VIRY.CZ

Dobrý den, bohužel jsem další z mnoha lidí, kteří na tento vir nalétli. Jedná se o zprávu na chatu v angličtině, ze které se pak dostanete až k odkazu na video, kde si stáhnete falešný flash-player. Vytváření logu proběhlo v pořádku. Předem děkuji za pomoc.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Uzivate at 2011-07-27 20:32:09
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (15%) free of 73 GB
Total RAM: 1014 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:32:55, on 27.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\update.1\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\update.tray-10-0\svchost.exe
C:\Program Files\TO2SSM\McciBrowser.exe
C:\Program Files\TO2SSM\McciBrowser.exe
C:\WINDOWS\update.tray-7-0\svchost.exe
C:\Program Files\TO2SSM\McciBrowser.exe
C:\Program Files\TO2SSM\McciBrowser.exe
C:\WINDOWS\l1rezerv.exe
C:\WINDOWS\systemup.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\DOCUME~1\Uzivate\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Uzivate\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Uzivate\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\Documents and Settings\Uzivate\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Uzivate\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\ufa\ufa.exe
D:\RSIT.exe
C:\Program Files\trend micro\Uzivate.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/skins7/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\6.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\6.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\6.bin\MWSBAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Enterra Download Manager Helper - {2956DD50-4F3E-4C20-81D1-FF36435FF288} - C:\Program Files\Enterra\Download Manager\edm.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Softonic-Eng7 - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\6.bin\MWSBAR.DLL
O3 - Toolbar: Enterra Download Manager - {B5147546-9359-4D9B-8B36-F54C54555799} - C:\Program Files\Enterra\Download Manager\edm.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ComSpec Service (x86)] rundll32.exe C:\DOCUME~1\Uzivate\LOCALS~1\Temp\ComSpc32.dll,ComSpecSrvc
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\6.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=080711 serial=DR12WES-3007622-EUW lang=CZ
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [wxpdrv] C:\WINDOWS\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\WINDOWS\update.tray-10-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico1] C:\WINDOWS\update.tray-7-0\svchost.exe
O4 - HKLM\..\Run: [5037585.exe] "C:\DOCUME~1\Uzivate\LOCALS~1\Temp\5037585.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [9526147.exe] "C:\DOCUME~1\Uzivate\LOCALS~1\Temp\9526147.exe"
O4 - HKLM\..\Run: [5127369.exe] "C:\WINDOWS\TEMP\5127369.exe"
O4 - HKLM\..\Run: [61994241-loader2.exe] "C:\WINDOWS\TEMP\61994241-loader2.exe"
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\WINDOWS\l1rezerv.exe"
O4 - HKLM\..\Run: [systemup] "C:\WINDOWS\systemup.exe" stand
O4 - HKLM\..\Run: [1931563.exe] "C:\WINDOWS\TEMP\1931563.exe"
O4 - HKLM\..\Run: [6358140.exe] "C:\WINDOWS\TEMP\6358140.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Uzivate\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Download by Enterra Download Manager - res://C:\Program Files\Enterra\Download Manager\edm.dll/3000
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... 2010021419
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Enterra Download Manager - {1AB6CC97-17C1-4207-BC51-5C9D435A338E} - res://C:\Program Files\Enterra\Download Manager\edm.dll/3002 (file missing)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Program Files\Norton2009Reset.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwssvc.exe
O23 - Service: Norton Internet Security (NIS) - Unknown owner - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: srvbtcclient - Unknown owner - C:\WINDOWS\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\WINDOWS\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\WINDOWS\sysdriver32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: wxpdrivers - Unknown owner - C:\WINDOWS\update.1\svchost.exe

--
End of file - 16255 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-2146793659-1417001333-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-2146793659-1417001333-1003UA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Uzivate\Data aplikací\Mozilla\Firefox\Profiles\fw27m54g.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://start.icq.com/skins7/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, anttoolbar@ant.com:2.2.1, DTToolbar@toolbarnet.com:1.1.2.0185, personas@christopher.beard:1.6.1, toolbar@ask.com:3.9.1.14019, {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.7.2.0, {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3, {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.0, jqs@sun.com:1.0, m3ffxtbr@mywebsearch.com:1.2, {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94, {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13, penguin@loic.com:2.7"
prefs.js - "keyword.URL" - "http://search.mywebsearch.com/mywebsear ... searchfor="

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"m3ffxtbr@mywebsearch.com"=C:\Program Files\MyWebSearch\bar\6.bin
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
"{6904342A-8307-11DF-A508-4AE2DFD72085}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"=C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"=C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Web Player
"Path"=C:\Program Files\DivX\DivX Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin]
"Description"=My Web Search Plugin
"Path"=C:\Program Files\MyWebSearch\bar\6.bin\NPMyWebS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@rim.com/npappworld]
"Description"=
"Path"=C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0]
"Description"=BlackBerry Web Software Loading Helper Plug-In for Mozilla browsers
"Path"=C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@soe.sony.com/installer,version=1.0.3]
"Description"=SOE Web Installer
"Path"=C:\Documents and Settings\Uzivate\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.151_0\npsoe.dll

C:\Program Files\Mozilla Firefox\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
AskHPRFF.js
AskSearch.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nppl3260.xpt
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsIBitCometAgent.xpt
nsINIProcessor.js
nsJSRealPlayerPlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat

C:\Program Files\Mozilla Firefox\plugins\
libdivx.dll
npBitCometAgent.dll
npdeploytk.dll
npdivx32.dll
npdivx32.xpt
npnul32.dll
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
nprjplug.dll
nprpjplug.dll
ssldivx.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Uzivate\Data aplikací\Mozilla\Firefox\Profiles\fw27m54g.default\extensions\
anttoolbar@ant.com
DTToolbar@toolbarnet.com
penguin@loic.com
personas@christopher.beard
toolbar@ask.com
{0b38152b-1b20-484d-a11f-5e04a9b0661f}
{20a82645-c095-46ed-80e3-08825760534b}
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
{800b5000-a755-47e1-992b-48a1c1357f07}
{EEE6C361-6118-11DC-9C72-001320C79847}

