_wrapper.dll
c:\program files\SweetIM\Communicator\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files\SweetIM\Communicator\Microsoft.VC90.CRT\msvcm90.dll
c:\program files\SweetIM\Communicator\Microsoft.VC90.CRT\msvcp90.dll
c:\program files\SweetIM\Communicator\Microsoft.VC90.CRT\msvcr90.dll
c:\program files\SweetIM\Communicator\resources\sqlite\mgSqlite3.dll
c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe
c:\programdata\IObit
c:\users\Dodo\AppData\Local\Facebook
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\FacebookCrashHandler.exe
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdate.exe
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdateHelper.msi
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdate.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ar.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bg.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bn.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ca.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_cs.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_da.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_de.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_el.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en-GB.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es-419.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_et.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fa.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fi.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fil.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fr.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_gu.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hi.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hr.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hu.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_id.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_is.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_it.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_iw.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ja.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_kn.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ko.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lt.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lv.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ml.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_mr.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ms.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_nl.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_no.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_or.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pl.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-BR.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-PT.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ro.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ru.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sk.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sl.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sr.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sv.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ta.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_te.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_th.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_tr.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_uk.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ur.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_vi.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-CN.dll
c:\users\Dodo\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-TW.dll
c:\users\Dodo\AppData\Local\Facebook\Update\FacebookUpdate.exe
c:\users\Dodo\AppData\Local\Facebook\Video\Common\FacebookVideoCalling
c:\users\Dodo\AppData\Local\Facebook\Video\Common\fb#3aac6acyq6crsgqzh8e8p_z22efnu1yfe0f-y3thwm2k2xj5dd753uxtuqphvxkscws6a\config.lck
c:\users\Dodo\AppData\Local\Facebook\Video\Common\fb#3aac6acyq6crsgqzh8e8p_z22efnu1yfe0f-y3thwm2k2xj5dd753uxtuqphvxkscws6a\config.xml
c:\users\Dodo\AppData\Local\Facebook\Video\Common\fb#3aac6acyq6crsgqzh8e8p_z22efnu1yfe0f-y3thwm2k2xj5dd753uxtuqphvxkscws6a\contactgroup256.dbb
c:\users\Dodo\AppData\Local\Facebook\Video\Common\fb#3aac6acyq6crsgqzh8e8p_z22efnu1yfe0f-y3thwm2k2xj5dd753uxtuqphvxkscws6a\index2.dat
c:\users\Dodo\AppData\Local\Facebook\Video\Common\fb#3aac6acyq6crsgqzh8e8p_z22efnu1yfe0f-y3thwm2k2xj5dd753uxtuqphvxkscws6a\main.lock
