Prosím o kontrolu, děkuji

[muss45]

Snažím se zprovoznit starý PC a nějak se to na netu seká, asi bude chtít přeinstalovat.

Log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Martin at 2013-08-16 19:33:04
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 66 GB (57%) free of 114 GB
Total RAM: 510 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:33:41, on 16.8.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\Martin\Data aplikací\Yontoo\YontooDesktop.exe
C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yontoo\Y2Desktop.Updater.exe
C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Martin\Plocha\RSIT.exe
C:\Program Files\trend micro\Martin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tuvaro.com/ws/?source=4c3f95e5&t ... 19db5e76b4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: (no name) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - (no file)
O3 - Toolbar: (no name) - {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - (no file)
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Yontoo Desktop] "C:\Documents and Settings\Martin\Data aplikací\Yontoo\YontooDesktop.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - SOURCENEXT - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 6490 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\EPUpdater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default

prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.search.useDBForOrder" - "false"
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"searchpredict@speedbit.com"=C:\Program Files\SearchPredict\PRFireFox
"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF
"{17E113E6-CD0E-4045-B154-65F0E57959EF}"=C:\Program Files\IMPI\Firefox


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.94 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Web Player
"Path"=C:\Program Files\DivX\DivX Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}(2)

C:\Program Files\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np32dsw.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
babylon.xml
mall-cz.xml

C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\
askcom.xml
babylon.xml
BrowserProtect.xml
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-18.xml
icqplugin-19.xml
icqplugin-2.xml
icqplugin-20.xml
icqplugin-21.xml
icqplugin-22.xml
icqplugin-23.xml
icqplugin-24.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml
tuvaro.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08 77424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-08-16 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-08-16 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
Yontoo - C:\Program Files\Yontoo\YontooIEClient.dll [2013-03-13 197920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B71B15CF-3093-459C-B764-AEB2486F2273} - &S-Rank - C:\Program Files\Seznam\Postak\SRank.dll [2005-05-17 266240]
{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2013-05-09 4858968]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2013-05-08 41056]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2013-05-01 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yontoo Desktop"=C:\Documents and Settings\Martin\Data aplikací\Yontoo\YontooDesktop.exe [2013-03-13 42784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe"="C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh"
"C:\Program Files\Steam\SteamApps\wood506\day of defeat source\hl2.exe"="C:\Program Files\Steam\SteamApps\wood506\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source"
"C:\Program Files\Steam\SteamApps\wood506\counter-strike source\hl2.exe"="C:\Program Files\Steam\SteamApps\wood506\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Documents and Settings\Martin\Dokumenty\Hudba\010\Nová složka\Dos-Hry\2000---Need-For-Speed-5---Porsche-Unleashed-bez-instalace+cestina\2000 - Need For Speed 5 - Porsche Unleashed\Porsche.exe"="C:\Documents and Settings\Martin\Dokumenty\Hudba\010\Nová složka\Dos-Hry\2000---Need-For-Speed-5---Porsche-Unleashed-bez-instalace+cestina\2000 - Need For Speed 5 - Porsche Unleashed\Porsche.exe:*:Disabled:Porsche"
"C:\Documents and Settings\Martin\Dokumenty\Stažené soubory\VideoConverterSDM.exe"="C:\Documents and Settings\Martin\Dokumenty\Stažené soubory\VideoConverterSDM.exe:*:Enabled:InHouseSDM Setup"
"C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup"
"C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe"="C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager"
"C:\Documents and Settings\Martin\Dokumenty\Stažené soubory\Need For Speed- Porsche Unleashed\EXE.exe"="C:\Documents and Settings\Martin\Dokumenty\Stažené soubory\Need For Speed- Porsche Unleashed\EXE.exe:*:Disabled:EXE"
"D:\Music\Need-For-Speed--Porsche-Unleashed\Need For Speed- Porsche Unleashed\EXE.exe"="D:\Music\Need-For-Speed--Porsche-Unleashed\Need For Speed- Porsche Unleashed\EXE.exe:*:Disabled:EXE"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\System32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"msacm.lhacm"=lhacm.acm
"msacm.l3codecp"=l3codecp.acm
"VIDC.PIM1"=pclepim1.dll
"MSVideo8"=VfWWDM32.dll
"msacm.voxacm160"=vct3216.acm
"msacm.vorbis"=vorbis.acm