C:\Documents and Settings\Uzivate\Data aplikací\Mozilla\Firefox\Profiles\fw27m54g.default\searchplugins\
askcom.xml
conduit.xml
daemon-search.xml
icq-search.xml
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml
mywebsearch.xml
sweetim.xml
winamp-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\bar\6.bin\MWSSRCAS.DLL [2011-04-11 54704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO - C:\Program Files\MyWebSearch\bar\6.bin\MWSBAR.DLL [2011-04-11 800272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2956DD50-4F3E-4C20-81D1-FF36435FF288}]
EntDownloadHelper Class - C:\Program Files\Enterra\Download Manager\edm.dll [2008-04-21 729088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\prxtbSof2.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
PandoraTV Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-06 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-06 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2010-06-13 1438520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\prxtbSof2.dll [2011-01-17 175912]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-04-13 1018616]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2010-06-13 1438520]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files\MyWebSearch\bar\6.bin\MWSBAR.DLL [2011-04-11 800272]
{B5147546-9359-4D9B-8B36-F54C54555799} - Enterra Download Manager - C:\Program Files\Enterra\Download Manager\edm.dll [2008-04-21 729088]
{D4027C7F-154A-4066-A1AD-4243D8127440} - PandoraTV Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-28 16132608]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-06-11 53248]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-07 102400]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-06-13 142104]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-06-13 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-06-13 138008]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"ComSpec Service (x86)"=C:\DOCUME~1\Uzivate\LOCALS~1\Temp\ComSpc32.dll [2009-12-26 52990]
"My Web Search Bar"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\6.bin\MWSBAR.DLL,S []
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe [2011-04-11 32849]
"CorelDRAW Graphics Suite 11b"=C:\Program Files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe [2004-06-23 729088]
"TO2SSM_McciTrayApp"=C:\Program Files\TO2SSM\McciTrayApp.exe [2009-01-16 1473536]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2010-08-30 111928]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe []
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]
"wxpdrv"=C:\WINDOWS\services32.exe [2011-07-25 1185280]
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-10-0\svchost.exe [2011-07-25 1185280]
"tray_ico1"=C:\WINDOWS\update.tray-7-0\svchost.exe [2011-07-25 1185280]
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"5037585.exe"=C:\DOCUME~1\Uzivate\LOCALS~1\Temp\5037585.exe [2011-07-25 247296]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-07-25 256000]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-07-25 256000]
"9526147.exe"=C:\DOCUME~1\Uzivate\LOCALS~1\Temp\9526147.exe [2011-07-25 247296]
"5127369.exe"=C:\WINDOWS\TEMP\5127369.exe [2011-07-25 247296]
"61994241-loader2.exe"=C:\WINDOWS\TEMP\61994241-loader2.exe [2011-07-25 247296]
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-07-25 232960]
"systemup"=C:\WINDOWS\systemup.exe [2011-07-25 114176]
"1931563.exe"=C:\WINDOWS\TEMP\1931563.exe [2011-07-25 256000]
"6358140.exe"=C:\WINDOWS\TEMP\6358140.exe [2011-07-27 502272]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2010-12-08 328056]
"DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTProAgent.exe []
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe [2011-04-11 32849]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2008-10-24 206112]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Uzivate\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-04-10 136176]

C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Documents and Settings\Uzivate\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-05 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe"="C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\Documents and Settings\All Users.WINDOWS\Data aplikací\SweetIM\Messenger\update\sweetimsetup.exe"="C:\Documents and Settings\All Users.WINDOWS\Data aplikací\SweetIM\Messenger\update\sweetimsetup.exe:*:Enabled:SweetIM Installer"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe"="C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"D:\Flash-Player.exe"="D:\Flash-Player.exe:*:Enabled:D:\Flash-Player.exe"
"C:\WINDOWS\services32.exe"="C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\update.tray-7-0\svchost.exe"="C:\WINDOWS\update.tray-7-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-7-0\svchost.exe"
"C:\WINDOWS\update.tray-7-0-lnk\svchost.exe"="C:\WINDOWS\update.tray-7-0-lnk\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-7-0-lnk\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"VIDC.FMVC"=fmcodec.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll

======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2011-07-27 20:32:09 ----D---- C:\rsit
2011-07-27 20:32:09 ----D---- C:\Program Files\trend micro
2011-07-26 16:35:49 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Norton
2011-07-26 16:11:35 ----D---- C:\WINDOWS\system32\drivers\NIS
2011-07-26 16:01:43 ----HD---- C:\WINDOWS\update.tray-10-0-lnk
2011-07-26 16:01:43 ----HD---- C:\WINDOWS\update.tray-10-0
2011-07-26 15:56:43 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2011-07-26 15:56:43 ----A---- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2011-07-25 13:15:06 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-07-25 13:14:41 ----A---- C:\WINDOWS\systemup.exe
2011-07-25 13:12:09 ----D---- C:\WINDOWS\ufa
2011-07-25 13:12:09 ----D---- C:\WINDOWS\rpcminer
2011-07-25 13:12:09 ----D---- C:\WINDOWS\phoenix
2011-07-25 13:07:23 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-25 13:06:14 ----HD---- C:\WINDOWS\update.5.0
2011-07-25 13:04:56 ----A---- C:\WINDOWS\l1rezerv.exe
2011-07-25 13:01:24 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-25 12:59:59 ----HD---- C:\WINDOWS\update.2
2011-07-25 12:59:49 ----D---- C:\Program Files\ConduitEngine
2011-07-25 12:59:49 ----A---- C:\WINDOWS\system32\ConduitEngine.tmp
2011-07-25 12:52:27 ----A---- C:\WINDOWS\unrar.exe
2011-07-25 12:51:47 ----A---- C:\WINDOWS\iplist.txt
2011-07-25 12:51:17 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-07-25 12:51:03 ----A---- C:\WINDOWS\sysdriver32.exe
2011-07-25 12:50:03 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-25 12:48:28 ----D---- C:\WINDOWS\av_ico
2011-07-25 12:46:43 ----HD---- C:\WINDOWS\update.1
2011-07-25 12:46:30 ----HD---- C:\WINDOWS\update.tray-7-0-lnk
2011-07-25 12:46:30 ----HD---- C:\WINDOWS\update.tray-7-0
2011-07-25 12:32:53 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-25 12:32:53 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-25 12:32:44 ----A---- C:\WINDOWS\services32.exe
2011-07-14 13:35:15 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\EA Core
2011-07-14 03:06:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-14 03:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-07-03 12:29:55 ----D---- C:\Program Files\Common Files\EZB Systems
2011-07-03 12:29:53 ----D---- C:\Program Files\UltraISO
2011-07-02 18:39:48 ----D---- C:\Documents and Settings\Uzivate\Data aplikací\MAGIX
2011-07-02 18:35:31 ----D---- C:\Program Files\MAGIX
2011-07-02 18:34:49 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\MAGIX
2011-07-02 18:34:37 ----D---- C:\Program Files\Common Files\MAGIX Services
2011-07-02 14:01:59 ----A---- C:\WINDOWS\system32\d3d9caps.dat
2011-06-30 10:09:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$