c:\users\Dodo\AppData\Local\Facebook\Video\Common\fb#3aac6acyq6crsgqzh8e8p_z22efnu1yfe0f-y3thwm2k2xj5dd753uxtuqphvxkscws6a\profile256.dbb
c:\users\Dodo\AppData\Local\Facebook\Video\Common\shared.lck
c:\users\Dodo\AppData\Local\Facebook\Video\Common\shared.xml
c:\users\Dodo\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
c:\users\Dodo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
c:\users\Dodo\AppData\Local\Facebook\Video\Skype\third-party_attributions.txt
c:\users\Dodo\AppData\Roaming\IObit
c:\users\Dodo\AppData\Roaming\IObit\Advanced SystemCare V5\ignore.ini
c:\users\Dodo\AppData\Roaming\IObit\Advanced SystemCare V5\Main.Ini
c:\users\Dodo\AppData\Roaming\IObit\Uninstall Programs.lnk
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeARMservice
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))
.
.
2012-06-24 12:54 . 2012-06-24 12:58 -------- d-----w- c:\users\Dodo\AppData\Local\temp
2012-06-24 12:54 . 2012-06-24 12:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 10:33 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32CDFFB1-E7EF-490A-959A-627B347FD04E}\mpengine.dll
2012-06-22 13:05 . 2012-06-22 13:06 -------- d-----w- C:\TEMP
2012-06-17 11:19 . 2012-06-17 11:19 -------- d-----w- c:\program files\Common Files\Skype
2012-06-13 14:21 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 14:21 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 14:21 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 14:20 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 14:20 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 12:35 . 2010-01-12 11:50 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-05-23 11:33 . 2012-05-23 11:33 601408 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-05-23 11:31 . 2012-05-23 11:31 125472 ----a-w- c:\windows\system32\drivers\vididr.sys
2012-05-23 11:31 . 2012-05-23 11:31 83392 ----a-w- c:\windows\system32\drivers\vsflt53.sys
2012-04-03 08:16 . 2012-05-10 16:44 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-10 16:44 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39 . 2012-05-10 16:43 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-10 02:18 . 2010-07-12 13:35 2131336 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2008-07-01 19:28 . 2008-07-01 19:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2008-06-30 13:44 . 2010-01-12 13:26 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 17:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 14:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 90624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"AllShareAgent"="c:\program files\Samsung\AllShare\AllShareAgent.exe" [2012-03-01 285072]
.
c:\users\Dodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Orezávač obrazovky a spúšťač programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 10:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-17 10:25]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-17 10:25]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3674888874-2202282250-4280628811-1000Core.job
- c:\users\Dodo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-01 14:58]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3674888874-2202282250-4280628811-1000UA.job
- c:\users\Dodo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-01 14:58]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all with Free Download Manager
IE: Download selected with Free Download Manager
IE: Download video with Free Download Manager
IE: Download with Free Download Manager
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stiahnuť s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stiahnuť s IDM všetky prepojenia - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.254
FF - ProfilePath - c:\users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1536)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\663112d3002034cf5126be253efff60d\System.Web.Services.ni.dll
c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\windows\system32\atieclxx.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\windows\system32\WLANExt.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Completion time: 2012-06-24 15:06:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-24 13:06
ComboFix2.txt 2012-06-22 12:15
ComboFix3.txt 2010-01-22 10:20
.
Pre-Run: 181 090 521 088 bytes free
Post-Run: 180 853 805 056 bytes free
.
- - End Of File - - 131454924646AE20D4D0EE28DB205C9F