======File associations======

.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 month======

2013-08-16 18:43:06 ----D---- C:\Program Files\QuickTime
2013-08-16 18:40:53 ----D---- C:\Program Files\Common Files\Apple
2013-08-16 18:39:15 ----D---- C:\Program Files\Apple Software Update
2013-08-16 18:39:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple
2013-08-16 18:09:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2013-08-16 18:08:46 ----A---- C:\WINDOWS\system32\deployJava1.dll
2013-08-16 18:08:45 ----A---- C:\WINDOWS\system32\npDeployJava1.dll
2013-08-16 18:08:45 ----A---- C:\WINDOWS\system32\javaws.exe
2013-08-16 18:08:32 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-08-16 18:08:31 ----A---- C:\WINDOWS\system32\javaw.exe
2013-08-16 18:08:25 ----A---- C:\WINDOWS\system32\java.exe
2013-08-14 20:46:26 ----D---- C:\WINDOWS\system32\MRT
2013-08-14 20:44:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2862772$
2013-08-14 20:35:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2850869$
2013-08-14 20:27:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2859537$
2013-08-14 20:27:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2863058$
2013-08-14 20:26:52 ----A---- C:\WINDOWS\imsins.BAK
2013-08-14 20:26:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2849470$
2013-08-14 16:06:24 ----A---- C:\Program Files\GUT4.tmp
2013-08-14 16:06:23 ----D---- C:\Program Files\GUM3.tmp
2013-08-02 19:00:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-08-02 19:00:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2834886$
2013-08-02 18:59:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2850851$
2013-08-02 18:59:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2845187$
2013-08-02 18:58:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2839229$
2013-07-17 15:31:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2820197$
2013-07-17 15:21:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2846071$

======List of files/folders modified in the last 1 month======

2013-08-16 19:33:12 ----D---- C:\Program Files\trend micro
2013-08-16 19:33:11 ----D---- C:\WINDOWS\Prefetch
2013-08-16 18:46:44 ----SHD---- C:\WINDOWS\Installer
2013-08-16 18:46:42 ----HD---- C:\Config.Msi
2013-08-16 18:44:07 ----D---- C:\WINDOWS\Temp
2013-08-16 18:43:14 ----D---- C:\WINDOWS\system32
2013-08-16 18:43:06 ----D---- C:\WINDOWS
2013-08-16 18:43:06 ----D---- C:\Program Files
2013-08-16 18:41:15 ----D---- C:\WINDOWS\WinSxS
2013-08-16 18:40:53 ----D---- C:\Program Files\Common Files
2013-08-16 18:39:57 ----SD---- C:\WINDOWS\Tasks
2013-08-16 18:35:40 ----D---- C:\Documents and Settings\Martin\Data aplikací\Yontoo
2013-08-16 18:32:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-08-16 18:26:21 ----D---- C:\Program Files\Common Files\Adobe
2013-08-16 18:26:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2013-08-16 18:25:45 ----D---- C:\Program Files\Adobe
2013-08-16 18:10:45 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-08-16 18:09:08 ----D---- C:\Program Files\Common Files\Java
2013-08-16 18:06:55 ----D---- C:\Program Files\Java
2013-08-15 17:29:27 ----D---- C:\WINDOWS\Microsoft.NET
2013-08-15 17:29:08 ----RSD---- C:\WINDOWS\assembly
2013-08-14 22:27:36 ----D---- C:\WINDOWS\system32\CatRoot2
2013-08-14 20:46:19 ----D---- C:\WINDOWS\Debug
2013-08-14 20:45:44 ----A---- C:\WINDOWS\system32\MRT.exe
2013-08-14 20:44:25 ----HD---- C:\WINDOWS\inf
2013-08-14 20:44:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-08-14 20:42:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-14 17:16:57 ----D---- C:\Program Files\Google
2013-08-14 15:54:44 ----D---- C:\WINDOWS\system32\drivers
2013-08-09 14:21:24 ----HD---- C:\Program Files\InstallShield Installation Information
2013-07-25 10:14:12 ----A---- C:\WINDOWS\system32\wininet.dll
2013-07-25 10:14:12 ----A---- C:\WINDOWS\system32\urlmon.dll
2013-07-25 10:14:12 ----A---- C:\WINDOWS\system32\url.dll
2013-07-25 10:14:12 ----A---- C:\WINDOWS\system32\shdocvw.dll
2013-07-25 10:14:12 ----A---- C:\WINDOWS\system32\mstime.dll
2013-07-25 10:14:11 ----N---- C:\WINDOWS\system32\ieencode.dll
2013-07-25 10:14:11 ----A---- C:\WINDOWS\system32\mshtmled.dll
2013-07-25 10:14:11 ----A---- C:\WINDOWS\system32\mshtml.dll
2013-07-25 10:14:11 ----A---- C:\WINDOWS\system32\iepeers.dll
2013-07-25 10:14:11 ----A---- C:\WINDOWS\system32\browseui.dll
2013-07-17 15:31:14 ----HD---- C:\WINDOWS\$hf_mig$
2013-07-17 15:22:41 ----D---- C:\WINDOWS\system32\XPSViewer
2013-07-17 15:19:15 ----D---- C:\WINDOWS\system32\CatRoot
2013-07-17 02:46:31 ----N---- C:\WINDOWS\system32\tzchange.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-05-09 49376]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-08-14 175176]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2003-08-27 17232]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2005-08-10 19968]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-10-03 685816]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2012-10-31 20624]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2013-05-09 49760]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-08-14 770344]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-08-14 369584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-05-09 56080]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2010-04-17 38944]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\Drivers\PCLEPCI.SYS []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-05-09 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-01-27 15440]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-10-25 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-10-25 115807]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-10-25 391199]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-10-25 199711]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-10-25 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-10-25 488383]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-11-06 4024832]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2007-01-27 41160]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 pfc;PADUS ASPI SHELL; C:\WINDOWS\system32\drivers\pfc.sys [2002-06-13 14604]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912]
S3 axsrlmkl;axsrlmkl; C:\WINDOWS\system32\drivers\axsrlmkl.sys []
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-10-25 67167]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2004-04-15 42496]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-09-22 17480]
S3 HidBatt;Ovladač baterie zdroje UPS standardu HID; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-13 20352]
S3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-10-25 542879]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\ewdcsc.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys []
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys []
S3 k510bus;Sony Ericsson K510 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2006-02-17 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2006-02-17 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2006-02-17 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\k510obex.sys [2006-02-17 83344]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSICPL;MSICPL; \??\C:\Documents and Settings\Martin\Plocha\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NTACCESS;NTACCESS; \??\F:\NTACCESS.sys []
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-10-25 57471]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\F:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 60800]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 9264]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 96352]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 85696]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-28 163328]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2013-05-09 46808]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2010-04-17 139264]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-08-16 182184]
R2 LicCtrlService;LicCtrl Service; C:\WINDOWS\runservice.exe [2010-05-22 2560]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Yontoo Desktop Updater;Yontoo Desktop Updater; C:\Program Files\Yontoo\Y2Desktop.Updater.exe [2013-03-13 23552]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-23 116648]
S2 NwSapAgent;Agent SAP; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-23 116648]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-07-05 117144]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Roli]

