velice pomalé PC

[Karr]

Dobrý den, prosim o kontrolu logu
PC je velice pomalé, po každém kliknutí čekám i několik sekund, např. Firefox se otevře až po puůl minutě
Použil jsem CCleaner, smazal asi 150Mb, Kaspersky nic nenašel

Logfile of random's system information tool 1.09 (written by random/random)
Run by Karr at 2012-12-08 11:53:02
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 29 GB (77%) free of 38 GB
Total RAM: 1022 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:53:52, on 8.12.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
F:\programy\Kaspersky Internet Security 2011\instalace\avp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
F:\programy\Kaspersky Internet Security 2011\instalace\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
F:\programy\CDBurnerXP\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
F:\programy\Firefox\Mozilla Firefox\firefox.exe
F:\programy\Total Commander 7.56\totalcmd\TOTALCMD.EXE
e:\RSIT.exe
C:\Program Files\trend micro\Karr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\programy\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - F:\programy\Kaspersky Internet Security 2011\instalace\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\programy\OFFICE~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - F:\programy\Kaspersky Internet Security 2011\instalace\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [AVP] "F:\programy\Kaspersky Internet Security 2011\instalace\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "F:\programy\Alcohol.120.Retail.v2.0.1.2033.SU.WinAll.Cracked\instal\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [KB976002-v5] rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://F:\programy\OFFICE~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Přidat do Anti-Banner - F:\programy\Kaspersky Internet Security 2011\instalace\ie_banner_deny.htm
O9 - Extra button: &Virtuální klávesnice - {4248FE82-7FCB-46AC-B270-339F08212110} - F:\programy\Kaspersky Internet Security 2011\instalace\klwtbbho.dll
O9 - Extra button: K&ontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - F:\programy\Kaspersky Internet Security 2011\instalace\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\programy\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\programy\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: F:\programy\KASPER~1\INSTAL~1\kloehk.dll
O20 - Winlogon Notify: RailNotification - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Služba Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - F:\programy\Kaspersky Internet Security 2011\instalace\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMSAccess - Unknown owner - F:\programy\CDBurnerXP\CDBurnerXP\NMSAccessU.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

--
End of file - 8136 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-JARMILKA-Karr.job
C:\WINDOWS\tasks\AutoKMS.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Karr\Data aplikací\Mozilla\Firefox\Profiles\xy9hjc1m.default

prefs.js - "browser.startup.homepage" - "google.com"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"virtualKeyboard@kaspersky.ru"=F:\programy\Kaspersky Internet Security 2011\instalace\FFExt\virtualKeyboard@kaspersky.ru
"KavAntiBanner@Kaspersky.ru"=F:\programy\Kaspersky Internet Security 2011\instalace\FFExt\KavAntiBanner@kaspersky.ru
"linkfilter@kaspersky.ru"=F:\programy\Kaspersky Internet Security 2011\instalace\FFExt\linkfilter@kaspersky.ru


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=F:\programy\PDF-XChange.Viewer.Pro.v2.048.Multilingual\instal\PDF Viewer\npPDFXCviewNPPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37]
"Description"=
"Path"=C:\WINDOWS\system32\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=F:\programy\OFFICE~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=F:\programy\OFFICE~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=1.1.6]
"Description"=VLC Multimedia Plugin
"Path"=F:\programy\VLC player\VLC\npvlc.dll

F:\programy\Firefox\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
KavAntiBanner@kaspersky.ru_bak
linkfilter@kaspersky.ru_bak

F:\programy\Firefox\Mozilla Firefox\components\
browsercomps.dll
binary.manifest
nppl3260.xpt
nsJSRealPlayerPlugin.xpt
npCortona.xpt

F:\programy\Firefox\Mozilla Firefox\plugins\
npCortona.dll
np32dsw.dll
ShockwavePlugin.class
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
QuickTimePlugin.class
nppl3260.dll
nprpjplug.dll
np-mswmp.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
npPDFXCviewNPPlugin.dll

F:\programy\Firefox\Mozilla Firefox\searchplugins\
wikipedia-cz.xml
slunecnice-cz.xml
seznam-cz.xml
jyxo-cz.xml
heureka-cz.xml
google.xml

C:\Documents and Settings\Karr\Data aplikací\Mozilla\Firefox\Profiles\xy9hjc1m.default\extensions\
zigboom@ymail.com
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - F:\programy\SPYBOT~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - F:\programy\Kaspersky Internet Security 2011\instalace\ievkbd.dll [2010-10-05 68280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-11-14 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - F:\programy\OFFICE~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-11-14 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - F:\programy\Kaspersky Internet Security 2011\instalace\klwtbbho.dll [2010-10-05 191160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-11-14 79856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DWPersistentQueuedReporting"=C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [2010-02-28 519584]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-04-13 1808784]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-09-17 254896]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2011-03-14 2565520]
"CanonSolutionMenuEx"=C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [2011-08-04 1612920]
"AVP"=F:\programy\Kaspersky Internet Security 2011\instalace\avp.exe [2010-11-02 365336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AlcoholAutomount"=F:\programy\Alcohol.120.Retail.v2.0.1.2033.SU.WinAll.Cracked\instal\Alcohol 120\AxAutoMntSrv.exe [2010-08-20 33120]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="F:\programy\KASPER~1\INSTAL~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-06-27 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2010-10-05 228024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RailNotification]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2011-02-12 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2011-02-12 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2011-02-12 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\programy\uTorrent\instal\utorrent.exe"="F:\programy\uTorrent\instal\utorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.tscc"=tsccvid.dll
"msacm.l3codec"=l3codecp.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-12-08 11:53:03 ----D---- C:\Program Files\trend micro
2012-12-08 11:53:02 ----D---- C:\rsit
2012-12-01 12:55:57 ----A---- C:\WINDOWS\system32\drivers\klin.dat
2012-12-01 12:55:57 ----A---- C:\WINDOWS\system32\drivers\klick.dat
2012-12-01 12:53:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2012-12-01 12:53:15 ----A---- C:\WINDOWS\system32\drivers\klif.sys
2012-11-27 15:47:34 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonIJScan
2012-11-25 13:27:33 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonIJEGV
2012-11-25 13:02:30 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonIJEPPEX2
2012-11-25 13:02:30 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonEPP
2012-11-25 13:02:28 ----D---- C:\Documents and Settings\Karr\Data aplikací\Canon
2012-11-25 12:58:59 ----A---- C:\WINDOWS\system32\CNC_ASU.dll
2012-11-25 12:58:59 ----A---- C:\WINDOWS\system32\CNC_ASL.dll
2012-11-25 12:58:59 ----A---- C:\WINDOWS\system32\CNC_ASI.dll
2012-11-25 12:58:59 ----A---- C:\WINDOWS\system32\CNC_ASC.dll
2012-11-25 12:58:58 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2012-11-25 12:58:58 ----A---- C:\WINDOWS\system32\CNHMCA.dll
2012-11-25 12:48:47 ----D---- C:\Program Files\Common Files\CANON
2012-11-25 12:48:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJWSpt
2012-11-25 12:43:22 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
2012-11-25 12:42:49 ----A---- C:\WINDOWS\system32\CNMLMAS.DLL
2012-11-25 12:42:43 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2012-11-25 12:42:37 ----A---- C:\WINDOWS\system32\CNC_ASO.dll
2012-11-25 12:42:34 ----A---- C:\WINDOWS\system32\CNMIUAS.DLL
2012-11-25 12:42:24 ----HD---- C:\Program Files\CanonBJ
2012-11-25 12:42:10 ----D---- C:\WINDOWS\system32\STRING
2012-11-25 12:42:10 ----A---- C:\WINDOWS\system32\CNMNPUI.DLL
2012-11-25 12:42:10 ----A---- C:\WINDOWS\system32\CNMNPPM.DLL
2012-11-25 12:37:39 ----D---- C:\Program Files\Canon
2012-11-14 19:29:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Mozilla
2012-11-14 19:29:28 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-11-14 12:18:18 ----D---- C:\Program Files\Common Files\Java
2012-11-14 12:17:38 ----A---- C:\WINDOWS\system32\npdeployJava1.dll
2012-11-14 12:17:38 ----A---- C:\WINDOWS\system32\javaws.exe
2012-11-14 12:17:38 ----A---- C:\WINDOWS\system32\javaw.exe
2012-11-14 12:17:38 ----A---- C:\WINDOWS\system32\java.exe
2012-11-14 12:16:56 ----D---- C:\Program Files\Java
2012-11-14 12:14:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee

======List of files/folders modified in the last 1 month======

2012-12-08 11:53:07 ----D---- C:\WINDOWS\Prefetch
2012-12-08 11:53:03 ----RD---- C:\Program Files
2012-12-08 11:52:48 ----A---- C:\WINDOWS\wincmd.ini
2012-12-08 11:46:22 ----D---- C:\WINDOWS\Temp
2012-12-08 11:42:49 ----HD---- C:\WINDOWS\inf
2012-12-08 11:42:46 ----D---- C:\WINDOWS
2012-12-08 11:42:28 ----D---- C:\WINDOWS\system32\CatRoot2
2012-12-08 11:35:02 ----D---- C:\WINDOWS\Debug
2012-12-08 11:26:46 ----N---- C:\WINDOWS\SchedLgU.Txt
2012-12-08 11:26:33 ----D---- C:\Documents and Settings\Karr\Data aplikací\uTorrent
2012-12-01 13:09:25 ----SHD---- C:\System Volume Information
2012-12-01 13:09:16 ----D---- C:\WINDOWS\system32\drivers
2012-12-01 12:56:31 ----SHD---- C:\WINDOWS\Installer
2012-12-01 12:54:56 ----D---- C:\WINDOWS\system32
2012-12-01 12:50:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2012-11-25 12:59:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-11-25 12:59:00 ----D---- C:\WINDOWS\Media
2012-11-25 12:58:59 ----D---- C:\WINDOWS\twain_32
2012-11-25 12:48:47 ----D---- C:\Program Files\Common Files
2012-11-24 12:12:36 ----D---- C:\Program Files\Microsoft Silverlight
2012-11-23 17:14:51 ----A---- C:\moduleName.txt
2012-11-14 12:17:02 ----A---- C:\WINDOWS\system32\deployJava1.dll
2012-11-12 22:45:22 ----A---- C:\WINDOWS\winamp.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 gagp30kx;Filtr Microsoft Generic AGPv3.0 pro procesorovou platformu K8; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-14 46464]
R0 KL1;kl1; C:\WINDOWS\system32\DRIVERS\kl1.sys [2010-06-09 132184]
R0 mv61xxmm;mv61xxmm; C:\WINDOWS\system32\drivers\mv61xxmm.sys [2011-02-12 13616]
R0 mv64xxmm;mv64xxmm; C:\WINDOWS\system32\drivers\mv64xxmm.sys [2011-02-12 5632]
R0 mvxxmm;mvxxmm; C:\WINDOWS\system32\drivers\mvxxmm.sys [2011-02-12 13616]
R0 siside;siside; C:\WINDOWS\system32\DRIVERS\siside.sys [2003-03-25 4096]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-05-31 436792]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-02 36864]
R1 kl2;kl2; C:\WINDOWS\system32\DRIVERS\kl2.sys [2010-06-09 11352]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2012-12-01 475736]
R2 rspndr;Odpovídající zařízení zjišťování topologie linkové vrstvy; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2011-02-12 62848]
R2 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 5504]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-06-27 2303488]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2010-05-07 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-11-02 19472]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2008-04-13 32768]
S1 DumpDrv;Crash Dump Driver; C:\WINDOWS\system32\drivers\DumpDrv.sys [2011-02-12 9472]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 ahv87jxs;ahv87jxs; C:\WINDOWS\system32\drivers\ahv87jxs.sys []
S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]
S3 FXDRV;FXDRV; \??\G:\Fxdrv.sys []
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2011-04-13 40984]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-22 32384]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VIAudio;Zvukový řadič VIA AC'97 (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2008-04-13 84480]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2011-02-12 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2011-02-12 82944]
S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2011-02-12 133632]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-06-27 483328]
R2 AVP;Služba Kaspersky Anti-Virus; F:\programy\Kaspersky Internet Security 2011\instalace\avp.exe [2010-11-02 365336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-11-14 153584]
R2 NMSAccess;NMSAccess; F:\programy\CDBurnerXP\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 WDDMService;WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 238592]
R2 WDFME;WD File Management Engine; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1060864]
R2 WDSC;WD File Management Shadow Engine; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 484352]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2011-02-12 439808]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-06-29 520192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-11-14 129976]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2011-02-12 14848]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2011-02-12 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2011-02-12 14848]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Rudy]

Zdravím!
Nejprve odinstalujte cracklé Office. Toto fórum nepodporuje softwarové pirátství. Po odinstalaci dejte nový log RSIT.

[Karr]

omlouvám se, toto není moje pc, přesto jsem office odstranil a nahradim je openoffice
samotná odinstalace trvala skoro hodinu, použil jsem opět ccleaner

Logfile of random's system information tool 1.09 (written by random/random)
Run by Karr at 2012-12-08 13:43:27
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 29 GB (76%) free of 38 GB
Total RAM: 1022 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:44:06, on 8.12.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
F:\programy\Kaspersky Internet Security 2011\instalace\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
F:\programy\CDBurnerXP\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
F:\programy\Total Commander 7.56\totalcmd\TOTALCMD.EXE
F:\programy\Kaspersky Internet Security 2011\instalace\avp.exe
f:\programy\RSIT_skener_viry.cz\RSIT.exe
C:\Program Files\trend micro\Karr.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\programy\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - F:\programy\Kaspersky Internet Security 2011\instalace\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - F:\programy\Kaspersky Internet Security 2011\instalace\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [AVP] "F:\programy\Kaspersky Internet Security 2011\instalace\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "F:\programy\Alcohol.120.Retail.v2.0.1.2033.SU.WinAll.Cracked\instal\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [KB976002-v5] rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://F:\programy\OFFICE~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Přidat do Anti-Banner - F:\programy\Kaspersky Internet Security 2011\instalace\ie_banner_deny.htm
O9 - Extra button: &Virtuální klávesnice - {4248FE82-7FCB-46AC-B270-339F08212110} - F:\programy\Kaspersky Internet Security 2011\instalace\klwtbbho.dll
O9 - Extra button: K&ontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - F:\programy\Kaspersky Internet Security 2011\instalace\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\programy\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\programy\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: F:\programy\KASPER~1\INSTAL~1\kloehk.dll
O20 - Winlogon Notify: RailNotification - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Služba Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - F:\programy\Kaspersky Internet Security 2011\instalace\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMSAccess - Unknown owner - F:\programy\CDBurnerXP\CDBurnerXP\NMSAccessU.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