======List of files/folders modified in the last 1 month======

2011-07-27 20:32:09 ----RD---- C:\Program Files
2011-07-27 20:21:49 ----D---- C:\WINDOWS\Temp
2011-07-27 20:21:20 ----D---- C:\Documents and Settings\Uzivate\Data aplikací\uTorrent
2011-07-27 20:21:14 ----SHD---- C:\WINDOWS\Installer
2011-07-27 20:20:22 ----D---- C:\WINDOWS\system32
2011-07-26 16:34:20 ----A---- C:\boot.ini
2011-07-26 16:31:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-26 16:13:03 ----D---- C:\Program Files\Symantec
2011-07-26 16:11:35 ----D---- C:\WINDOWS\system32\drivers
2011-07-26 16:01:43 ----D---- C:\WINDOWS
2011-07-26 15:58:58 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-07-26 15:46:44 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-26 15:44:27 ----D---- C:\WINDOWS\Prefetch
2011-07-25 13:17:34 ----SHD---- C:\System Volume Information
2011-07-25 13:17:34 ----D---- C:\WINDOWS\system32\Restore
2011-07-25 12:59:54 ----D---- C:\Program Files\Softonic-Eng7
2011-07-24 11:15:52 ----A---- C:\WINDOWS\system32\dxva_sig.txt
2011-07-23 22:35:41 ----RSD---- C:\WINDOWS\assembly
2011-07-23 22:35:41 ----D---- C:\WINDOWS\Microsoft.NET
2011-07-23 19:24:29 ----SHD---- C:\Config.Msi
2011-07-15 22:05:25 ----D---- C:\WINDOWS\WinSxS
2011-07-15 22:05:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-07-14 13:19:28 ----D---- C:\Program Files\Microsoft.NET
2011-07-14 13:03:59 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-14 03:07:17 ----HD---- C:\WINDOWS\inf
2011-07-14 03:07:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-14 03:03:53 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-14 03:03:33 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft Help
2011-07-14 03:02:34 ----A---- C:\WINDOWS\imsins.BAK
2011-07-13 06:20:32 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-03 13:24:17 ----D---- C:\Program Files\SystemRequirementsLab
2011-07-03 12:29:55 ----D---- C:\Program Files\Common Files
2011-07-02 18:39:05 ----RSD---- C:\WINDOWS\Fonts
2011-07-02 18:36:53 ----D---- C:\WINDOWS\Help
2011-06-30 18:55:30 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-02-07 691696]
R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\drivers\NIS\1201000.025\SYMDS.SYS [2010-06-13 339504]
R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\NIS\1201000.025\SYMEFA.SYS [2010-07-29 666672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys []
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NIS\1201000.025\SRTSPX.SYS [2010-07-29 50096]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\system32\drivers\NIS\1201000.025\SYMTDI.SYS [2010-07-13 369072]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-09-20 1123328]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-03-23 539072]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-23 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-03-31 876384]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-22 988800]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-22 209664]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-05 5761728]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-30 4424192]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-09-14 5888]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-07 215904]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2007-05-02 290816]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-22 730112]
S1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys []
S1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NIS\1201000.025\Ironx86.SYS [2010-06-27 134704]
S3 a17i0ckj;a17i0ckj; C:\WINDOWS\system32\drivers\a17i0ckj.sys []
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-09-15 23152]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-03-23 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-03-31 55352]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-23 67960]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSxpx86.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVEX15.SYS []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RimUsb;zařízení BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 sffdisk;Ovladač třídy úložiště SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\system32\drivers\NIS\1201000.025\SRTSP.SYS [2010-07-29 489008]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256]
R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-04-13 246520]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-06 153376]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe [2011-07-26 348672]
R2 srviecheck;srviecheck; C:\WINDOWS\update.2\svchost.exe [2011-07-27 502272]
R2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe [2011-07-25 256000]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 wxpdrivers;wxpdrivers; C:\WINDOWS\update.1\svchost.exe [2011-07-25 1185280]
S2 .norton2009Reset;Norton2009 Reset; C:\Program Files\Norton2009Reset.exe [2008-09-17 549159]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwssvc.exe [2011-04-11 28762]
S2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe /s NIS /m C:\Program Files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll /prefetch:1 []
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-10-01 85096]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-12-08 362240]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Zdravím!
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Omlouvám se za dlouhou prodlevu. Zde je log:

Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

28.7.2011 20:07:21
mbam-log-2011-07-28 (20-07-15).txt

Typ: Úplná kontrola (C:\|D:\|)
Kontrolované objekty: 438724
Uplynulý čas: 1 hodin, 54 minut, 47 sekund

Infikované procesy v paměti: 10
Infikované moduly v paměti: 0
Infikované klíče v registru: 141
Infikované hodnoty v registru: 22
Infikované datové položky v registru: 3
Infikované složky: 39
Infikované soubory: 188

Infikované procesy v paměti:
c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> 1872 -> No action taken.
c:\WINDOWS\update.tray-10-0\svchost.exe (Trojan.Dropper) -> 2280 -> No action taken.
c:\WINDOWS\update.tray-7-0\svchost.exe (Trojan.Dropper) -> 2348 -> No action taken.
c:\WINDOWS\systemup.exe (Trojan.Agent) -> 3512 -> No action taken.
c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> 3240 -> No action taken.
c:\WINDOWS\sysdriver32.exe (Trojan.Delf) -> 188 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 2100 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 3368 -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 2004 -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 1844 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.norton2009Reset (Trojan.Hacktool) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Delf) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Dropper) -> Value: tray_ico1 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent) -> Value: systemup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar (Adware.MyWebSearch) -> Value: My Web Search Bar -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Delf) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Delf) -> Value: sysdriver32_.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
c:\documents and settings\Uzivate\data aplikací\funwebproducts (Adware.MyWebSearch) -> No action taken.
c:\documents and settings\Uzivate\data aplikací\funwebproducts\Data (Adware.MyWebSearch) -> No action taken.
c:\documents and settings\Uzivate\data aplikací\funwebproducts\Data\Uzivate (Adware.MyWebSearch) -> No action taken.
c:\documents and settings\veronika\data aplikací\funwebproducts (Adware.MyWebSearch) -> No action taken.
c:\documents and settings\veronika\data aplikací\funwebproducts\Data (Adware.MyWebSearch) -> No action taken.
c:\documents and settings\veronika\data aplikací\funwebproducts\Data\veronika (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Installr (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Installr\9.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\screensaver\Cache (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\2.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\2.bin\chrome (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\chrome (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\4.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\4.bin\chrome (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\5.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\chrome (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\setups (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\SrchAstt (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\SrchAstt\1.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\SrchAstt\5.bin (Adware.MyWebSearch) -> No action taken.