Zdravím, tohle fixni v HJT :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tuvaro.com/ws/?source=4c3f95e5&t ... 19db5e76b4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7}
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
O2 - BHO: (no name) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - (no file)
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
O3 - Toolbar: (no name) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - (no file)
O3 - Toolbar: (no name) - {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Yontoo Desktop] "C:\Documents and Settings\Martin\Data aplikací\Yontoo\YontooDesktop.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (file missing)

HJT najdeš zde :

C:\Program Files\trend micro\Martin.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Stáhni a ulož na plochu AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem spusť,

objeví se okno kde vlevo dole klikni na Search.

Po té proběhne sken a po jeho skončení na Tebe vypadne log, který mi sem zkopíruj.

[muss45]

# AdwCleaner v2.306 - Log vytvooen 18/08/2013 v 10:36:26
# Aktualizováno 19/07/2013 Xplode
# Operaení systém : Microsoft Windows XP Service Pack 3 (32 bits)
# Uživatel : Martin - MARTIN-ZQF8EALN
# Spuštin systém : Normální
# Spuštino z : C:\Documents and Settings\Martin\Plocha\adwcleaner.exe
# Volba [Prohledat]


***** [Služby] *****

Nalezeno : Yontoo Desktop Updater

***** [Soubory / Složky] *****

Složka Nalezeno : C:\Documents and Settings\All Users\Data aplikací\Babylon
Složka Nalezeno : C:\Documents and Settings\All Users\Data aplikací\Speedbit
Složka Nalezeno : C:\Documents and Settings\All Users\Data aplikací\Tarma Installer
Složka Nalezeno : C:\Documents and Settings\All Users\Nabídka Start\Programy\Speedbit Video Downloader
Složka Nalezeno : C:\Documents and Settings\Martin\Data aplikací\BabSolution
Složka Nalezeno : C:\Documents and Settings\Martin\Data aplikací\Babylon
Složka Nalezeno : C:\Documents and Settings\Martin\Data aplikací\file scout
Složka Nalezeno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\SweetIMToolbarData
Složka Nalezeno : C:\Documents and Settings\Martin\Data aplikací\Yontoo
Složka Nalezeno : C:\Documents and Settings\Martin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Složka Nalezeno : C:\Documents and Settings\Martin\Local Settings\Data aplikací\iMesh
Složka Nalezeno : C:\Documents and Settings\Martin\Local Settings\Data aplikací\PackageAware
Složka Nalezeno : C:\Documents and Settings\Martin\Nabídka Start\Programy\TornTV.com
Složka Nalezeno : C:\Program Files\iMesh Applications
Složka Nalezeno : C:\Program Files\TornTV.com
Složka Nalezeno : C:\Program Files\Yontoo
Soubor Nalezeno : C:\DOCUME~1\Martin\LOCALS~1\Temp\Uninstall.exe
Soubor Nalezeno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\bProtector_extensions.rdf
Soubor Nalezeno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\Askcom.xml
Soubor Nalezeno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\Babylon.xml
Soubor Nalezeno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\BrowserProtect.xml
Soubor Nalezeno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\icqplugin.xml
Soubor Nalezeno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\icqplugin-1.xml
Soubor Nalezeno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\icqplugin-10.xml
Soubor Nalezeno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\icqplugin-2.xml
Soubor Nalezeno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\icqplugin-3.xml
Soubor Nalezeno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\icqplugin-4.xml
Soubor Nalezeno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\icqplugin-5.xml
Soubor Nalezeno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\icqplugin-6.xml
Soubor Nalezeno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\icqplugin-7.xml
Soubor Nalezeno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\icqplugin-8.xml
Soubor Nalezeno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\icqplugin-9.xml
Soubor Nalezeno : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Soubor Nalezeno : C:\user.js
Soubor Nalezeno : C:\WINDOWS\Tasks\EPUpdater.job