--
End of file - 7945 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-JARMILKA-Karr.job
C:\WINDOWS\tasks\AutoKMS.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Karr\Data aplikací\Mozilla\Firefox\Profiles\xy9hjc1m.default

prefs.js - "browser.startup.homepage" - "google.com"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"virtualKeyboard@kaspersky.ru"=F:\programy\Kaspersky Internet Security 2011\instalace\FFExt\virtualKeyboard@kaspersky.ru
"KavAntiBanner@Kaspersky.ru"=F:\programy\Kaspersky Internet Security 2011\instalace\FFExt\KavAntiBanner@kaspersky.ru
"linkfilter@kaspersky.ru"=F:\programy\Kaspersky Internet Security 2011\instalace\FFExt\linkfilter@kaspersky.ru


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=F:\programy\PDF-XChange.Viewer.Pro.v2.048.Multilingual\instal\PDF Viewer\npPDFXCviewNPPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37]
"Description"=
"Path"=C:\WINDOWS\system32\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=1.1.6]
"Description"=VLC Multimedia Plugin
"Path"=F:\programy\VLC player\VLC\npvlc.dll

F:\programy\Firefox\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
KavAntiBanner@kaspersky.ru_bak
linkfilter@kaspersky.ru_bak

F:\programy\Firefox\Mozilla Firefox\components\
browsercomps.dll
binary.manifest
nppl3260.xpt
nsJSRealPlayerPlugin.xpt
npCortona.xpt

F:\programy\Firefox\Mozilla Firefox\plugins\
npCortona.dll
np32dsw.dll
ShockwavePlugin.class
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
QuickTimePlugin.class
nppl3260.dll
nprpjplug.dll
np-mswmp.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
npPDFXCviewNPPlugin.dll

F:\programy\Firefox\Mozilla Firefox\searchplugins\
wikipedia-cz.xml
slunecnice-cz.xml
seznam-cz.xml
jyxo-cz.xml
heureka-cz.xml
google.xml

C:\Documents and Settings\Karr\Data aplikací\Mozilla\Firefox\Profiles\xy9hjc1m.default\extensions\
zigboom@ymail.com
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - F:\programy\SPYBOT~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - F:\programy\Kaspersky Internet Security 2011\instalace\ievkbd.dll [2010-10-05 68280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-11-14 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-11-14 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - F:\programy\Kaspersky Internet Security 2011\instalace\klwtbbho.dll [2010-10-05 191160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-11-14 79856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DWPersistentQueuedReporting"=C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [2010-02-28 519584]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-04-13 1808784]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-09-17 254896]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2011-03-14 2565520]
"CanonSolutionMenuEx"=C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [2011-08-04 1612920]
"AVP"=F:\programy\Kaspersky Internet Security 2011\instalace\avp.exe [2010-11-02 365336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AlcoholAutomount"=F:\programy\Alcohol.120.Retail.v2.0.1.2033.SU.WinAll.Cracked\instal\Alcohol 120\AxAutoMntSrv.exe [2010-08-20 33120]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="F:\programy\KASPER~1\INSTAL~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-06-27 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2010-10-05 228024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RailNotification]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2011-02-12 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2011-02-12 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2011-02-12 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\programy\uTorrent\instal\utorrent.exe"="F:\programy\uTorrent\instal\utorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.tscc"=tsccvid.dll
"msacm.l3codec"=l3codecp.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-12-08 13:29:16 ----D---- C:\WINDOWS\SxsCaPendDel
2012-12-08 13:23:21 ----SHD---- C:\Config.Msi
2012-12-08 11:53:03 ----D---- C:\Program Files\trend micro
2012-12-08 11:53:02 ----D---- C:\rsit
2012-12-01 12:55:57 ----A---- C:\WINDOWS\system32\drivers\klin.dat
2012-12-01 12:55:57 ----A---- C:\WINDOWS\system32\drivers\klick.dat
2012-12-01 12:53:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2012-12-01 12:53:15 ----A---- C:\WINDOWS\system32\drivers\klif.sys
2012-11-27 15:47:34 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonIJScan
2012-11-25 13:27:33 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonIJEGV
2012-11-25 13:02:30 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonIJEPPEX2
2012-11-25 13:02:30 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonEPP
2012-11-25 13:02:28 ----D---- C:\Documents and Settings\Karr\Data aplikací\Canon
2012-11-25 12:58:59 ----A---- C:\WINDOWS\system32\CNC_ASU.dll
2012-11-25 12:58:59 ----A---- C:\WINDOWS\system32\CNC_ASL.dll
2012-11-25 12:58:59 ----A---- C:\WINDOWS\system32\CNC_ASI.dll
2012-11-25 12:58:59 ----A---- C:\WINDOWS\system32\CNC_ASC.dll
2012-11-25 12:58:58 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2012-11-25 12:58:58 ----A---- C:\WINDOWS\system32\CNHMCA.dll
2012-11-25 12:48:47 ----D---- C:\Program Files\Common Files\CANON
2012-11-25 12:48:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJWSpt
2012-11-25 12:43:22 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
2012-11-25 12:42:49 ----A---- C:\WINDOWS\system32\CNMLMAS.DLL
2012-11-25 12:42:43 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2012-11-25 12:42:37 ----A---- C:\WINDOWS\system32\CNC_ASO.dll
2012-11-25 12:42:34 ----A---- C:\WINDOWS\system32\CNMIUAS.DLL
2012-11-25 12:42:24 ----HD---- C:\Program Files\CanonBJ
2012-11-25 12:42:10 ----D---- C:\WINDOWS\system32\STRING
2012-11-25 12:42:10 ----A---- C:\WINDOWS\system32\CNMNPUI.DLL
2012-11-25 12:42:10 ----A---- C:\WINDOWS\system32\CNMNPPM.DLL
2012-11-25 12:37:39 ----D---- C:\Program Files\Canon
2012-11-14 19:29:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Mozilla
2012-11-14 19:29:28 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-11-14 12:18:18 ----D---- C:\Program Files\Common Files\Java
2012-11-14 12:17:38 ----A---- C:\WINDOWS\system32\npdeployJava1.dll
2012-11-14 12:17:38 ----A---- C:\WINDOWS\system32\javaws.exe
2012-11-14 12:17:38 ----A---- C:\WINDOWS\system32\javaw.exe
2012-11-14 12:17:38 ----A---- C:\WINDOWS\system32\java.exe
2012-11-14 12:16:56 ----D---- C:\Program Files\Java
2012-11-14 12:14:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee

======List of files/folders modified in the last 1 month======

2012-12-08 13:43:34 ----RSD---- C:\WINDOWS\assembly
2012-12-08 13:41:30 ----D---- C:\WINDOWS
2012-12-08 13:40:34 ----D---- C:\WINDOWS\Microsoft.NET
2012-12-08 13:40:31 ----D---- C:\WINDOWS\Temp
2012-12-08 13:40:31 ----A---- C:\WINDOWS\wincmd.ini
2012-12-08 13:39:14 ----D---- C:\WINDOWS\Prefetch
2012-12-08 13:36:03 ----N---- C:\WINDOWS\SchedLgU.Txt
2012-12-08 13:29:18 ----SHD---- C:\WINDOWS\Installer
2012-12-08 13:29:17 ----D---- C:\WINDOWS\WinSxS
2012-12-08 13:27:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-12-08 13:25:40 ----RD---- C:\Program Files
2012-12-08 13:25:40 ----D---- C:\Program Files\Microsoft.NET
2012-12-08 13:25:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-12-08 13:25:35 ----RSD---- C:\WINDOWS\Fonts
2012-12-08 13:24:15 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2012-12-08 13:24:12 ----D---- C:\WINDOWS\system32
2012-12-08 13:24:11 ----D---- C:\Program Files\Common Files
2012-12-08 11:42:49 ----HD---- C:\WINDOWS\inf
2012-12-08 11:42:28 ----D---- C:\WINDOWS\system32\CatRoot2
2012-12-08 11:35:02 ----D---- C:\WINDOWS\Debug
2012-12-08 11:26:33 ----D---- C:\Documents and Settings\Karr\Data aplikací\uTorrent
2012-12-01 13:09:25 ----SHD---- C:\System Volume Information
2012-12-01 13:09:16 ----D---- C:\WINDOWS\system32\drivers
2012-12-01 12:50:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2012-11-25 12:59:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-11-25 12:59:00 ----D---- C:\WINDOWS\Media
2012-11-25 12:58:59 ----D---- C:\WINDOWS\twain_32
2012-11-24 12:12:36 ----D---- C:\Program Files\Microsoft Silverlight
2012-11-23 17:14:51 ----A---- C:\moduleName.txt
2012-11-14 12:17:02 ----A---- C:\WINDOWS\system32\deployJava1.dll
2012-11-12 22:45:22 ----A---- C:\WINDOWS\winamp.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 gagp30kx;Filtr Microsoft Generic AGPv3.0 pro procesorovou platformu K8; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-14 46464]
R0 KL1;kl1; C:\WINDOWS\system32\DRIVERS\kl1.sys [2010-06-09 132184]
R0 mv61xxmm;mv61xxmm; C:\WINDOWS\system32\drivers\mv61xxmm.sys [2011-02-12 13616]
R0 mv64xxmm;mv64xxmm; C:\WINDOWS\system32\drivers\mv64xxmm.sys [2011-02-12 5632]
R0 mvxxmm;mvxxmm; C:\WINDOWS\system32\drivers\mvxxmm.sys [2011-02-12 13616]
R0 siside;siside; C:\WINDOWS\system32\DRIVERS\siside.sys [2003-03-25 4096]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-05-31 436792]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-02 36864]
R1 kl2;kl2; C:\WINDOWS\system32\DRIVERS\kl2.sys [2010-06-09 11352]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2012-12-01 475736]
R2 rspndr;Odpovídající zařízení zjišťování topologie linkové vrstvy; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2011-02-12 62848]
R2 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 5504]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-06-27 2303488]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2010-05-07 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-11-02 19472]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2008-04-13 32768]
S1 DumpDrv;Crash Dump Driver; C:\WINDOWS\system32\drivers\DumpDrv.sys [2011-02-12 9472]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 a3hxe4rr;a3hxe4rr; C:\WINDOWS\system32\drivers\a3hxe4rr.sys []
S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]
S3 FXDRV;FXDRV; \??\G:\Fxdrv.sys []
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2011-04-13 40984]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-22 32384]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VIAudio;Zvukový řadič VIA AC'97 (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2008-04-13 84480]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2011-02-12 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2011-02-12 82944]
S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2011-02-12 133632]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-06-27 483328]
R2 AVP;Služba Kaspersky Anti-Virus; F:\programy\Kaspersky Internet Security 2011\instalace\avp.exe [2010-11-02 365336]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-11-14 153584]
R2 NMSAccess;NMSAccess; F:\programy\CDBurnerXP\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 WDDMService;WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 238592]
R2 WDFME;WD File Management Engine; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1060864]
R2 WDSC;WD File Management Shadow Engine; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 484352]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2011-02-12 439808]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-06-29 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-11-14 129976]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2011-02-12 14848]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2011-02-12 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2011-02-12 14848]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Rudy]

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\WINDOWS\tasks\AutoKMS.job

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

Odinstalujte Spybot, mohl by být v konfliktu s Kasperským.

[Karr]

Logfile of random's system information tool 1.09 (written by random/random)
Run by Karr at 2012-12-15 10:15:25
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 29 GB (76%) free of 38 GB
Total RAM: 1022 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:16:03, on 15.12.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
F:\programy\Kaspersky Internet Security 2011\instalace\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
F:\programy\CDBurnerXP\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
F:\programy\Kaspersky Internet Security 2011\instalace\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
F:\programy\Firefox\Mozilla Firefox\firefox.exe
F:\programy\Total Commander 7.56\totalcmd\TOTALCMD.EXE
f:\programy\RSIT_skener_viry.cz\RSIT.exe
C:\Program Files\trend micro\Karr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - F:\programy\Kaspersky Internet Security 2011\instalace\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - F:\programy\Kaspersky Internet Security 2011\instalace\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [AVP] "F:\programy\Kaspersky Internet Security 2011\instalace\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "F:\programy\Alcohol.120.Retail.v2.0.1.2033.SU.WinAll.Cracked\instal\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [KB976002-v5] rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://F:\programy\OFFICE~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Přidat do Anti-Banner - F:\programy\Kaspersky Internet Security 2011\instalace\ie_banner_deny.htm
O9 - Extra button: &Virtuální klávesnice - {4248FE82-7FCB-46AC-B270-339F08212110} - F:\programy\Kaspersky Internet Security 2011\instalace\klwtbbho.dll
O9 - Extra button: K&ontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - F:\programy\Kaspersky Internet Security 2011\instalace\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: F:\programy\KASPER~1\INSTAL~1\kloehk.dll
O20 - Winlogon Notify: RailNotification - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Služba Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - F:\programy\Kaspersky Internet Security 2011\instalace\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMSAccess - Unknown owner - F:\programy\CDBurnerXP\CDBurnerXP\NMSAccessU.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

--
End of file - 7514 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-JARMILKA-Karr.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Karr\Data aplikací\Mozilla\Firefox\Profiles\xy9hjc1m.default

prefs.js - "browser.startup.homepage" - "google.com"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"virtualKeyboard@kaspersky.ru"=F:\programy\Kaspersky Internet Security 2011\instalace\FFExt\virtualKeyboard@kaspersky.ru
"KavAntiBanner@Kaspersky.ru"=F:\programy\Kaspersky Internet Security 2011\instalace\FFExt\KavAntiBanner@kaspersky.ru
"linkfilter@kaspersky.ru"=F:\programy\Kaspersky Internet Security 2011\instalace\FFExt\linkfilter@kaspersky.ru


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=F:\programy\PDF-XChange.Viewer.Pro.v2.048.Multilingual\instal\PDF Viewer\npPDFXCviewNPPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37]
"Description"=
"Path"=C:\WINDOWS\system32\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=1.1.6]
"Description"=VLC Multimedia Plugin
"Path"=F:\programy\VLC player\VLC\npvlc.dll

F:\programy\Firefox\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
KavAntiBanner@kaspersky.ru_bak
linkfilter@kaspersky.ru_bak

F:\programy\Firefox\Mozilla Firefox\components\
browsercomps.dll
binary.manifest
nppl3260.xpt
nsJSRealPlayerPlugin.xpt
npCortona.xpt