Infikované soubory:
c:\Program Files\MyWebSearch\bar\6.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.
c:\WINDOWS\update.tray-10-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\update.tray-7-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\systemup.exe (Trojan.Agent) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken.
c:\WINDOWS\services32.exe (Trojan.Dropper) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\MWSSVC.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\M3HTML.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\M3SKIN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\M3MSG.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken.
c:\documents and settings\Uzivate\local settings\Temp\Rar$EX00.750\norton internet security 2011 cz 18.1.0.37 + trial reset 3.1.3\ntr2011-v3.1.3\ntr2011-v3.1.3.exe (RiskWare.Tool.CK) -> No action taken.
c:\documents and settings\Uzivate\local settings\Temp\Rar$EX00.984\norton internet security 2011 cz 18.1.0.37 + trial reset 3.1.3\ntr2011-v3.1.3\ntr2011-v3.1.3.exe (RiskWare.Tool.CK) -> No action taken.
c:\documents and settings\Uzivate\local settings\Temp\Rar$EX49.187\norton internet security 2011 cz 18.1.0.37 + trial reset 3.1.3\ntr2011-v3.1.3\ntr2011-v3.1.3.exe (RiskWare.Tool.CK) -> No action taken.
c:\program files\mywebsearch\bar\5.bin\f3dtactl.vdll (PUP.FunWebProducts) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\F3IMSTUB.DLL (PUP.FunWebProducts) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\F3PSSAVR.SCR (PUP.FunWebProducts) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\F3REGHK.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\F3RESTUB.DLL (PUP.FunWebProducts) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\F3SCHMON.EXE (PUP.FunWebProducts) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\M3IDLE.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\SrchAstt\5.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Installr\9.bin\F3EZSETP.DLL (PUP.FunWebProducts) -> No action taken.
c:\system volume information\_restore{d16d9723-31dd-45b7-9e4c-c4b79295f082}\RP295\A0080938.exe (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{d16d9723-31dd-45b7-9e4c-c4b79295f082}\RP295\A0081911.exe (Trojan.Dropper) -> No action taken.
c:\system volume information\_restore{d16d9723-31dd-45b7-9e4c-c4b79295f082}\RP295\A0081912.exe (Trojan.Dropper) -> No action taken.
c:\system volume information\_restore{d16d9723-31dd-45b7-9e4c-c4b79295f082}\RP295\A0082993.exe (Trojan.Dropper) -> No action taken.
c:\system volume information\_restore{d16d9723-31dd-45b7-9e4c-c4b79295f082}\RP295\A0082994.exe (Trojan.Dropper) -> No action taken.
c:\system volume information\_restore{d16d9723-31dd-45b7-9e4c-c4b79295f082}\RP295\A0082995.exe (Trojan.Dropper) -> No action taken.
c:\system volume information\_restore{d16d9723-31dd-45b7-9e4c-c4b79295f082}\RP295\A0082996.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\system32\f3PSSavr.scr (PUP.FunWebProducts) -> No action taken.
c:\WINDOWS\Temp\2021831.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\3267661.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\8014093.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\8654120.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\update.tray-10-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\update.tray-7-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\program files\norton2009reset.exe (Trojan.Hacktool) -> No action taken.
c:\WINDOWS\Temp\238708947.exe (Trojan.FakeAlert.Gen) -> No action taken.
c:\documents and settings\Uzivate\local settings\temporary internet files\softonic-eng7_en.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\sysdriver32.exe (Trojan.Delf) -> No action taken.
c:\WINDOWS\sysdriver32_.exe (Trojan.Delf) -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\documents and settings\Uzivate\data aplikací\funwebproducts\Data\Uzivate\avatar.dat (Adware.MyWebSearch) -> No action taken.
c:\documents and settings\Uzivate\data aplikací\funwebproducts\Data\Uzivate\zbucks.dat (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\screensaver\Cache\021B180E (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\screensaver\Cache\02224FA6.jpg (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\screensaver\Cache\files.ini (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\screensaver\Images\02186A72.urr (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\screensaver\Images\021B0E0C.urr (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\screensaver\Images\021B5DF1.dat (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\screensaver\Images\0222567C.dat (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\screensaver\Images\f3wallpp.bmp (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\screensaver\Images\wrkparam.lst (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache\cursormaniabtn.html (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache\myfuncardsimbtn.html (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache\smileycentralbtn.html (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache\webfettibtn.html (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\2.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\4.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\5.bin\m3ffxtbr.manifest (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\5.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\5.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\5.bin\m3ntstbr.manifest (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\chrome.manifest (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\INSTALL.RDF (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\M3TPINST.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\6.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\avatar.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\bgfadel.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\bgfader.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\common-x.css (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\common.css (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\cornerbl.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\cornerbr.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\ext_def.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\ext_roll.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\include.js (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\index.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\loader.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\loading.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\logo.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\max_def.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\max_roll.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\min_def.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\min_roll.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\noflash.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\res_def.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\res_roll.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\spacer.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\spacer.swf (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\topgrad.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\window.ico (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\0003548A.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\000358DF.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\00035CE6.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\00035F09.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\00036310.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\0003E9F4.bmp (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\002969FD.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\00296D97 (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\002DE1AA.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\002DE44A.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\002DE7F4.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\002DEAD2.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\00B9407F.bmp (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\00E31472.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\00E3177F.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\00E31944.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\00E31ABB.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\01073B63 (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\01074670.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\011C7077 (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\020E13A8.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\021D2812 (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\027216FD.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\02CAD4C3 (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\0004A768 (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\0005408B (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\00296653.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\0005EE9D (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\0020C008 (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\002954B0 (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\0029625C.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\00296411.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\00051D92 (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\History\search3 (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings\dxva_sig.txt (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.

Smažte vše, co MBAM nalezl, restartujte a dejte nový log z RSIT.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Uzivate at 2011-07-28 20:36:06
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (15%) free of 73 GB
Total RAM: 1014 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:36:20, on 28.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TO2SSM\McciBrowser.exe
C:\Program Files\TO2SSM\McciBrowser.exe
C:\Program Files\TO2SSM\McciBrowser.exe
C:\Program Files\TO2SSM\McciBrowser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\DOCUME~1\Uzivate\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wuauclt.exe
D:\RSIT.exe
C:\Program Files\trend micro\Uzivate.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/skins7/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Enterra Download Manager Helper - {2956DD50-4F3E-4C20-81D1-FF36435FF288} - C:\Program Files\Enterra\Download Manager\edm.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Softonic-Eng7 - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Enterra Download Manager - {B5147546-9359-4D9B-8B36-F54C54555799} - C:\Program Files\Enterra\Download Manager\edm.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ComSpec Service (x86)] rundll32.exe C:\DOCUME~1\Uzivate\LOCALS~1\Temp\ComSpc32.dll,ComSpecSrvc
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=080711 serial=DR12WES-3007622-EUW lang=CZ
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [5037585.exe] "C:\DOCUME~1\Uzivate\LOCALS~1\Temp\5037585.exe"
O4 - HKLM\..\Run: [9526147.exe] "C:\DOCUME~1\Uzivate\LOCALS~1\Temp\9526147.exe"
O4 - HKLM\..\Run: [5127369.exe] "C:\WINDOWS\TEMP\5127369.exe"
O4 - HKLM\..\Run: [61994241-loader2.exe] "C:\WINDOWS\TEMP\61994241-loader2.exe"
O4 - HKLM\..\Run: [1931563.exe] "C:\WINDOWS\TEMP\1931563.exe"
O4 - HKLM\..\Run: [6358140.exe] "C:\WINDOWS\TEMP\6358140.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Uzivate\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Download by Enterra Download Manager - res://C:\Program Files\Enterra\Download Manager\edm.dll/3000
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Enterra Download Manager - {1AB6CC97-17C1-4207-BC51-5C9D435A338E} - res://C:\Program Files\Enterra\Download Manager\edm.dll/3002 (file missing)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Norton Internet Security (NIS) - Unknown owner - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 13542 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-2146793659-1417001333-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-2146793659-1417001333-1003UA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Uzivate\Data aplikací\Mozilla\Firefox\Profiles\fw27m54g.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://start.icq.com/skins7/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, anttoolbar@ant.com:2.2.1, DTToolbar@toolbarnet.com:1.1.2.0185, personas@christopher.beard:1.6.1, toolbar@ask.com:3.9.1.14019, {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.7.2.0, {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3, {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.0, jqs@sun.com:1.0, m3ffxtbr@mywebsearch.com:1.2, {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94, {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13, penguin@loic.com:2.7"
prefs.js - "keyword.URL" - "http://search.mywebsearch.com/mywebsear ... searchfor="