***** [Registry] *****

Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Hodnota Nalezeno : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchpredict@speedbit.com]
Klíe Nalezeno : HKCU\Software\1ClickDownload
Klíe Nalezeno : HKCU\Software\5f558fd8b339bf46
Klíe Nalezeno : HKCU\Software\BabSolution
Klíe Nalezeno : HKCU\Software\BabylonToolbar
Klíe Nalezeno : HKCU\Software\DataMngr
Klíe Nalezeno : HKCU\Software\filescout
Klíe Nalezeno : HKCU\Software\ICQ\ICQToolbar
Klíe Nalezeno : HKCU\Software\Imesh
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Klíe Nalezeno : HKCU\Software\OCS
Klíe Nalezeno : HKCU\Software\SBConvert
Klíe Nalezeno : HKCU\Software\Softonic
Klíe Nalezeno : HKCU\Software\SpeedBit
Klíe Nalezeno : HKCU\Software\YahooPartnerToolbar
Klíe Nalezeno : HKLM\Software\Babylon
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Prod.cap
Klíe Nalezeno : HKLM\SOFTWARE\Classes\SBConvert.SBConvert
Klíe Nalezeno : HKLM\SOFTWARE\Classes\SBConvert.SBConvert.3
Klíe Nalezeno : HKLM\SOFTWARE\Classes\SearchPredictObj.SearchPredictObj
Klíe Nalezeno : HKLM\SOFTWARE\Classes\SearchPredictObj.SearchPredictObj.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Klíe Nalezeno : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Klíe Nalezeno : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Klíe Nalezeno : HKLM\Software\DataMngr
Klíe Nalezeno : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Klíe Nalezeno : HKLM\Software\ICQ\ICQToolbar
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{177586E7-E42E-4F38-83D1-D15B4AF5B714}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search-Gol Chrome Toolbar
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Klíe Nalezeno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96E2E493-C484-43E3-9B95-D62EE7D40D3A}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search-Gol Chrome Toolbar
Klíe Nalezeno : HKLM\Software\SpeedBit
Klíe Nalezeno : HKLM\Software\Tarma Installer
Klíe Nalezeno : HKU\S-1-5-21-1957994488-484763869-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v6.0.2900.5512

[OK] Registry jsou eisté.

-\\ Mozilla Firefox v22.0 (cs)