#10 Příspěvek od **Mc_Murphy** » 24 čer 2012 15:12

To chce trošku trpělivosti.

Jak se teď chová počítač?

dodo65 · #11 Příspěvek od **dodo65** » 24 čer 2012 15:17

Uz je to ok.Dakujem.

#12 Příspěvek od **Mc_Murphy** » 24 čer 2012 17:24

OK, to rád slyším.

Vygeneruj mi prosím nový aktuální log ze RSITu, ať se mrknu, jestli Ti tam ještě něco nezůstalo.

dodo65 · #13 Příspěvek od **dodo65** » 24 čer 2012 18:06

Tu je to:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Dodo at 2012-06-24 19:05:31
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 173 GB (72%) free of 238 GB
Total RAM: 3070 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:06:00, on 24. 6. 2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Dodo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dodo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dodo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dodo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dodo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dodo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Dodo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\SearchFilterHost.exe
D:\Stahovanie\Stahovanie IDM\RSIT.exe
C:\Program Files\trend micro\Dodo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [AllShareAgent] C:\Program Files\Samsung\AllShare\AllShareAgent.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
O4 - Startup: Orezávač obrazovky a spúšťač programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stiahnuť s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stiahnuť s IDM všetky prepojenia - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

--
End of file - 6477 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3674888874-2202282250-4280628811-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3674888874-2202282250-4280628811-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default

prefs.js - "extensions.enabledItems" - "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3, {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:2.5.6.0, {3112ca9c-de6d-4884-a869-9855de68056c}:7.0.20100326W, {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {20a82645-c095-46ed-80e3-08825760534b}:0.0.0, {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, toolbar@ask.com:3.6.6.117, {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, engine@conduit.com:3.2.5.2, {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.7.1.3, {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2, {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, wrc@avast.com:7.0.1426, crossriderapp498@crossrider.com:0.76.37, {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31, mozilla_cc@internetdownloadmanager.com:7.3.16, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.4"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"crossriderapp498@crossrider.com"=C:\Users\Dodo\AppData\Local\RewardsArcade\498\Firefox

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=D:\Program files\Magic Video Converter\codec\real\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69]
"Description"=6.0.12.69
"Path"=D:\Program files\Magic Video Converter\codec\real\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
coFFPlgn.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nppl3260.xpt
npww.xpt
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
npnul32.dll
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
nprpjplug.dll
npww.dll
nsiqtscriptableplugin.xpt
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
avg-secure-search.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\
engine@conduit.com
plugin@yontoo.com
toolbar@ask.com
{3112ca9c-de6d-4884-a869-9855de68056c}
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
{ba14329e-9550-4989-b3f2-9732e92d17cc}
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
{EEE6C361-6118-11DC-9C72-001320C79847}
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\searchplugins\
conduit.xml
sweetim.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files\Internet Download Manager\IDMIECC.dll [2011-10-01 218544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-03-08 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-03-08 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2008-01-21 215552]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-07 4241512]
"AllShareAgent"=C:\Program Files\Samsung\AllShare\AllShareAgent.exe [2012-03-01 285072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ShowBatteryBar"=C:\Program Files\BatteryBar\ShowBatteryBar.exe [2009-05-28 90624]

C:\Users\Dodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Orezávač obrazovky a spúšťač programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\wpdshserviceobj.dll [2009-10-01 87552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"EnableLUA"=2

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutorun"=0
"NoDriveTypeAutoRun"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.FFDS"=ff_vfw.dll
"VIDC.HFYU"=huffyuv.dll
"VIDC.ZLIB"=avizlib.dll
"VIDC.CSCD"=camcodec.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"msacm.l3codecp"=l3codecp.acm
"vidc.tscc"=tsccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"msacm.sl_anet"=sl_anet.acm
"msacm.divxa32"=divxa32.acm
"msacm.vorbis"=vorbis.acm
"vidc.XVID"=xvidvfw.dll
"vidc.wmv3"=wmv9vcm.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-06-24 15:06:14 ----A---- C:\ComboFix.txt
2012-06-24 14:58:51 ----SHD---- C:\$RECYCLE.BIN
2012-06-24 14:54:10 ----D---- C:\Windows\temp
2012-06-24 14:40:46 ----D---- C:\ComboFix
2012-06-22 15:05:58 ----D---- C:\TEMP
2012-06-17 13:19:49 ----D---- C:\Program Files\Common Files\Skype
2012-06-13 16:56:53 ----A---- C:\Windows\system32\mshtmled.dll
2012-06-13 16:56:52 ----A---- C:\Windows\system32\iertutil.dll
2012-06-13 16:56:50 ----A---- C:\Windows\system32\ieUnatt.exe
2012-06-13 16:56:50 ----A---- C:\Windows\system32\ieui.dll
2012-06-13 16:56:49 ----A---- C:\Windows\system32\wininet.dll
2012-06-13 16:56:47 ----A---- C:\Windows\system32\url.dll
2012-06-13 16:56:46 ----A---- C:\Windows\system32\jscript.dll
2012-06-13 16:56:45 ----A---- C:\Windows\system32\jscript9.dll
2012-06-13 16:56:44 ----A---- C:\Windows\system32\jsproxy.dll
2012-06-13 16:56:42 ----A---- C:\Windows\system32\urlmon.dll
2012-06-13 16:56:37 ----A---- C:\Windows\system32\mshtml.dll
2012-06-13 16:56:34 ----A---- C:\Windows\system32\ieframe.dll
2012-06-13 16:21:04 ----A---- C:\Windows\system32\crypt32.dll
2012-06-13 16:21:03 ----A---- C:\Windows\system32\cryptsvc.dll
2012-06-13 16:21:03 ----A---- C:\Windows\system32\cryptnet.dll
2012-06-13 16:20:34 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-06-13 16:20:32 ----A---- C:\Windows\system32\win32k.sys