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"m3ffxtbr@mywebsearch.com"=C:\Program Files\MyWebSearch\bar\6.bin
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
"{6904342A-8307-11DF-A508-4AE2DFD72085}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"=C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"=C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Web Player
"Path"=C:\Program Files\DivX\DivX Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin]
"Description"=My Web Search Plugin
"Path"=C:\Program Files\MyWebSearch\bar\6.bin\NPMyWebS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@rim.com/npappworld]
"Description"=
"Path"=C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0]
"Description"=BlackBerry Web Software Loading Helper Plug-In for Mozilla browsers
"Path"=C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@soe.sony.com/installer,version=1.0.3]
"Description"=SOE Web Installer
"Path"=C:\Documents and Settings\Uzivate\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.151_0\npsoe.dll

C:\Program Files\Mozilla Firefox\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
AskHPRFF.js
AskSearch.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nppl3260.xpt
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsIBitCometAgent.xpt
nsINIProcessor.js
nsJSRealPlayerPlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat

C:\Program Files\Mozilla Firefox\plugins\
libdivx.dll
npBitCometAgent.dll
npdeploytk.dll
npdivx32.dll
npdivx32.xpt
npnul32.dll
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
nprjplug.dll
nprpjplug.dll
ssldivx.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Uzivate\Data aplikací\Mozilla\Firefox\Profiles\fw27m54g.default\extensions\
anttoolbar@ant.com
DTToolbar@toolbarnet.com
penguin@loic.com
personas@christopher.beard
toolbar@ask.com
{0b38152b-1b20-484d-a11f-5e04a9b0661f}
{20a82645-c095-46ed-80e3-08825760534b}
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
{800b5000-a755-47e1-992b-48a1c1357f07}
{EEE6C361-6118-11DC-9C72-001320C79847}

C:\Documents and Settings\Uzivate\Data aplikací\Mozilla\Firefox\Profiles\fw27m54g.default\searchplugins\
askcom.xml
conduit.xml
daemon-search.xml
icq-search.xml
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml
mywebsearch.xml
sweetim.xml
winamp-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2956DD50-4F3E-4C20-81D1-FF36435FF288}]
EntDownloadHelper Class - C:\Program Files\Enterra\Download Manager\edm.dll [2008-04-21 729088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\prxtbSof2.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
PandoraTV Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-06 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-06 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2010-06-13 1438520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\prxtbSof2.dll [2011-01-17 175912]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-04-13 1018616]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2010-06-13 1438520]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{B5147546-9359-4D9B-8B36-F54C54555799} - Enterra Download Manager - C:\Program Files\Enterra\Download Manager\edm.dll [2008-04-21 729088]
{D4027C7F-154A-4066-A1AD-4243D8127440} - PandoraTV Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-28 16132608]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-06-11 53248]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-07 102400]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-06-13 142104]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-06-13 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-06-13 138008]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"ComSpec Service (x86)"=C:\DOCUME~1\Uzivate\LOCALS~1\Temp\ComSpc32.dll [2009-12-26 52990]
"CorelDRAW Graphics Suite 11b"=C:\Program Files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe [2004-06-23 729088]
"TO2SSM_McciTrayApp"=C:\Program Files\TO2SSM\McciTrayApp.exe [2009-01-16 1473536]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2010-08-30 111928]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe []
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]
"tray_ico"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"5037585.exe"=C:\DOCUME~1\Uzivate\LOCALS~1\Temp\5037585.exe [2011-07-25 247296]
"9526147.exe"=C:\DOCUME~1\Uzivate\LOCALS~1\Temp\9526147.exe [2011-07-25 247296]
"5127369.exe"=C:\WINDOWS\TEMP\5127369.exe [2011-07-25 247296]
"61994241-loader2.exe"=C:\WINDOWS\TEMP\61994241-loader2.exe [2011-07-25 247296]
"1931563.exe"=C:\WINDOWS\TEMP\1931563.exe [2011-07-25 256000]
"6358140.exe"=C:\WINDOWS\TEMP\6358140.exe [2011-07-27 502272]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2010-12-08 328056]
"DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTProAgent.exe []
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2008-10-24 206112]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Uzivate\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-04-10 136176]

C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Documents and Settings\Uzivate\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-05 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe"="C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\Documents and Settings\All Users.WINDOWS\Data aplikací\SweetIM\Messenger\update\sweetimsetup.exe"="C:\Documents and Settings\All Users.WINDOWS\Data aplikací\SweetIM\Messenger\update\sweetimsetup.exe:*:Enabled:SweetIM Installer"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe"="C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"D:\Flash-Player.exe"="D:\Flash-Player.exe:*:Enabled:D:\Flash-Player.exe"
"C:\WINDOWS\services32.exe"="C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\update.tray-7-0\svchost.exe"="C:\WINDOWS\update.tray-7-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-7-0\svchost.exe"
"C:\WINDOWS\update.tray-7-0-lnk\svchost.exe"="C:\WINDOWS\update.tray-7-0-lnk\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-7-0-lnk\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"VIDC.FMVC"=fmcodec.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll

======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2011-07-27 21:17:57 ----D---- C:\Documents and Settings\Uzivate\Data aplikací\Malwarebytes
2011-07-27 21:17:51 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-07-27 21:17:50 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2011-07-27 21:17:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-27 21:17:47 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-07-27 20:32:09 ----D---- C:\rsit
2011-07-27 20:32:09 ----D---- C:\Program Files\trend micro
2011-07-26 16:35:49 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Norton
2011-07-26 16:11:35 ----D---- C:\WINDOWS\system32\drivers\NIS
2011-07-26 16:01:43 ----HD---- C:\WINDOWS\update.tray-10-0-lnk
2011-07-26 16:01:43 ----HD---- C:\WINDOWS\update.tray-10-0
2011-07-26 15:56:43 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2011-07-26 15:56:43 ----A---- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2011-07-25 13:15:06 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-07-25 13:12:09 ----D---- C:\WINDOWS\ufa
2011-07-25 13:12:09 ----D---- C:\WINDOWS\rpcminer
2011-07-25 13:12:09 ----D---- C:\WINDOWS\phoenix
2011-07-25 13:07:23 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-25 13:06:14 ----HD---- C:\WINDOWS\update.5.0
2011-07-25 13:01:24 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-25 12:59:59 ----HD---- C:\WINDOWS\update.2
2011-07-25 12:59:49 ----D---- C:\Program Files\ConduitEngine
2011-07-25 12:59:49 ----A---- C:\WINDOWS\system32\ConduitEngine.tmp
2011-07-25 12:52:27 ----A---- C:\WINDOWS\unrar.exe
2011-07-25 12:51:47 ----A---- C:\WINDOWS\iplist.txt
2011-07-25 12:50:03 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-25 12:48:28 ----D---- C:\WINDOWS\av_ico
2011-07-25 12:46:43 ----HD---- C:\WINDOWS\update.1
2011-07-25 12:46:30 ----HD---- C:\WINDOWS\update.tray-7-0-lnk
2011-07-25 12:46:30 ----HD---- C:\WINDOWS\update.tray-7-0
2011-07-25 12:32:53 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-25 12:32:53 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-14 13:35:15 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\EA Core
2011-07-14 03:06:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-14 03:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-07-03 12:29:55 ----D---- C:\Program Files\Common Files\EZB Systems
2011-07-03 12:29:53 ----D---- C:\Program Files\UltraISO
2011-07-02 18:39:48 ----D---- C:\Documents and Settings\Uzivate\Data aplikací\MAGIX
2011-07-02 18:35:31 ----D---- C:\Program Files\MAGIX
2011-07-02 18:34:49 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\MAGIX
2011-07-02 18:34:37 ----D---- C:\Program Files\Common Files\MAGIX Services
2011-07-02 14:01:59 ----A---- C:\WINDOWS\system32\d3d9caps.dat
2011-06-30 10:09:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$

======List of files/folders modified in the last 1 month======

2011-07-28 20:35:28 ----SHD---- C:\WINDOWS\Installer
2011-07-28 20:35:22 ----D---- C:\Documents and Settings\Uzivate\Data aplikací\uTorrent
2011-07-28 20:34:33 ----D---- C:\WINDOWS\Temp
2011-07-28 20:34:25 ----D---- C:\WINDOWS\system32
2011-07-28 20:33:42 ----RD---- C:\Program Files
2011-07-28 20:33:40 ----D---- C:\WINDOWS\system32\drivers
2011-07-28 20:33:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-28 20:32:19 ----D---- C:\WINDOWS
2011-07-26 16:34:20 ----A---- C:\boot.ini
2011-07-26 16:13:03 ----D---- C:\Program Files\Symantec
2011-07-26 15:58:58 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-07-26 15:46:44 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-26 15:44:27 ----D---- C:\WINDOWS\Prefetch
2011-07-25 13:17:34 ----SHD---- C:\System Volume Information
2011-07-25 13:17:34 ----D---- C:\WINDOWS\system32\Restore
2011-07-25 12:59:54 ----D---- C:\Program Files\Softonic-Eng7
2011-07-24 11:15:52 ----A---- C:\WINDOWS\system32\dxva_sig.txt
2011-07-23 22:35:41 ----RSD---- C:\WINDOWS\assembly
2011-07-23 22:35:41 ----D---- C:\WINDOWS\Microsoft.NET
2011-07-23 19:24:29 ----SHD---- C:\Config.Msi
2011-07-15 22:05:25 ----D---- C:\WINDOWS\WinSxS
2011-07-15 22:05:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-07-14 13:19:28 ----D---- C:\Program Files\Microsoft.NET
2011-07-14 13:03:59 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-14 03:07:17 ----HD---- C:\WINDOWS\inf
2011-07-14 03:07:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-14 03:03:53 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-14 03:03:33 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft Help
2011-07-14 03:02:34 ----A---- C:\WINDOWS\imsins.BAK
2011-07-13 06:20:32 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-03 13:24:17 ----D---- C:\Program Files\SystemRequirementsLab
2011-07-03 12:29:55 ----D---- C:\Program Files\Common Files
2011-07-02 18:39:05 ----RSD---- C:\WINDOWS\Fonts
2011-07-02 18:36:53 ----D---- C:\WINDOWS\Help
2011-06-30 18:55:30 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-02-07 691696]
R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\drivers\NIS\1201000.025\SYMDS.SYS [2010-06-13 339504]
R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\NIS\1201000.025\SYMEFA.SYS [2010-07-29 666672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys []
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NIS\1201000.025\SRTSPX.SYS [2010-07-29 50096]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\system32\drivers\NIS\1201000.025\SYMTDI.SYS [2010-07-13 369072]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-09-20 1123328]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-03-23 539072]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-23 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-03-31 876384]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-22 988800]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-22 209664]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-05 5761728]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-30 4424192]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-09-14 5888]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-07 215904]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2007-05-02 290816]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-22 730112]
S1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys []
S1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NIS\1201000.025\Ironx86.SYS [2010-06-27 134704]
S3 a5dl2d6d;a5dl2d6d; C:\WINDOWS\system32\drivers\a5dl2d6d.sys []
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-09-15 23152]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-03-23 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-03-31 55352]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-23 67960]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSxpx86.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\NAVEX15.SYS []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RimUsb;zařízení BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 sffdisk;Ovladač třídy úložiště SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\system32\drivers\NIS\1201000.025\SRTSP.SYS [2010-07-29 489008]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256]
R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-04-13 246520]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-06 153376]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe /s NIS /m C:\Program Files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll /prefetch:1 []
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-10-01 85096]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-12-08 362240]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Zbytky tam ještě jsou. Poprosím o log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