Soubor : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\prefs.js

Nalezeno : user_pref("browser.search.defaultengine", "Ask.com");
Nalezeno : user_pref("extensions.BabylonToolbar_i.newTab", true);
Nalezeno : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119529&babsrc[...]
Nalezeno : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
Nalezeno : user_pref("extentions.y2layers.installId", "c2b4ac33-7772-4535-b9e9-2f119b9489d1");
Nalezeno : user_pref("icqtoolbar.allowSendURL", false);
Nalezeno : user_pref("icqtoolbar.engineVerified", true);
Nalezeno : user_pref("icqtoolbar.hiddenElements", "itb_options");
Nalezeno : user_pref("icqtoolbar.history", "t%C5%99i%20kr%C3%A1lov%C3%A9%20v%20M%C5%A0||my%20t%C5%99i%20kr%C3%A[...]
Nalezeno : user_pref("icqtoolbar.installTime", "1285182421");
Nalezeno : user_pref("icqtoolbar.installsource", "1");
Nalezeno : user_pref("icqtoolbar.newtab_state", "1");
Nalezeno : user_pref("icqtoolbar.numberOfSearches", 0);
Nalezeno : user_pref("icqtoolbar.previousFFVersion", "3.6.13");
Nalezeno : user_pref("icqtoolbar.skip_default_search", "yes");
Nalezeno : user_pref("icqtoolbar.suggestions", false);
Nalezeno : user_pref("icqtoolbar.uniqueID", "123393200712339320071233937330147");
Nalezeno : user_pref("icqtoolbar.usageStatstTimestamp", 1295280631);
Nalezeno : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Nalezeno : user_pref("icqtoolbar.xmlLanguage", "cs");
Nalezeno : user_pref("speedbit.Var1", "0");
Nalezeno : user_pref("speedbit.Var10", "0");
Nalezeno : user_pref("speedbit.Var2", "0");
Nalezeno : user_pref("speedbit.Var3", "0");
Nalezeno : user_pref("speedbit.Var4", "0");
Nalezeno : user_pref("speedbit.Var5", "0");
Nalezeno : user_pref("speedbit.Var6", "0");
Nalezeno : user_pref("speedbit.Var7", "0");
Nalezeno : user_pref("speedbit.Var8", "0");
Nalezeno : user_pref("speedbit.Var9", "0");
Nalezeno : user_pref("speedbit.auto_search", false);
Nalezeno : user_pref("speedbit.bubble_height", "441");
Nalezeno : user_pref("speedbit.bubble_screenx", "659");
Nalezeno : user_pref("speedbit.bubble_screeny", 136);
Nalezeno : user_pref("speedbit.bubble_scroll", "0");
Nalezeno : user_pref("speedbit.bubble_src", "hxxp%3A//www.fileratings.com/panel/panel1.aspx");
Nalezeno : user_pref("speedbit.bubble_type", "0");
Nalezeno : user_pref("speedbit.bubble_width", "189");
Nalezeno : user_pref("speedbit.buttons.highlighter", false);
Nalezeno : user_pref("speedbit.buttons.showlabels", false);
Nalezeno : user_pref("speedbit.cache.tbs_include_xml_sbt", "1/21/17/0/111");
Nalezeno : user_pref("speedbit.click_selects_all", true);
Nalezeno : user_pref("speedbit.ctrl_search", false);
Nalezeno : user_pref("speedbit.enable_auto_complete", false);
Nalezeno : user_pref("speedbit.firstlaunch", "0");
Nalezeno : user_pref("speedbit.focus_key", false);
Nalezeno : user_pref("speedbit.guid", "%7B67B3513B-9CFB-A093-6274-79C6BD49C7D6%7D");
Nalezeno : user_pref("speedbit.search_in_tab", false);
Nalezeno : user_pref("speedbit.search_on_drag_drop", false);
Nalezeno : user_pref("speedbit.shift_ctrl_search", false);
Nalezeno : user_pref("speedbit.shift_search", false);
Nalezeno : user_pref("speedbit.use_inline_complete", false);
Nalezeno : user_pref("speedbit.userId", "%12");
Nalezeno : user_pref("speedbit.warn_on_form_history", false);
Nalezeno : user_pref("speedbit_installed_version", "2.0.8");

-\\ Google Chrome v [Nemohu získat verzi]

Soubor : C:\Documents and Settings\Martin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [19135 octets] - [24/01/2013 14:23:32]
AdwCleaner[R2].txt - [13292 octets] - [18/08/2013 10:36:26]
AdwCleaner[S1].txt - [18910 octets] - [24/01/2013 23:18:54]

########## EOF - C:\AdwCleaner[R2].txt - [13414 octets] ##########

[Roli]

Znovu spusť AdwCleaner ale tentokrát klikni na Delete,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té na Tebe opět vypadne log který mi sem zkopíruj.

[muss45]

# AdwCleaner v2.306 - Log vytvooen 19/08/2013 v 20:07:59
# Aktualizováno 19/07/2013 Xplode
# Operaení systém : Microsoft Windows XP Service Pack 3 (32 bits)
# Uživatel : Martin - MARTIN-ZQF8EALN
# Spuštin systém : Normální
# Spuštino z : C:\Documents and Settings\Martin\Plocha\adwcleaner.exe
# Volba [Vymazat]