======List of files/folders modified in the last 1 month======

2012-06-24 19:05:49 ----D---- C:\Windows\Prefetch
2012-06-24 19:05:40 ----D---- C:\Program Files\trend micro
2012-06-24 19:04:40 ----D---- C:\Users\Dodo\AppData\Roaming\Skype
2012-06-24 15:06:23 ----D---- C:\Windows\system32\drivers
2012-06-24 15:06:23 ----D---- C:\Qoobox
2012-06-24 15:05:27 ----D---- C:\Windows\System32
2012-06-24 15:05:27 ----D---- C:\Windows\inf
2012-06-24 15:05:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-06-24 15:03:56 ----D---- C:\Windows\Tasks
2012-06-24 14:58:32 ----D---- C:\Windows
2012-06-24 14:58:32 ----A---- C:\Windows\system.ini
2012-06-24 14:58:19 ----D---- C:\Windows\system32\drivers\etc
2012-06-24 14:54:37 ----D---- C:\Windows\system32\config
2012-06-24 14:54:19 ----D---- C:\Windows\ERDNT
2012-06-24 14:53:09 ----D---- C:\ProgramData
2012-06-24 14:53:08 ----RD---- C:\Program Files
2012-06-24 14:48:49 ----D---- C:\Windows\AppPatch
2012-06-24 14:48:45 ----D---- C:\Program Files\Common Files
2012-06-24 14:40:30 ----D---- C:\Users\Dodo\AppData\Roaming\DMCache
2012-06-24 14:35:02 ----A---- C:\Windows\system32\acovcnt.exe
2012-06-24 14:29:25 ----D---- C:\Users\Dodo\AppData\Roaming\Azureus
2012-06-24 09:09:55 ----SHD---- C:\System Volume Information
2012-06-22 18:03:21 ----D---- C:\Config.Msi
2012-06-22 13:51:43 ----SHD---- C:\Windows\Installer
2012-06-22 13:51:23 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-06-22 13:37:27 ----D---- C:\ProgramData\SweetIM
2012-06-22 13:26:40 ----D---- C:\Windows\system32\Tasks
2012-06-22 09:59:59 ----D---- C:\Users\Dodo\AppData\Roaming\vlc
2012-06-17 13:20:05 ----D---- C:\ProgramData\Skype
2012-06-17 13:19:49 ----RD---- C:\Program Files\Skype
2012-06-15 09:55:09 ----D---- C:\Windows\rescache
2012-06-15 09:48:12 ----D---- C:\Windows\Microsoft.NET
2012-06-15 09:47:33 ----RSD---- C:\Windows\assembly
2012-06-15 09:35:50 ----D---- C:\Windows\system32\sk-SK
2012-06-14 13:57:11 ----D---- C:\Windows\winsxs
2012-06-14 13:23:36 ----D---- C:\Windows\system32\catroot
2012-06-14 13:18:51 ----D---- C:\Windows\system32\migration
2012-06-14 13:18:51 ----D---- C:\Program Files\Internet Explorer
2012-06-13 17:07:56 ----A---- C:\Windows\system32\mrt.exe
2012-06-13 16:57:28 ----D---- C:\Windows\system32\catroot2
2012-05-25 11:12:25 ----D---- C:\Users\Dodo\AppData\Roaming\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AsDsm;AsDsm; C:\Windows\system32\drivers\AsDsm.sys [2007-08-10 29752]
R0 lullaby;lullaby; C:\Windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-12-27 721904]
R0 vidsflt53;Acronis Disk Storage Filter (53); C:\Windows\system32\DRIVERS\vsflt53.sys [2012-05-23 83392]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2012-03-07 35672]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-03-07 612184]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-03-07 337880]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-03-07 53848]
R1 PQNTDrv;PQNTDrv; C:\Windows\system32\drivers\PQNTDrv.sys [2003-04-16 4228]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-03-07 20696]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
R2 IDMWFP;IDMWFP; C:\Windows\system32\DRIVERS\idmwfp.sys [2011-07-06 89376]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-10-20 50704]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-30 1184768]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-09-24 5161472]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-16 2156312]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2008-06-03 15928]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-11-11 47360]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2009-09-25 159232]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2008-09-09 48128]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2008-08-11 1752704]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-07-09 81960]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2008-05-13 100392]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-05-13 17320]
S3 cpuz135;cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys []
S3 CRFILTER;USB Mass Storage Filter; C:\Windows\system32\DRIVERS\CRFILTER.sys [2008-04-07 6656]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 winusb;WinUsb Driver; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340); C:\Windows\system32\drivers\WPRO_40_1340.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2008-03-31 225280]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-09-24 172032]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-10-02 94208]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-07 44768]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-07-29 522792]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2009-07-24 189728]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 SamsungAllShareV2.0;Samsung AllShare PC; C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-03-02 25504]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
R2 TeamViewer7;TeamViewer 7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 SimpleSlideShowServer;SimpleSlideShowServer; C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [2012-03-02 27584]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]