F:\programy\Firefox\Mozilla Firefox\plugins\
npCortona.dll
np32dsw.dll
ShockwavePlugin.class
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
QuickTimePlugin.class
nppl3260.dll
nprpjplug.dll
np-mswmp.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
npPDFXCviewNPPlugin.dll

F:\programy\Firefox\Mozilla Firefox\searchplugins\
wikipedia-cz.xml
slunecnice-cz.xml
seznam-cz.xml
jyxo-cz.xml
heureka-cz.xml
google.xml

C:\Documents and Settings\Karr\Data aplikací\Mozilla\Firefox\Profiles\xy9hjc1m.default\extensions\
zigboom@ymail.com
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - F:\programy\Kaspersky Internet Security 2011\instalace\ievkbd.dll [2010-10-05 68280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-11-14 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-11-14 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - F:\programy\Kaspersky Internet Security 2011\instalace\klwtbbho.dll [2010-10-05 191160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-11-14 79856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DWPersistentQueuedReporting"=C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [2010-02-28 519584]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-04-13 1808784]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-09-17 254896]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2011-03-14 2565520]
"CanonSolutionMenuEx"=C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [2011-08-04 1612920]
"AVP"=F:\programy\Kaspersky Internet Security 2011\instalace\avp.exe [2010-11-02 365336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AlcoholAutomount"=F:\programy\Alcohol.120.Retail.v2.0.1.2033.SU.WinAll.Cracked\instal\Alcohol 120\AxAutoMntSrv.exe [2010-08-20 33120]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="F:\programy\KASPER~1\INSTAL~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-06-27 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2010-10-05 228024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RailNotification]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2011-02-12 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2011-02-12 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2011-02-12 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\programy\uTorrent\instal\utorrent.exe"="F:\programy\uTorrent\instal\utorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.tscc"=tsccvid.dll
"msacm.l3codec"=l3codecp.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-12-15 10:06:20 ----D---- C:\_OTM
2012-12-08 13:29:16 ----D---- C:\WINDOWS\SxsCaPendDel
2012-12-08 13:23:21 ----SHD---- C:\Config.Msi
2012-12-08 11:53:03 ----D---- C:\Program Files\trend micro
2012-12-08 11:53:02 ----D---- C:\rsit
2012-12-01 12:55:57 ----A---- C:\WINDOWS\system32\drivers\klin.dat
2012-12-01 12:55:57 ----A---- C:\WINDOWS\system32\drivers\klick.dat
2012-12-01 12:53:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2012-12-01 12:53:15 ----A---- C:\WINDOWS\system32\drivers\klif.sys
2012-11-27 15:47:34 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonIJScan
2012-11-25 13:27:33 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonIJEGV
2012-11-25 13:02:30 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonIJEPPEX2
2012-11-25 13:02:30 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonEPP
2012-11-25 13:02:28 ----D---- C:\Documents and Settings\Karr\Data aplikací\Canon
2012-11-25 12:58:59 ----A---- C:\WINDOWS\system32\CNC_ASU.dll
2012-11-25 12:58:59 ----A---- C:\WINDOWS\system32\CNC_ASL.dll
2012-11-25 12:58:59 ----A---- C:\WINDOWS\system32\CNC_ASI.dll
2012-11-25 12:58:59 ----A---- C:\WINDOWS\system32\CNC_ASC.dll
2012-11-25 12:58:58 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2012-11-25 12:58:58 ----A---- C:\WINDOWS\system32\CNHMCA.dll
2012-11-25 12:48:47 ----D---- C:\Program Files\Common Files\CANON
2012-11-25 12:48:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJWSpt
2012-11-25 12:43:22 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
2012-11-25 12:42:49 ----A---- C:\WINDOWS\system32\CNMLMAS.DLL
2012-11-25 12:42:43 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2012-11-25 12:42:37 ----A---- C:\WINDOWS\system32\CNC_ASO.dll
2012-11-25 12:42:34 ----A---- C:\WINDOWS\system32\CNMIUAS.DLL
2012-11-25 12:42:24 ----HD---- C:\Program Files\CanonBJ
2012-11-25 12:42:10 ----D---- C:\WINDOWS\system32\STRING
2012-11-25 12:42:10 ----A---- C:\WINDOWS\system32\CNMNPUI.DLL
2012-11-25 12:42:10 ----A---- C:\WINDOWS\system32\CNMNPPM.DLL
2012-11-25 12:37:39 ----D---- C:\Program Files\Canon

======List of files/folders modified in the last 1 month======

2012-12-15 10:15:09 ----A---- C:\WINDOWS\wincmd.ini
2012-12-15 10:12:35 ----D---- C:\WINDOWS
2012-12-15 10:12:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2012-12-15 10:10:36 ----D---- C:\WINDOWS\Prefetch
2012-12-15 10:09:15 ----D---- C:\WINDOWS\Temp
2012-12-15 10:06:45 ----N---- C:\WINDOWS\SchedLgU.Txt
2012-12-15 10:06:31 ----D---- C:\WINDOWS\system32
2012-12-15 10:06:23 ----SD---- C:\WINDOWS\Tasks
2012-12-08 14:27:41 ----RSD---- C:\WINDOWS\assembly
2012-12-08 14:27:41 ----D---- C:\WINDOWS\Microsoft.NET
2012-12-08 13:29:18 ----SHD---- C:\WINDOWS\Installer
2012-12-08 13:29:17 ----D---- C:\WINDOWS\WinSxS
2012-12-08 13:27:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-12-08 13:25:40 ----RD---- C:\Program Files
2012-12-08 13:25:40 ----D---- C:\Program Files\Microsoft.NET
2012-12-08 13:25:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-12-08 13:25:35 ----RSD---- C:\WINDOWS\Fonts
2012-12-08 13:24:15 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2012-12-08 13:24:11 ----D---- C:\Program Files\Common Files
2012-12-08 11:42:49 ----HD---- C:\WINDOWS\inf
2012-12-08 11:42:28 ----D---- C:\WINDOWS\system32\CatRoot2
2012-12-08 11:35:02 ----D---- C:\WINDOWS\Debug
2012-12-08 11:26:33 ----D---- C:\Documents and Settings\Karr\Data aplikací\uTorrent
2012-12-01 13:09:25 ----SHD---- C:\System Volume Information
2012-12-01 13:09:16 ----D---- C:\WINDOWS\system32\drivers
2012-12-01 12:50:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2012-11-25 12:59:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-11-25 12:59:00 ----D---- C:\WINDOWS\Media
2012-11-25 12:58:59 ----D---- C:\WINDOWS\twain_32
2012-11-24 12:12:36 ----D---- C:\Program Files\Microsoft Silverlight
2012-11-23 17:14:51 ----A---- C:\moduleName.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 gagp30kx;Filtr Microsoft Generic AGPv3.0 pro procesorovou platformu K8; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-14 46464]
R0 KL1;kl1; C:\WINDOWS\system32\DRIVERS\kl1.sys [2010-06-09 132184]
R0 mv61xxmm;mv61xxmm; C:\WINDOWS\system32\drivers\mv61xxmm.sys [2011-02-12 13616]
R0 mv64xxmm;mv64xxmm; C:\WINDOWS\system32\drivers\mv64xxmm.sys [2011-02-12 5632]
R0 mvxxmm;mvxxmm; C:\WINDOWS\system32\drivers\mvxxmm.sys [2011-02-12 13616]
R0 siside;siside; C:\WINDOWS\system32\DRIVERS\siside.sys [2003-03-25 4096]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-05-31 436792]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-02 36864]
R1 kl2;kl2; C:\WINDOWS\system32\DRIVERS\kl2.sys [2010-06-09 11352]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2012-12-01 475736]
R2 rspndr;Odpovídající zařízení zjišťování topologie linkové vrstvy; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2011-02-12 62848]
R2 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 5504]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-06-27 2303488]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2010-05-07 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-11-02 19472]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2008-04-13 32768]
S1 DumpDrv;Crash Dump Driver; C:\WINDOWS\system32\drivers\DumpDrv.sys [2011-02-12 9472]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 awcuvow7;awcuvow7; C:\WINDOWS\system32\drivers\awcuvow7.sys []
S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]
S3 FXDRV;FXDRV; \??\G:\Fxdrv.sys []
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2011-04-13 40984]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-22 32384]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VIAudio;Zvukový řadič VIA AC'97 (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2008-04-13 84480]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2011-02-12 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2011-02-12 82944]
S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2011-02-12 133632]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-06-27 483328]
R2 AVP;Služba Kaspersky Anti-Virus; F:\programy\Kaspersky Internet Security 2011\instalace\avp.exe [2010-11-02 365336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-11-14 153584]
R2 NMSAccess;NMSAccess; F:\programy\CDBurnerXP\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 WDDMService;WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 238592]
R2 WDFME;WD File Management Engine; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1060864]
R2 WDSC;WD File Management Shadow Engine; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 484352]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2011-02-12 439808]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-06-29 520192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-11-14 129976]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2011-02-12 14848]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2011-02-12 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2011-02-12 14848]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Rudy]