***** [Služby] *****

Zastaveno & vymazáno : Yontoo Desktop Updater

***** [Soubory / Složky] *****

Složka Vymazáno : C:\Documents and Settings\All Users\Data aplikací\Babylon
Složka Vymazáno : C:\Documents and Settings\All Users\Data aplikací\Speedbit
Složka Vymazáno : C:\Documents and Settings\All Users\Data aplikací\Tarma Installer
Složka Vymazáno : C:\Documents and Settings\All Users\Nabídka Start\Programy\Speedbit Video Downloader
Složka Vymazáno : C:\Documents and Settings\Martin\Data aplikací\BabSolution
Složka Vymazáno : C:\Documents and Settings\Martin\Data aplikací\Babylon
Složka Vymazáno : C:\Documents and Settings\Martin\Data aplikací\file scout
Složka Vymazáno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\SweetIMToolbarData
Složka Vymazáno : C:\Documents and Settings\Martin\Data aplikací\Yontoo
Složka Vymazáno : C:\Documents and Settings\Martin\Local Settings\Data aplikací\iMesh
Složka Vymazáno : C:\Documents and Settings\Martin\Local Settings\Data aplikací\PackageAware
Složka Vymazáno : C:\Documents and Settings\Martin\Nabídka Start\Programy\TornTV.com
Složka Vymazáno : C:\Program Files\iMesh Applications
Složka Vymazáno : C:\Program Files\TornTV.com
Složka Vymazáno : C:\Program Files\Yontoo
Soubor Vymazáno : C:\DOCUME~1\Martin\LOCALS~1\Temp\Uninstall.exe
Soubor Vymazáno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\bProtector_extensions.rdf
Soubor Vymazáno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\Askcom.xml
Soubor Vymazáno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\Babylon.xml
Soubor Vymazáno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\BrowserProtect.xml
Soubor Vymazáno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\icqplugin.xml
Soubor Vymazáno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\icqplugin-1.xml
Soubor Vymazáno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\icqplugin-10.xml
Soubor Vymazáno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\icqplugin-2.xml
Soubor Vymazáno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\icqplugin-3.xml
Soubor Vymazáno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\icqplugin-4.xml
Soubor Vymazáno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\icqplugin-5.xml
Soubor Vymazáno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\icqplugin-6.xml
Soubor Vymazáno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\icqplugin-7.xml
Soubor Vymazáno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\icqplugin-8.xml
Soubor Vymazáno : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\searchplugins\icqplugin-9.xml
Soubor Vymazáno : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Soubor Vymazáno : C:\user.js
Soubor Vymazáno : C:\WINDOWS\Tasks\EPUpdater.job
Vymazáno poi restartu : C:\Documents and Settings\Martin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde

***** [Registry] *****

Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Hodnota Vymazáno : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchpredict@speedbit.com]
Klíe Vymazáno : HKCU\Software\1ClickDownload
Klíe Vymazáno : HKCU\Software\5f558fd8b339bf46
Klíe Vymazáno : HKCU\Software\BabSolution
Klíe Vymazáno : HKCU\Software\BabylonToolbar
Klíe Vymazáno : HKCU\Software\DataMngr
Klíe Vymazáno : HKCU\Software\filescout
Klíe Vymazáno : HKCU\Software\ICQ\ICQToolbar
Klíe Vymazáno : HKCU\Software\Imesh
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Klíe Vymazáno : HKCU\Software\OCS
Klíe Vymazáno : HKCU\Software\SBConvert
Klíe Vymazáno : HKCU\Software\Softonic
Klíe Vymazáno : HKCU\Software\SpeedBit
Klíe Vymazáno : HKCU\Software\YahooPartnerToolbar
Klíe Vymazáno : HKLM\Software\Babylon
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Prod.cap
Klíe Vymazáno : HKLM\SOFTWARE\Classes\SBConvert.SBConvert
Klíe Vymazáno : HKLM\SOFTWARE\Classes\SBConvert.SBConvert.3
Klíe Vymazáno : HKLM\SOFTWARE\Classes\SearchPredictObj.SearchPredictObj
Klíe Vymazáno : HKLM\SOFTWARE\Classes\SearchPredictObj.SearchPredictObj.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Klíe Vymazáno : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Klíe Vymazáno : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Klíe Vymazáno : HKLM\Software\DataMngr
Klíe Vymazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Klíe Vymazáno : HKLM\Software\ICQ\ICQToolbar
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{177586E7-E42E-4F38-83D1-D15B4AF5B714}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search-Gol Chrome Toolbar
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Klíe Vymazáno : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96E2E493-C484-43E3-9B95-D62EE7D40D3A}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search-Gol Chrome Toolbar
Klíe Vymazáno : HKLM\Software\SpeedBit
Klíe Vymazáno : HKLM\Software\Tarma Installer

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v6.0.2900.5512

[OK] Registry jsou eisté.

-\\ Mozilla Firefox v23.0.1 (cs)

Soubor : C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\prefs.js

C:\Documents and Settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\user.js ... Vymazáno !

