VIRY.CZ

Zdravím....jsem další nachytaný s tim FB virem.
Ale nevim zda je to normální či ne, ale když nainstaluju antivirus tak se mi vypne celý počítač a zapne v safemodu,po chvilce zase sám vypne a potom se zapne normálně.

Tady vam posílám RSIT LOG:



Logfile of random's system information tool 1.09 (written by random/random)
Run by David at 2011-08-22 11:30:16
Microsoft Windows 7 Ultimate
System drive C: has 33 GB (22%) free of 153 GB
Total RAM: 2038 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:31:13, on 22.8.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\l1rezerv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\explorer.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\David\Desktop\RSIT.exe
C:\Program Files\trend micro\David.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O2 - BHO: FaceSmooch Toolbar - {3c490bf5-4244-4310-b4a7-3361f288dac5} - C:\Program Files\facesmoochtb\facesmoochDx.dll
O2 - BHO: Updater For FaceSmooch Toolbar - {41069220-f72a-40ea-a8f3-bcd5e1fbc8f0} - C:\Program Files\facesmoochtb\auxi\facesmoochAu.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.DLL (file missing)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: GamePlayLabsBHO - {984A9162-8891-4D19-8CFE-17648BB4E1EC} - C:\Users\David\AppData\Local\GamePlayLabs Plugin\BHO.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\ToolBar\searchqudtx.dll
O2 - BHO: UrlHelper Class - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~1\WI3C8A~1\Datamngr\IEBHO.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Lišta Centrum.cz Toolbar - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O3 - Toolbar: MP3 Rocket Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\ToolBar\searchqudtx.dll
O3 - Toolbar: FaceSmooch Toolbar - {3c490bf5-4244-4310-b4a7-3361f288dac5} - C:\Program Files\facesmoochtb\facesmoochDx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WI3C8A~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [FaceSmooch Toolbar Antiphishing] "C:\ProgramData\FaceSmooch Toolbar Antiphishing\facesmo2_0dn.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [wxpdrv] C:\Windows\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\Windows\update.tray-7-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico1] C:\Windows\update.tray-15-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico2] C:\Windows\update.tray-12-0\svchost.exe
O4 - HKLM\..\Run: [9841003.exe] "C:\Windows\Temp\9841003.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\Windows\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\Windows\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [45644730-loader2.exe] "C:\Windows\Temp\45644730-loader2.exe"
O4 - HKLM\..\Run: [8989864.exe] "C:\Windows\Temp\8989864.exe"
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\Windows\l1rezerv.exe"
O4 - HKLM\..\Run: [7673655.exe] "C:\Windows\Temp\7673655.exe"
O4 - HKLM\..\Run: [tray_ico3] C:\Windows\update.tray-10-0\svchost.exe
O4 - HKLM\..\Run: [systemup] "C:\Windows\systemup.exe" stand
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Advanced SystemCare 4] "C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [GameTracker] "C:\Program Files\GameTracker\GTLite.exe"
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP 2010\qip.exe" /autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: BlackBerry Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs: C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~1\WI3C8A~1\Datamngr\IEBHO.dll
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - IVT Corporation - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: ddservice - Unknown owner - C:\Windows\update.7.1\svchostdriver.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files\GameTracker\GSInGameService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Norton AntiVirus (NAV) - Unknown owner - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: srvbtcclient - Unknown owner - C:\Windows\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\Windows\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\Windows\sysdriver32.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: wxpdrivers - Unknown owner - C:\Windows\update.1\svchost.exe

--
End of file - 12682 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Norton Security Scan for David.job
C:\Windows\tasks\RegistryBooster.job

=========Mozilla firefox=========

ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\2nm940xt.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "Cetrumcz@igeared:1.203.023.002, toolbar@ask.com:3.12.2.100006, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, plugin2@gameplaylabs.com:2.0, {ba23dafc-5a36-4bdd-9d69-ed60da9d6c78}:1.1, {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9, {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.5.0.8013, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.20"
prefs.js - "keyword.URL" - "http://search.centrum.cz/index.php?tool ... m-1.0.0&q="