Dvouklikem na soubor C:\Program Files\trend micro\Karr.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [KB976002-v5] rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O20 - Winlogon Notify: RailNotification - Invalid registry found

Klikněte na >FixChecked<. Pak znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC.

[Karr]

Logfile of random's system information tool 1.09 (written by random/random)
Run by Karr at 2012-12-15 10:38:51
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 29 GB (76%) free of 38 GB
Total RAM: 1022 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:39:42, on 15.12.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
F:\programy\Kaspersky Internet Security 2011\instalace\avp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
F:\programy\CDBurnerXP\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
F:\programy\Kaspersky Internet Security 2011\instalace\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
F:\programy\Total Commander 7.56\totalcmd\TOTALCMD.EXE
f:\programy\RSIT_skener_viry.cz\RSIT.exe
C:\Program Files\trend micro\Karr.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Canon\Easy-WebPrint EX\ewpexdl.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - F:\programy\Kaspersky Internet Security 2011\instalace\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - F:\programy\Kaspersky Internet Security 2011\instalace\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [AVP] "F:\programy\Kaspersky Internet Security 2011\instalace\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "F:\programy\Alcohol.120.Retail.v2.0.1.2033.SU.WinAll.Cracked\instal\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKUS\S-1-5-18\..\Run: [KB976002-v5] rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [KB976002-v5] rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo (User 'Default user')
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://F:\programy\OFFICE~1\Office14\EXCEL.EXE/3000
O9 - Extra button: &Virtuální klávesnice - {4248FE82-7FCB-46AC-B270-339F08212110} - F:\programy\Kaspersky Internet Security 2011\instalace\klwtbbho.dll
O9 - Extra button: K&ontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - F:\programy\Kaspersky Internet Security 2011\instalace\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: F:\programy\KASPER~1\INSTAL~1\kloehk.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Služba Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - F:\programy\Kaspersky Internet Security 2011\instalace\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMSAccess - Unknown owner - F:\programy\CDBurnerXP\CDBurnerXP\NMSAccessU.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

--
End of file - 7219 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-JARMILKA-Karr.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Karr\Data aplikací\Mozilla\Firefox\Profiles\xy9hjc1m.default

prefs.js - "browser.startup.homepage" - "google.com"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"virtualKeyboard@kaspersky.ru"=F:\programy\Kaspersky Internet Security 2011\instalace\FFExt\virtualKeyboard@kaspersky.ru
"KavAntiBanner@Kaspersky.ru"=F:\programy\Kaspersky Internet Security 2011\instalace\FFExt\KavAntiBanner@kaspersky.ru
"linkfilter@kaspersky.ru"=F:\programy\Kaspersky Internet Security 2011\instalace\FFExt\linkfilter@kaspersky.ru


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=F:\programy\PDF-XChange.Viewer.Pro.v2.048.Multilingual\instal\PDF Viewer\npPDFXCviewNPPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37]
"Description"=
"Path"=C:\WINDOWS\system32\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=1.1.6]
"Description"=VLC Multimedia Plugin
"Path"=F:\programy\VLC player\VLC\npvlc.dll

F:\programy\Firefox\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
KavAntiBanner@kaspersky.ru_bak
linkfilter@kaspersky.ru_bak

F:\programy\Firefox\Mozilla Firefox\components\
browsercomps.dll
binary.manifest
nppl3260.xpt
nsJSRealPlayerPlugin.xpt
npCortona.xpt

F:\programy\Firefox\Mozilla Firefox\plugins\
npCortona.dll
np32dsw.dll
ShockwavePlugin.class
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
QuickTimePlugin.class
nppl3260.dll
nprpjplug.dll
np-mswmp.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
npPDFXCviewNPPlugin.dll

F:\programy\Firefox\Mozilla Firefox\searchplugins\
wikipedia-cz.xml
slunecnice-cz.xml
seznam-cz.xml
jyxo-cz.xml
heureka-cz.xml
google.xml