-----------------EOF-----------------

#14 Příspěvek od **Mc_Murphy** » 25 čer 2012 07:09

Tak ještě tam máme zbytečky, tak to promáznu.

Fixni v HJT níže uvedené položky.

Fixnout znamená, že spustíš HJT, zvolíš možnost [Do a system scan only] a zaškrtneš čtvereček vlevo od mnou vypsaných položek.
Poté klikneš na [Fix checked] a odsouhlasíš [ANO].
Položky, které v seznamu nenajdeš, prostě přeskoč.
HJT najdeš zde: C:\Program Files\trend micro\Dodo.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Dále stáhni utilitu OTM z jednoho z těchto odkazů:

Ulož ji na Plochu a dvojklikem spusť.

Do levého okna Paste Instructions for Items to be Moved zkopíruj tento script (pouze zelená písmenka v bílém poli!):

Kód: Vybrat vše

:Commands
[ClearAllRestorePoints]
[ResetHosts]
[Purity]
[EmptyTemp]
[EmptyFlash]

:Services
catchme
NBService
NMIndexingService

:Files
C:\$RECYCLE.BIN
C:\ProgramData\Spybot - Search & Destroy
C:\ProgramData\SweetIM
C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\engine@conduit.com
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\plugin@yontoo.com
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\toolbar@ask.com
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\searchplugins\conduit.xml
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\searchplugins\sweetim.xml
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3674888874-2202282250-4280628811-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3674888874-2202282250-4280628811-1000UA.job
C:\Users\Dodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orezávač obrazovky a spúšťač programu OneNote 2007.lnk
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-

Nyní klikni na tlačítko [MoveIt!], čímž vše spustíš.
Po restartu mi sem hoď log, který najdeš v C:\_OTM\MovedFiles\

dodo65 · #15 Příspěvek od **dodo65** » 25 čer 2012 09:47

Tak tu je vypis z OTM:

All processes killed
========== COMMANDS ==========

Restore point Set: OTM Restore Point
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dodo
->Temp folder emptied: 496 bytes
->Temporary Internet Files folder emptied: 1721149 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 48762926 bytes
->Google Chrome cache emptied: 439923020 bytes
->Flash cache emptied: 23843 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4283 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49225 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes
RecycleBin emptied: 781099050 bytes

Total Files Cleaned = 1 213,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Dodo
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