ComboFix 11-07-28.04 - Uzivate 28.07.2011 21:10:55.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.479 [GMT 2:00]
Spuštěný z: c:\documents and settings\Uzivate\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Uzivate\LOCALS~1\Temp\5037585.exe
c:\docume~1\Uzivate\LOCALS~1\Temp\9526147.exe
c:\docume~1\Uzivate\LOCALS~1\Temp\ComSpc32.dll
c:\documents and settings\Uzivate\Local Settings\Temp\ComSpc32.dll
c:\documents and settings\Uzivate\WINDOWS
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\system\BisonC27.dll
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\f3PSSavr.scr
c:\windows\TEMP\5127369.exe
c:\windows\TEMP\61994241-loader2.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
Nakažená kopie c:\windows\system32\Drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\atapi.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_WXPDRIVERS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-28 )))))))))))))))))))))))))))))))
.
.
2011-07-27 19:17 . 2011-07-27 19:17 -------- d-----w- c:\documents and settings\Uzivate\Data aplikací\Malwarebytes
2011-07-27 19:17 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-27 19:17 . 2011-07-27 19:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2011-07-27 19:17 . 2011-07-28 18:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-27 19:17 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-27 18:32 . 2011-07-28 18:36 -------- d-----w- c:\program files\trend micro
2011-07-27 18:32 . 2011-07-27 18:33 -------- d-----w- C:\rsit
2011-07-26 14:35 . 2011-07-26 14:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Norton
2011-07-26 14:11 . 2011-07-26 14:11 -------- d-----w- c:\windows\system32\drivers\NIS
2011-07-26 14:01 . 2011-07-28 18:32 -------- d--h--w- c:\windows\update.tray-10-0-lnk
2011-07-26 14:01 . 2011-07-28 18:32 -------- d--h--w- c:\windows\update.tray-10-0
2011-07-26 13:56 . 2011-07-26 14:13 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-07-26 13:56 . 2011-07-26 14:13 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-25 11:12 . 2011-07-25 11:12 -------- d-----w- c:\windows\ufa
2011-07-25 10:59 . 2011-07-25 10:59 -------- d-----w- c:\documents and settings\Uzivate\Local Settings\Data aplikací\ConduitEngine
2011-07-25 10:59 . 2011-07-25 10:59 -------- d-----w- c:\program files\ConduitEngine
2011-07-25 10:59 . 2011-07-25 10:59 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-25 10:52 . 2011-07-25 11:12 246272 ----a-w- c:\windows\unrar.exe
2011-07-25 10:48 . 2011-07-26 14:04 -------- d-----w- c:\windows\av_ico
2011-07-25 10:46 . 2011-07-28 18:32 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-25 10:46 . 2011-07-28 18:32 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-25 10:32 . 2011-07-25 10:32 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Nabídka Start
2011-07-14 11:35 . 2011-07-14 11:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\EA Core
2011-07-03 10:29 . 2011-07-03 10:29 -------- d-----w- c:\program files\Common Files\EZB Systems
2011-07-03 10:29 . 2011-07-03 10:29 -------- d-----w- c:\program files\UltraISO
2011-07-02 16:39 . 2011-07-02 16:39 -------- d-----w- c:\documents and settings\Uzivate\Data aplikací\MAGIX
2011-07-02 16:35 . 2011-07-02 16:37 -------- d-----w- c:\program files\MAGIX
2011-07-02 16:34 . 2011-07-02 16:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\MAGIX
2011-07-02 16:34 . 2011-07-02 16:37 -------- d-----w- c:\program files\Common Files\MAGIX Services
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2004-09-14 21:02 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2009-12-03 14:35 692736 ----a-w- c:\windows\system32\inetcomm.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-01-17 175912]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-06-13 138552]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Softonic-Eng7\prxtbSof2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-06-13 15:25 1438520 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-01-17 175912]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-12-08 328056]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe" [2004-06-22 729088]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2009-01-16 1473536]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-08-30 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Uzivate\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Data aplikací\\SweetIM\\Messenger\\update\\sweetimsetup.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.2.2010 11:50 691696]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1201000.025\SymDS.sys [26.7.2011 16:12 339504]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1201000.025\SymEFA.sys [26.7.2011 16:12 666672]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27.8.2009 17:09 1253376]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [25.9.2008 8:58 246520]
S1 BHDrvx86;BHDrvx86;\??\c:\documents and settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys --> c:\documents and settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys [?]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1201000.025\Ironx86.sys [26.7.2011 16:12 134704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 NIS;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe" /s "NIS" /m "c:\program files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7.8.2008 11:10 3276800]
S3 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSxpx86.sys --> c:\documents and settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSxpx86.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [27.7.2011 21:17 41272]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 20:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/skins7/
mStart Page = hxxp://home.sweetim.com
IE: &Download by Enterra Download Manager - c:\program files\Enterra\Download Manager\edm.dll/3000
IE: &Winamp Search - c:\documents and settings\All Users.WINDOWS\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{1AB6CC97-17C1-4207-BC51-5C9D435A338E} - res://c:\program files\Enterra\Download Manager\edm.dll/3002
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Uzivate\Data aplikací\Mozilla\Firefox\Profiles\fw27m54g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/skins7/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJfox000&ptb=uF.juyBLMVxQp5uwDaQrWQ&ind=2010021419&ptnrS=ZJfox000&si=&n=77ce7e2b&psa=&st=kwd&searchfor=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Penguin: penguin@loic.com - %profile%\extensions\penguin@loic.com
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: PandoraTV Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
AddRemove-Dream Farm - h:\hry\ProgramFiles\DreamFarm\Uninstall.exe
AddRemove-NIS - c:\program files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\18.1.0.37\InstStub.exe
AddRemove-{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1 - d:\guitar pro 6\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-28 21:19
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c3,f6,00,59,5e,e6,41,26,36,ca,85,84,13,ce,e3,fe,16,61,a5,44,ee,
43,ab,1a,3a,a0,e9,12,8f,b0,62,8c,e3,d0,56,5f,c4,ee,dd,bc,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ce2d8af0-8893-4f38-ad39-aa53716e5159}]
@Denied: (Full) (Everyone)
"Model"=dword:0000001a
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,ab,9e,50,1b,eb,77,d1,ab,54,4b,bd,07,86,42,83,dd,83,e0,8b,c5,07,bb,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1732)
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btneighborhood.dll
c:\windows\system32\wbtapi.dll
c:\windows\system32\btwpimif.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btrez.dll
c:\windows\system32\btwicons.dll
c:\windows\system32\BtXpPanel.Dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\msiexec.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\docume~1\Uzivate\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Celkový čas: 2011-07-28 21:25:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-28 19:25
.
Před spuštěním: Volných bajtů: 11 454 676 992
Po spuštění: Volných bajtů: 11 963 895 808
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect
.
- - End Of File - - 27FC69896B8167A454D22B9335DFE5F1

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\windows\unrar.exe

Folder::
c:\windows\update.tray-10-0-lnk
c:\windows\update.tray-10-0´
c:\windows\ufa
c:\windows\av_ico
c:\windows\update.tray-7-0-lnk
c:\windows\update.tray-7-0
c:\program files\Ask.com

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Stále nějaké problémy?