C:\Documents and Settings\Karr\Data aplikací\Mozilla\Firefox\Profiles\xy9hjc1m.default\extensions\
zigboom@ymail.com
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - F:\programy\Kaspersky Internet Security 2011\instalace\ievkbd.dll [2010-10-05 68280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-11-14 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-11-14 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - F:\programy\Kaspersky Internet Security 2011\instalace\klwtbbho.dll [2010-10-05 191160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-11-14 79856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DWPersistentQueuedReporting"=C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [2010-02-28 519584]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-04-13 1808784]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-09-17 254896]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2011-03-14 2565520]
"CanonSolutionMenuEx"=C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [2011-08-04 1612920]
"AVP"=F:\programy\Kaspersky Internet Security 2011\instalace\avp.exe [2010-11-02 365336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AlcoholAutomount"=F:\programy\Alcohol.120.Retail.v2.0.1.2033.SU.WinAll.Cracked\instal\Alcohol 120\AxAutoMntSrv.exe [2010-08-20 33120]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="F:\programy\KASPER~1\INSTAL~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-06-27 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2010-10-05 228024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2011-02-12 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2011-02-12 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2011-02-12 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\programy\uTorrent\instal\utorrent.exe"="F:\programy\uTorrent\instal\utorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.tscc"=tsccvid.dll
"msacm.l3codec"=l3codecp.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-12-15 10:38:51 ----D---- C:\rsit
2012-12-08 13:29:16 ----D---- C:\WINDOWS\SxsCaPendDel
2012-12-08 13:23:21 ----SHD---- C:\Config.Msi
2012-12-08 11:53:03 ----D---- C:\Program Files\trend micro
2012-12-01 12:55:57 ----A---- C:\WINDOWS\system32\drivers\klin.dat
2012-12-01 12:55:57 ----A---- C:\WINDOWS\system32\drivers\klick.dat
2012-12-01 12:53:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab
2012-12-01 12:53:15 ----A---- C:\WINDOWS\system32\drivers\klif.sys
2012-11-27 15:47:34 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonIJScan
2012-11-25 13:27:33 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonIJEGV
2012-11-25 13:02:30 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonIJEPPEX2
2012-11-25 13:02:30 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonEPP
2012-11-25 13:02:28 ----D---- C:\Documents and Settings\Karr\Data aplikací\Canon
2012-11-25 12:58:59 ----A---- C:\WINDOWS\system32\CNC_ASU.dll
2012-11-25 12:58:59 ----A---- C:\WINDOWS\system32\CNC_ASL.dll
2012-11-25 12:58:59 ----A---- C:\WINDOWS\system32\CNC_ASI.dll
2012-11-25 12:58:59 ----A---- C:\WINDOWS\system32\CNC_ASC.dll
2012-11-25 12:58:58 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2012-11-25 12:58:58 ----A---- C:\WINDOWS\system32\CNHMCA.dll
2012-11-25 12:48:47 ----D---- C:\Program Files\Common Files\CANON
2012-11-25 12:48:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJWSpt
2012-11-25 12:43:22 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
2012-11-25 12:42:49 ----A---- C:\WINDOWS\system32\CNMLMAS.DLL
2012-11-25 12:42:43 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2012-11-25 12:42:37 ----A---- C:\WINDOWS\system32\CNC_ASO.dll
2012-11-25 12:42:34 ----A---- C:\WINDOWS\system32\CNMIUAS.DLL
2012-11-25 12:42:24 ----HD---- C:\Program Files\CanonBJ
2012-11-25 12:42:10 ----D---- C:\WINDOWS\system32\STRING
2012-11-25 12:42:10 ----A---- C:\WINDOWS\system32\CNMNPUI.DLL
2012-11-25 12:42:10 ----A---- C:\WINDOWS\system32\CNMNPPM.DLL
2012-11-25 12:37:39 ----D---- C:\Program Files\Canon

======List of files/folders modified in the last 1 month======

2012-12-15 10:38:30 ----A---- C:\WINDOWS\wincmd.ini
2012-12-15 10:38:09 ----D---- C:\WINDOWS\Temp
2012-12-15 10:38:06 ----D---- C:\WINDOWS\Prefetch
2012-12-15 10:37:20 ----D---- C:\WINDOWS
2012-12-15 10:35:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-12-15 10:12:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2012-12-15 10:06:31 ----D---- C:\WINDOWS\system32
2012-12-15 10:06:23 ----SD---- C:\WINDOWS\Tasks
2012-12-08 14:27:41 ----RSD---- C:\WINDOWS\assembly
2012-12-08 14:27:41 ----D---- C:\WINDOWS\Microsoft.NET
2012-12-08 13:29:18 ----SHD---- C:\WINDOWS\Installer
2012-12-08 13:29:17 ----D---- C:\WINDOWS\WinSxS
2012-12-08 13:27:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-12-08 13:25:40 ----RD---- C:\Program Files
2012-12-08 13:25:40 ----D---- C:\Program Files\Microsoft.NET
2012-12-08 13:25:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-12-08 13:25:35 ----RSD---- C:\WINDOWS\Fonts
2012-12-08 13:24:15 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2012-12-08 13:24:11 ----D---- C:\Program Files\Common Files
2012-12-08 11:42:49 ----HD---- C:\WINDOWS\inf
2012-12-08 11:42:28 ----D---- C:\WINDOWS\system32\CatRoot2
2012-12-08 11:35:02 ----D---- C:\WINDOWS\Debug
2012-12-08 11:26:33 ----D---- C:\Documents and Settings\Karr\Data aplikací\uTorrent
2012-12-01 13:09:25 ----SHD---- C:\System Volume Information
2012-12-01 13:09:16 ----D---- C:\WINDOWS\system32\drivers
2012-12-01 12:50:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2012-11-25 12:59:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-11-25 12:59:00 ----D---- C:\WINDOWS\Media
2012-11-25 12:58:59 ----D---- C:\WINDOWS\twain_32
2012-11-24 12:12:36 ----D---- C:\Program Files\Microsoft Silverlight
2012-11-23 17:14:51 ----A---- C:\moduleName.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 gagp30kx;Filtr Microsoft Generic AGPv3.0 pro procesorovou platformu K8; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-14 46464]
R0 KL1;kl1; C:\WINDOWS\system32\DRIVERS\kl1.sys [2010-06-09 132184]
R0 mv61xxmm;mv61xxmm; C:\WINDOWS\system32\drivers\mv61xxmm.sys [2011-02-12 13616]
R0 mv64xxmm;mv64xxmm; C:\WINDOWS\system32\drivers\mv64xxmm.sys [2011-02-12 5632]
R0 mvxxmm;mvxxmm; C:\WINDOWS\system32\drivers\mvxxmm.sys [2011-02-12 13616]
R0 siside;siside; C:\WINDOWS\system32\DRIVERS\siside.sys [2003-03-25 4096]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-05-31 436792]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-02 36864]
R1 kl2;kl2; C:\WINDOWS\system32\DRIVERS\kl2.sys [2010-06-09 11352]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2012-12-01 475736]
R2 rspndr;Odpovídající zařízení zjišťování topologie linkové vrstvy; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2011-02-12 62848]
R2 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 5504]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-06-27 2303488]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2010-05-07 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-11-02 19472]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2008-04-13 32768]
S1 DumpDrv;Crash Dump Driver; C:\WINDOWS\system32\drivers\DumpDrv.sys [2011-02-12 9472]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 aaecwaph;aaecwaph; C:\WINDOWS\system32\drivers\aaecwaph.sys []
S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]
S3 FXDRV;FXDRV; \??\G:\Fxdrv.sys []
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2011-04-13 40984]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-22 32384]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VIAudio;Zvukový řadič VIA AC'97 (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2008-04-13 84480]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2011-02-12 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2011-02-12 82944]
S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2011-02-12 133632]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-06-27 483328]
R2 AVP;Služba Kaspersky Anti-Virus; F:\programy\Kaspersky Internet Security 2011\instalace\avp.exe [2010-11-02 365336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-11-14 153584]
R2 NMSAccess;NMSAccess; F:\programy\CDBurnerXP\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 WDDMService;WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 238592]
R2 WDFME;WD File Management Engine; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1060864]
R2 WDSC;WD File Management Shadow Engine; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 484352]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2011-02-12 439808]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-06-29 520192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-11-14 129976]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2011-02-12 14848]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2011-02-12 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2011-02-12 14848]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Rudy]

Log je již OK. Nastala nějaká změna?