========== SERVICES/DRIVERS ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
Service NBService stopped successfully!
Service NBService deleted successfully!
Service NMIndexingService stopped successfully!
Service NMIndexingService deleted successfully!
========== FILES ==========
C:\$RECYCLE.BIN\S-1-5-21-3674888874-2202282250-4280628811-1000 folder moved successfully.
C:\$RECYCLE.BIN folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy folder moved successfully.
C:\ProgramData\SweetIM\Communicator\Logs folder moved successfully.
C:\ProgramData\SweetIM\Communicator\conf folder moved successfully.
C:\ProgramData\SweetIM\Communicator folder moved successfully.
C:\ProgramData\SweetIM folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\chrome\icons\default folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\chrome\icons folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} folder moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\META-INF folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\lib folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\chrome folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\mgtoolbarff\skin folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\mgtoolbarff\locale\nl-NL folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\mgtoolbarff\locale\it-IT folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\mgtoolbarff\locale\fr-FR folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\mgtoolbarff\locale\es-ES folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\mgtoolbarff\locale\en-US folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\mgtoolbarff\locale\de-DE folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\mgtoolbarff\locale folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\mgtoolbarff\content folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\mgtoolbarff folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\META-INF folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\defaults\preferences folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\defaults folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\components folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\chrome folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\lib folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\searchplugin folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\META-INF folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\lib folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\defaults folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}\chrome\skin folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}\chrome\content folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}\chrome folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE} folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\searchplugin folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\META-INF folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\lib folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\defaults folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\chrome folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\META-INF folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\lib folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\preferences folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\contenthandling folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\components folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-13-Jul-2010-07-36-41-GMT folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-12-Jul-2010-13-51-44-GMT folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\plugin@yontoo.com\skin folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\plugin@yontoo.com\META-INF folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\plugin@yontoo.com\locale\en-US folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\plugin@yontoo.com\locale folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\plugin@yontoo.com\defaults\preferences folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\plugin@yontoo.com\defaults folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\plugin@yontoo.com\content folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\plugin@yontoo.com folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions folder moved successfully.
Folder C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions not found.
Folder C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions not found.
File/Folder C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} not found.
File/Folder C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} not found.
File/Folder C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} not found.
File/Folder C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} not found.
File/Folder C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} not found.
File/Folder C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} not found.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\searchplugins\conduit.xml moved successfully.
C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\pec2pk04.default\searchplugins\sweetim.xml moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3674888874-2202282250-4280628811-1000Core.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3674888874-2202282250-4280628811-1000UA.job moved successfully.
C:\Users\Dodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orezávač obrazovky a spúšťač programu OneNote 2007.lnk moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2CDD.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2E03.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP337C.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP41B1.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C42.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6594.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8DBE.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8E4B.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA6CB.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA7E4.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAFEF.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB8E3.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC28.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD4AC.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD739.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE25E.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEFF.tmp folder moved successfully.
C:\Windows\Installer\MSIF7F3.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\4ddec568044c829f6f5e7c941a5ad7cf\BITE37E.tmp moved successfully.
C:\Windows\twain_32\hpqgnds2.tmp moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.

OTM by OldTimer - Version 3.1.21.0 log created on 06252012_102304

Files moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

VIRY.CZ

Poprosim o kontrolu logu

Poprosim o kontrolu logu

Re: Poprosim o kontrolu logu

Re: Poprosim o kontrolu logu

Re: Poprosim o kontrolu logu

Re: Poprosim o kontrolu logu

Re: Poprosim o kontrolu logu

Re: Poprosim o kontrolu logu

Re: Poprosim o kontrolu logu

Re: Poprosim o kontrolu logu

Re: Poprosim o kontrolu logu

Re: Poprosim o kontrolu logu

Re: Poprosim o kontrolu logu

Re: Poprosim o kontrolu logu

Re: Poprosim o kontrolu logu

Re: Poprosim o kontrolu logu