ComboFix 11-07-28.04 - Uzivate 28.07.2011 22:13:53.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.378 [GMT 2:00]
Spuštěný z: c:\documents and settings\Uzivate\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uzivate\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1356 [VPS 110724-1] *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
file zipped: c:\windows\unrar.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_67.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\TaskScheduler.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\av_ico
c:\windows\av_ico\ico_avast_desktop.ico
c:\windows\av_ico\ico_avast_start.ico
c:\windows\av_ico\ico_norton_start.ico
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.tray-10-0-lnk
c:\windows\update.tray-7-0-lnk
c:\windows\update.tray-7-0
.
Nakažená kopie c:\windows\system32\Drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\atapi.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-28 )))))))))))))))))))))))))))))))
.
.
2011-07-27 19:17 . 2011-07-27 19:17 -------- d-----w- c:\documents and settings\Uzivate\Data aplikací\Malwarebytes
2011-07-27 19:17 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-27 19:17 . 2011-07-27 19:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2011-07-27 19:17 . 2011-07-28 18:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-27 19:17 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-27 18:32 . 2011-07-28 18:36 -------- d-----w- c:\program files\trend micro
2011-07-27 18:32 . 2011-07-27 18:33 -------- d-----w- C:\rsit
2011-07-26 14:35 . 2011-07-26 14:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Norton
2011-07-26 14:11 . 2011-07-26 14:11 -------- d-----w- c:\windows\system32\drivers\NIS
2011-07-26 14:01 . 2011-07-28 18:32 -------- d--h--w- c:\windows\update.tray-10-0
2011-07-26 13:56 . 2011-07-26 14:13 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-07-26 13:56 . 2011-07-26 14:13 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-25 10:59 . 2011-07-25 10:59 -------- d-----w- c:\documents and settings\Uzivate\Local Settings\Data aplikací\ConduitEngine
2011-07-25 10:59 . 2011-07-25 10:59 -------- d-----w- c:\program files\ConduitEngine
2011-07-25 10:59 . 2011-07-25 10:59 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-25 10:32 . 2011-07-25 10:32 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Nabídka Start
2011-07-14 11:35 . 2011-07-14 11:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\EA Core
2011-07-03 10:29 . 2011-07-03 10:29 -------- d-----w- c:\program files\Common Files\EZB Systems
2011-07-03 10:29 . 2011-07-03 10:29 -------- d-----w- c:\program files\UltraISO
2011-07-02 16:39 . 2011-07-02 16:39 -------- d-----w- c:\documents and settings\Uzivate\Data aplikací\MAGIX
2011-07-02 16:35 . 2011-07-02 16:37 -------- d-----w- c:\program files\MAGIX
2011-07-02 16:34 . 2011-07-02 16:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\MAGIX
2011-07-02 16:34 . 2011-07-02 16:37 -------- d-----w- c:\program files\Common Files\MAGIX Services
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2004-09-14 21:02 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2009-12-03 14:35 692736 ----a-w- c:\windows\system32\inetcomm.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-28_19.19.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-28 20:23 . 2011-07-28 20:23 16384 c:\windows\temp\Perflib_Perfdata_688.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-01-17 175912]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-06-13 138552]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Softonic-Eng7\prxtbSof2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-06-13 15:25 1438520 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-01-17 175912]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-01-17 175912]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-12-08 328056]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe" [2004-06-22 729088]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2009-01-16 1473536]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-08-30 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Uzivate\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Data aplikací\\SweetIM\\Messenger\\update\\sweetimsetup.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.2.2010 11:50 691696]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1201000.025\SymDS.sys [26.7.2011 16:12 339504]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1201000.025\SymEFA.sys [26.7.2011 16:12 666672]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27.8.2009 17:09 1253376]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [25.9.2008 8:58 246520]
S1 BHDrvx86;BHDrvx86;\??\c:\documents and settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys --> c:\documents and settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys [?]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1201000.025\Ironx86.sys [26.7.2011 16:12 134704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 NIS;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe" /s "NIS" /m "c:\program files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7.8.2008 11:10 3276800]
S3 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSxpx86.sys --> c:\documents and settings\All Users.WINDOWS\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSxpx86.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [27.7.2011 21:17 41272]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/skins7/
mStart Page = hxxp://home.sweetim.com
IE: &Download by Enterra Download Manager - c:\program files\Enterra\Download Manager\edm.dll/3000
IE: &Winamp Search - c:\documents and settings\All Users.WINDOWS\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{1AB6CC97-17C1-4207-BC51-5C9D435A338E} - res://c:\program files\Enterra\Download Manager\edm.dll/3002
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Uzivate\Data aplikací\Mozilla\Firefox\Profiles\fw27m54g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/skins7/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJfox000&ptb=uF.juyBLMVxQp5uwDaQrWQ&ind=2010021419&ptnrS=ZJfox000&si=&n=77ce7e2b&psa=&st=kwd&searchfor=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Penguin: penguin@loic.com - %profile%\extensions\penguin@loic.com
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: PandoraTV Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-28 22:24
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c3,f6,00,59,5e,e6,41,26,36,ca,85,84,13,ce,e3,fe,16,61,a5,44,ee,
43,ab,1a,3a,a0,e9,12,8f,b0,62,8c,e3,d0,56,5f,c4,ee,dd,bc,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ce2d8af0-8893-4f38-ad39-aa53716e5159}]
@Denied: (Full) (Everyone)
"Model"=dword:0000001a
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,ab,9e,50,1b,eb,77,d1,ab,54,4b,bd,07,86,42,83,dd,83,e0,8b,c5,07,bb,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1776)
c:\program files\RocketDock\RocketDock.dll
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btneighborhood.dll
c:\windows\system32\wbtapi.dll
c:\windows\system32\btwpimif.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btrez.dll
c:\windows\system32\btwicons.dll
c:\windows\system32\BtXpPanel.Dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\msiexec.exe
c:\docume~1\Uzivate\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Celkový čas: 2011-07-28 22:30:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-28 20:30
ComboFix2.txt 2011-07-28 19:25
.
Před spuštěním: Volných bajtů: 11 969 298 432
Po spuštění: Volných bajtů: 11 947 216 896
.
- - End Of File - - 3EC7E2817C7169103A22FA2F1970C275
Nahr nˇ probŘhlo ŁspŘçnŘ

Většina smazána. Stáhněte a spusťte Avenger: http://www.viry.cz/forum/viewtopic.php?f=11&t=19832 tímto skriptem:

Folders to delete:
c:\windows\update.tray-10-0

Úspěšně vymazáno:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "c:\windows\update.tray-10-0" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Smazáno, PC již by měl být čistý.

Moc děkuji za pomoc

Nemáte zač!

VIRY.CZ

FB vir....

FB vir....

Re: FB vir....

Re: FB vir....

Re: FB vir....

Re: FB vir....

Re: FB vir....

Re: FB vir....

Re: FB vir....

Re: FB vir....

Re: FB vir....

Re: FB vir....

Re: FB vir....

Re: FB vir....

Re: FB vir....