[Karr]

Díky za pročištění, počítač se o něco málo zrychlil, ale například při stuštění filmu nabíhá VLC player 15vteřin, bějem kterých naskočí místo kurzoru hodiny a cpu jede na 100%. kdybych přitom zapnul např. firefox, tak bych se nedočkal

[Rudy]

Dejte pro jistotu log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[Karr]

ComboFix 12-12-14.01 - Karr 15.12.2012 12:56:15.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.423 [GMT 1:00]
Spuštěný z: c:\documents and settings\Karr\Plocha\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\ST6UNST.000
c:\windows\system32\kgen.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-15 do 2012-12-15 )))))))))))))))))))))))))))))))
.
.
2012-12-15 11:40 . 2004-02-24 18:08 400384 ------w- c:\windows\system32\drivers\alcxsens.sys
2012-12-15 11:40 . 2004-03-05 04:30 1048 ------w- c:\windows\system32\drivers\alcxinit.dat
2012-12-15 09:38 . 2012-12-15 09:39 -------- d-----w- C:\rsit
2012-12-08 12:29 . 2012-12-08 12:37 -------- d-----w- c:\windows\SxsCaPendDel
2012-12-08 10:53 . 2012-12-15 09:39 -------- d-----w- c:\program files\trend micro
2012-12-02 10:24 . 2012-12-09 10:24 -------- d-----w- c:\documents and settings\All Users\TEMP
2012-12-01 11:55 . 2012-12-01 12:09 98168 ----a-w- c:\windows\system32\drivers\klick.dat
2012-12-01 11:55 . 2012-12-01 12:09 116189 ----a-w- c:\windows\system32\drivers\klin.dat
2012-12-01 11:53 . 2012-12-15 12:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Kaspersky Lab
2012-11-27 14:47 . 2012-11-27 14:47 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\CanonIJScan
2012-11-25 12:27 . 2012-11-25 12:27 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\CanonIJEGV
2012-11-25 12:26 . 2012-12-09 18:15 -------- d-----w- c:\documents and settings\Karr\Local Settings\Data aplikací\Canon Easy-PhotoPrint EX
2012-11-25 12:02 . 2012-11-25 12:02 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\CanonIJEPPEX2
2012-11-25 12:02 . 2012-11-25 12:02 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\CanonEPP
2012-11-25 12:02 . 2012-11-27 14:47 -------- d-----w- c:\documents and settings\Karr\Data aplikací\Canon
2012-11-25 11:58 . 2011-04-27 10:00 323584 ----a-w- c:\windows\system32\CNC_ASL.dll
2012-11-25 11:58 . 2011-03-31 09:07 114688 ----a-w- c:\windows\system32\CNC_ASU.dll
2012-11-25 11:58 . 2011-03-31 09:05 286720 ----a-w- c:\windows\system32\CNC_ASC.dll
2012-11-25 11:58 . 2011-03-31 09:05 114688 ----a-w- c:\windows\system32\CNC_ASI.dll
2012-11-25 11:58 . 2008-08-25 17:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2012-11-25 11:58 . 2008-04-13 22:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-11-25 11:58 . 2008-04-13 22:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-11-25 11:48 . 2012-11-25 11:48 -------- d-----w- c:\program files\Common Files\CANON
2012-11-25 11:48 . 2012-11-25 11:48 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CanonIJWSpt
2012-11-25 11:43 . 2012-11-25 11:43 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\CanonBJ
2012-11-25 11:42 . 2011-05-23 04:00 83968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAS.DLL
2012-11-25 11:42 . 2011-05-23 04:00 310272 ----a-w- c:\windows\system32\CNMLMAS.DLL
2012-11-25 11:42 . 2011-05-23 04:00 29184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAS.DLL
2012-11-25 11:42 . 2012-11-25 11:42 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-11-25 11:42 . 2010-11-18 06:15 90112 ----a-w- c:\windows\system32\CNC_ASO.dll
2012-11-25 11:42 . 2011-02-03 00:20 184320 ----a-w- c:\windows\system32\CNMIUAS.DLL
2012-11-25 11:42 . 2012-11-25 11:42 -------- d-----w- c:\windows\system32\STRING
2012-11-25 11:42 . 2011-02-01 08:23 35328 ----a-w- c:\windows\system32\CNMNPUI.DLL
2012-11-25 11:42 . 2011-02-01 08:22 363008 ----a-w- c:\windows\system32\CNMNPPM.DLL
2012-11-25 11:37 . 2012-11-25 11:52 -------- d-----w- c:\program files\Canon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 11:17 . 2012-11-14 11:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-14 11:17 . 2012-11-14 11:17 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-14 11:17 . 2011-05-30 20:48 473072 ----a-w- c:\windows\system32\deployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-02-12 . FF876311F58C86EC3E1A24F585949C25 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="f:\programy\Alcohol.120.Retail.v2.0.1.2033.SU.WinAll.Cracked\instal\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWPersistentQueuedReporting"="c:\program files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE" [2010-02-28 519584]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2565520]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
"AVP"="f:\programy\Kaspersky Internet Security 2011\instalace\avp.exe" [2010-11-02 365336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"KB976002-v5"="advpack.dll" [2011-02-12 128512]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2011-02-12 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"f:\\programy\\uTorrent\\instal\\utorrent.exe"=
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [12.2.2011 11:02 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [12.2.2011 11:02 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [12.2.2011 11:02 13616]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31.5.2011 17:29 436792]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [9.6.2010 16:43 11352]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [9.3.2011 10:07 238592]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [9.3.2011 10:18 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [9.3.2011 10:16 484352]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30.4.2008 16:06 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.11.2009 19:27 19472]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [12.2.2011 10:09 9472]
S3 FXDRV;FXDRV;\??\g:\fxdrv.sys --> g:\Fxdrv.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 12:37 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2.6.2011 21:21 11520]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-12 c:\windows\Tasks\AdobeAAMUpdater-1.0-JARMILKA-Karr.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-06-12 11:41]
.
2011-05-31 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2011-04-13 13:02]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - f:\programy\OFFICE~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Karr\Data aplikací\Mozilla\Firefox\Profiles\xy9hjc1m.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - ExtSQL: 2012-11-14 12:17; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; f:\programy\Firefox\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-12-01 13:09; virtualKeyboard@kaspersky.ru; f:\programy\Kaspersky Internet Security 2011\instalace\FFExt\virtualKeyboard@kaspersky.ru
FF - ExtSQL: 2012-12-01 13:09; KavAntiBanner@Kaspersky.ru; f:\programy\Kaspersky Internet Security 2011\instalace\FFExt\KavAntiBanner@kaspersky.ru
FF - ExtSQL: 2012-12-01 13:09; linkfilter@kaspersky.ru; f:\programy\Kaspersky Internet Security 2011\instalace\FFExt\linkfilter@kaspersky.ru
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-15 13:07
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(4092)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
f:\programy\CDBurnerXP\CDBurnerXP\NMSAccessU.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-12-15 13:13:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-15 12:13
.
Před spuštěním: Volných bajtů: 30 073 376 768
Po spuštění: Volných bajtů: 29 963 071 488
.
- - End Of File - - CD6AA2EEA317A4D9E83C190CE5D12EC4

[Rudy]

Soubor c:\windows\system32\sfcfiles.dll otestujte online na www.virustotal.com . Výsledek oznamte.

[Karr]

SHA256: c759b0f70d7547ad7ac4cb2a8816b50c8bd6dc796d8c11290a748da171af681a
File name: sfcfiles.dll
Detection ratio: 0 / 46
Analysis date: 2012-12-16 11:14:01 UTC ( 1 minuta ago )

[Karr]

ještě mě napadlo, zda to nemůže zpomalovat nějaký hardware. Ve správci zařízení jsem objevil chybu u zvukového řadiče VIA AC´97 (WDM) - Kod 10 - zařízení nelze spustit. Pokoušel jsem se aktualizivat ovladač, ale žádný jsem nenašel. Dal jsem zařízení zakázat, ale změna žádná.

[Rudy]

Soubor je v pořádku. Ovladač přeinstalujte.