Vymazáno : user_pref("browser.search.defaultengine", "Ask.com");
Vymazáno : user_pref("extensions.BabylonToolbar_i.newTab", true);
Vymazáno : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119529&babsrc[...]
Vymazáno : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
Vymazáno : user_pref("extentions.y2layers.installId", "c2b4ac33-7772-4535-b9e9-2f119b9489d1");
Vymazáno : user_pref("icqtoolbar.allowSendURL", false);
Vymazáno : user_pref("icqtoolbar.engineVerified", true);
Vymazáno : user_pref("icqtoolbar.hiddenElements", "itb_options");
Vymazáno : user_pref("icqtoolbar.history", "t%C5%99i%20kr%C3%A1lov%C3%A9%20v%20M%C5%A0||my%20t%C5%99i%20kr%C3%A[...]
Vymazáno : user_pref("icqtoolbar.installTime", "1285182421");
Vymazáno : user_pref("icqtoolbar.installsource", "1");
Vymazáno : user_pref("icqtoolbar.newtab_state", "1");
Vymazáno : user_pref("icqtoolbar.numberOfSearches", 0);
Vymazáno : user_pref("icqtoolbar.previousFFVersion", "3.6.13");
Vymazáno : user_pref("icqtoolbar.skip_default_search", "yes");
Vymazáno : user_pref("icqtoolbar.suggestions", false);
Vymazáno : user_pref("icqtoolbar.uniqueID", "123393200712339320071233937330147");
Vymazáno : user_pref("icqtoolbar.usageStatstTimestamp", 1295280631);
Vymazáno : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Vymazáno : user_pref("icqtoolbar.xmlLanguage", "cs");
Vymazáno : user_pref("speedbit.Var1", "0");
Vymazáno : user_pref("speedbit.Var10", "0");
Vymazáno : user_pref("speedbit.Var2", "0");
Vymazáno : user_pref("speedbit.Var3", "0");
Vymazáno : user_pref("speedbit.Var4", "0");
Vymazáno : user_pref("speedbit.Var5", "0");
Vymazáno : user_pref("speedbit.Var6", "0");
Vymazáno : user_pref("speedbit.Var7", "0");
Vymazáno : user_pref("speedbit.Var8", "0");
Vymazáno : user_pref("speedbit.Var9", "0");
Vymazáno : user_pref("speedbit.auto_search", false);
Vymazáno : user_pref("speedbit.bubble_height", "441");
Vymazáno : user_pref("speedbit.bubble_screenx", "659");
Vymazáno : user_pref("speedbit.bubble_screeny", 136);
Vymazáno : user_pref("speedbit.bubble_scroll", "0");
Vymazáno : user_pref("speedbit.bubble_src", "hxxp%3A//www.fileratings.com/panel/panel1.aspx");
Vymazáno : user_pref("speedbit.bubble_type", "0");
Vymazáno : user_pref("speedbit.bubble_width", "189");
Vymazáno : user_pref("speedbit.buttons.highlighter", false);
Vymazáno : user_pref("speedbit.buttons.showlabels", false);
Vymazáno : user_pref("speedbit.cache.tbs_include_xml_sbt", "1/21/17/0/111");
Vymazáno : user_pref("speedbit.click_selects_all", true);
Vymazáno : user_pref("speedbit.ctrl_search", false);
Vymazáno : user_pref("speedbit.enable_auto_complete", false);
Vymazáno : user_pref("speedbit.firstlaunch", "0");
Vymazáno : user_pref("speedbit.focus_key", false);
Vymazáno : user_pref("speedbit.guid", "%7B67B3513B-9CFB-A093-6274-79C6BD49C7D6%7D");
Vymazáno : user_pref("speedbit.search_in_tab", false);
Vymazáno : user_pref("speedbit.search_on_drag_drop", false);
Vymazáno : user_pref("speedbit.shift_ctrl_search", false);
Vymazáno : user_pref("speedbit.shift_search", false);
Vymazáno : user_pref("speedbit.use_inline_complete", false);
Vymazáno : user_pref("speedbit.userId", "%12");
Vymazáno : user_pref("speedbit.warn_on_form_history", false);
Vymazáno : user_pref("speedbit_installed_version", "2.0.8");

-\\ Google Chrome v [Nemohu získat verzi]

Soubor : C:\Documents and Settings\Martin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [19135 octets] - [24/01/2013 14:23:32]
AdwCleaner[R2].txt - [13484 octets] - [18/08/2013 10:36:26]
AdwCleaner[S1].txt - [18910 octets] - [24/01/2013 23:18:54]
AdwCleaner[S2].txt - [13391 octets] - [19/08/2013 20:07:59]

########## EOF - C:\AdwCleaner[S2].txt - [13452 octets] ##########

[Roli]

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[muss45]

ComboFix 13-08-19.02 - Martin 20.08.2013 22:24:19.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.510.237 [GMT 2:00]
Spuštěný z: c:\documents and settings\Martin\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Martin\WINDOWS
c:\windows\IsUn0405.exe
c:\windows\iun6002.exe
c:\windows\regedit.com
c:\windows\ST6UNST.000
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\taskmgr.com
c:\windows\system32\Thumbs.db
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-20 do 2013-08-20 )))))))))))))))))))))))))))))))
.
.
2013-08-16 16:43 . 2013-08-16 16:45 -------- d-----w- c:\program files\QuickTime
2013-08-16 16:40 . 2013-08-16 16:40 -------- d-----w- c:\program files\Common Files\Apple
2013-08-16 16:39 . 2013-08-16 16:39 -------- d-----w- c:\documents and settings\Martin\Local Settings\Data aplikací\Sun
2013-08-16 16:39 . 2013-08-16 16:39 -------- d-----w- c:\program files\Apple Software Update
2013-08-16 16:39 . 2013-08-16 16:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple
2013-08-16 16:08 . 2013-08-16 16:07 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-16 16:08 . 2013-08-16 16:07 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-16 16:08 . 2013-08-16 16:07 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-14 18:46 . 2013-08-14 18:51 -------- d-----w- c:\windows\system32\MRT
2013-08-14 14:06 . 2013-08-14 14:06 4096000 ----a-w- c:\program files\GUT4.tmp
2013-08-14 14:06 . 2013-08-14 14:06 -------- d-----w- c:\program files\GUM3.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-16 16:10 . 2012-04-22 00:07 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-16 16:10 . 2012-04-22 00:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-16 16:07 . 2007-04-15 10:57 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-08-14 13:54 . 2013-04-07 19:38 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-14 13:54 . 2011-06-25 13:47 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-14 13:54 . 2008-04-04 14:16 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-07-25 08:14 . 2001-10-25 12:00 669696 ----a-w- c:\windows\system32\wininet.dll
2013-07-25 08:14 . 2001-10-25 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-07-25 08:14 . 2007-03-25 18:14 81920 ------w- c:\windows\system32\ieencode.dll
2013-07-25 07:25 . 2007-03-25 18:14 370176 ------w- c:\windows\system32\html.iec
2013-07-10 10:37 . 2001-10-25 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 07:34 . 2001-10-24 11:46 2072320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-04 07:34 . 2001-10-25 12:00 2195712 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-05 09:08 . 2001-10-25 12:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 07:23 . 2001-10-25 12:00 563712 ----a-w- c:\windows\system32\qedit.dll
2013-05-28 13:05 . 2013-07-04 22:41 163328 ----a-w- c:\windows\system32\FlashPlayerUpdateService.exe
2013-05-28 01:59 . 2001-10-25 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2013-05-28 01:05 . 2008-05-05 05:25 6656 ----a-w- c:\windows\system32\xpsp4res.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-05-09 4858968]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 11:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [7.4.2013 21:38 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [7.4.2013 21:38 175176]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.7.2007 15:14 685816]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [23.1.2013 21:27 20624]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [25.6.2011 15:47 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4.4.2008 16:16 369584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10.10.2006 13:53 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27.2.2007 12:39 32256]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.4.2008 16:16 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [7.4.2013 21:38 66336]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys --> c:\windows\system32\DRIVERS\ewdcsc.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [22.10.2009 22:26 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [22.10.2009 22:27 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [22.10.2009 22:27 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [24.11.2009 22:47 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [18.11.2009 21:43 83344]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16.2.2006 17:51 4096]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2013-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 13:05]
.
2013-08-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2013-08-20 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-01-23 08:58]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-23 21:07]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-23 21:07]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.104.6.1 217.117.216.7
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\jtw5wn69.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Search Gol
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 4
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-Need For Speed - Porsche Unleashed - c:\progra~1\ELECTR~1\NEEDFO~1\uninst.log
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-20 22:48
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1957994488-484763869-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1957994488-484763869-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:65,bb,6d,7e,43,ee,9b,00,b4,72,d4,4c,f3,d2,97,2c,56,01,71,8c,8c,2f,3f,
84,55,d0,2c,6e,ea,19,a6,cf,72,be,84,3c,c2,01,d8,18,51,03,84,8d,07,66,d0,6e,\
"??"=hex:4f,ab,7d,86,5e,b0,1b,e5,d4,d5,5b,5c,0a,9d,01,ae
.
[HKEY_USERS\S-1-5-21-1957994488-484763869-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:40,ae,4a,bf,1d,1b,f0,dd,ed,c9,f1,f0,5d,23,e2,57,74,b3,b6,68,b1,
96,52,84,d3,a2,7c,63,db,78,96,f2,65,f2,4a,c8,c2,8e,01,c9,22,03,ff,da,a7,9b,\
"rkeysecu"=hex:d5,68,b5,6c,60,6e,f6,f2,31,0b,2a,75,8f,80,60,56
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:47,6d,e8,b1,c6,c5,94,c0
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,61,5a,c0,6c,22,7e,83,13,6e,44,91,28,69,cc,01,dd
"8"=hex:58,09,79,bb,e0,33,eb,62,67,7f,79,c7,4e,f1,a5,7c,64,35,9a,1c,c1,84,6a,
73
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(904)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
- - - - - - - > 'explorer.exe'(4040)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\windows\runservice.exe
c:\program files\Common Files\Motive\McciCMService.exe
.
**************************************************************************
.
Celkový čas: 2013-08-20 22:57:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-08-20 20:57
.
Před spuštěním: Volných bajtů: 67 410 862 080
Po spuštění: Volných bajtů: 68 729 683 968
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - D9A465A840B7D27CE186BC3C7BA99CE8
413FC2A0C716421B3158746D63736515

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files 
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\program files\GUT4.tmp
C:\program files\GUM3.tmp

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\