"Cetrumcz@igeared"=C:\Program Files\CentrumczToolbar\Firefox\Cetrumcz@igeared
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0]
"Description"=BlackBerry Web Software Loading Helper Plug-In for Mozilla browsers
"Path"=C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
npnul32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
Cetrumcz_igeared.xml
facesmoochtb.xml
google.xml
jyxo-cz.xml
mall-cz.xml
SearchquWebSearch.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\2nm940xt.default\extensions\
plugin2@gameplaylabs.com
toolbar@ask.com
{99079a25-328f-4bd4-be04-00955acaa0a7}
{ba23dafc-5a36-4bdd-9d69-ed60da9d6c78}
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\2nm940xt.default\searchplugins\
SearchquWebSearch.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A}]
CentrumczToolbar BHO - C:\Program Files\CentrumczToolbar\IEToolbar.dll [2010-03-26 1286448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3c490bf5-4244-4310-b4a7-3361f288dac5}]
FaceSmooch Toolbar - C:\Program Files\facesmoochtb\facesmoochDx.dll [2011-03-09 86696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41069220-f72a-40ea-a8f3-bcd5e1fbc8f0}]
Updater For FaceSmooch Toolbar - C:\Program Files\facesmoochtb\auxi\facesmoochAu.dll [2011-03-09 262312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-12-13 141184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{984A9162-8891-4D19-8CFE-17648BB4E1EC}]
GamePlayLabsBHO Class - C:\Users\David\AppData\Local\GamePlayLabs Plugin\BHO.dll [2011-04-29 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
Searchqu Toolbar - C:\PROGRA~1\WI3C8A~1\ToolBar\searchqudtx.dll [2011-03-02 88976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
UrlHelper Class - C:\PROGRA~1\WI3C8A~1\Datamngr\IEBHO.dll [2011-03-24 722840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-07-11 3821568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
MP3 Rocket Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-03-27 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-20 988480]
{D5D47440-0750-463D-BAEF-A47D02414806} - Lišta Centrum.cz Toolbar - C:\Program Files\CentrumczToolbar\IEToolbar.dll [2010-03-26 1286448]
{D4027C7F-154A-4066-A1AD-4243D8127440} - MP3 Rocket Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]
{99079a25-328f-4bd4-be04-00955acaa0a7} - Searchqu Toolbar - C:\PROGRA~1\WI3C8A~1\ToolBar\searchqudtx.dll [2011-03-02 88976]
{3c490bf5-4244-4310-b4a7-3361f288dac5} - FaceSmooch Toolbar - C:\Program Files\facesmoochtb\facesmoochDx.dll [2011-03-09 86696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2009-05-05 1466368]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-05-27 1721640]
"RIMBBLaunchAgent.exe"=C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [2011-02-18 79192]
"DATAMNGR"=C:\PROGRA~1\WI3C8A~1\Datamngr\DATAMN~1.EXE [2011-03-24 1115536]
""= []
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2011-05-17 395144]
"FaceSmooch Toolbar Antiphishing"=C:\ProgramData\FaceSmooch Toolbar Antiphishing\facesmo2_0dn.exe [2011-06-14 231592]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]
"wxpdrv"=C:\Windows\services32.exe [2011-08-19 1215488]
"tray_ico0"=C:\Windows\update.tray-7-0\svchost.exe [2011-08-19 1215488]
"tray_ico1"=C:\Windows\update.tray-15-0\svchost.exe [2011-08-19 1215488]
"tray_ico2"=C:\Windows\update.tray-12-0\svchost.exe [2011-08-19 1215488]
"9841003.exe"=C:\Windows\Temp\9841003.exe [2011-08-19 258048]
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-08-19 258048]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-08-19 258048]
"45644730-loader2.exe"=C:\Windows\Temp\45644730-loader2.exe [2011-08-19 258048]
"8989864.exe"=C:\Windows\Temp\8989864.exe [2011-08-19 258048]
"l1rezerv.exe"=C:\Windows\l1rezerv.exe [2011-08-19 232960]
"7673655.exe"=C:\Windows\Temp\7673655.exe [2011-08-21 634880]
"tray_ico"= []
"tray_ico3"=C:\Windows\update.tray-10-0\svchost.exe [2011-08-19 1215488]
"tray_ico4"= []
"systemup"=C:\Windows\systemup.exe [2011-08-22 139776]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"Advanced SystemCare 4"=C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe [2011-04-21 402832]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2011-07-09 3077528]
"GameTracker"=C:\Program Files\GameTracker\GTLite.exe [2011-04-29 4018984]
"Infium"=C:\Program Files\QIP 2010\qip.exe [2011-07-18 6812032]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-07-29 17361032]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4StoryPrePatch]
C:\Program Files\Gameforge4D\4Story\PrePatch.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [2009-11-17 315478]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
C:\Users\David\AppData\Roaming\QipGuard\QipGuard.exe /p []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
BlackBerry Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~1\WI3C8A~1\Datamngr\IEBHO.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutorun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=serwvdrv.dll
"msacm.vorbis"=vorbis.acm
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 month======

2011-08-22 11:30:16 ----D---- C:\rsit
2011-08-22 11:30:16 ----D---- C:\Program Files\trend micro
2011-08-22 11:04:03 ----A---- C:\Windows\systemup.exe
2011-08-22 11:01:49 ----HD---- C:\Windows\update.tray-10-0-lnk
2011-08-22 11:01:49 ----HD---- C:\Windows\update.tray-10-0
2011-08-22 11:01:10 ----A---- C:\Windows\ntbtlog.txt
2011-08-21 22:12:26 ----D---- C:\Program Files\Symantec
2011-08-21 22:12:26 ----A---- C:\Windows\system32\drivers\SYMEVENT.SYS
2011-08-21 22:12:02 ----D---- C:\Windows\system32\drivers\NAV
2011-08-20 20:55:12 ----A---- C:\Windows\wininit.ini
2011-08-20 20:44:47 ----D---- C:\Windows\Entropia Universe
2011-08-20 20:44:46 ----D---- C:\Program Files\Entropia Universe
2011-08-20 20:42:25 ----A---- C:\Windows\Entropia Universe Setup Log.txt
2011-08-20 16:53:28 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-08-20 16:53:28 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-08-20 15:23:12 ----D---- C:\Program Files\THQ
2011-08-20 14:38:05 ----HD---- C:\Windows\update.tray-12-0-lnk
2011-08-20 14:38:05 ----HD---- C:\Windows\update.tray-12-0
2011-08-20 13:32:52 ----HD---- C:\ProgramData\Common Files
2011-08-20 13:32:43 ----D---- C:\ProgramData\MFAData
2011-08-20 12:37:00 ----HD---- C:\Windows\update.tray-15-0-lnk
2011-08-20 12:37:00 ----HD---- C:\Windows\update.tray-15-0
2011-08-19 16:44:08 ----D---- C:\Windows\ufa
2011-08-19 16:44:08 ----D---- C:\Windows\rpcminer
2011-08-19 16:44:08 ----D---- C:\Windows\phoenix
2011-08-19 16:30:29 ----A---- C:\Windows\l1rezerv.exe
2011-08-19 16:29:46 ----A---- C:\Windows\btc_client_iplist.txt
2011-08-19 16:28:47 ----HD---- C:\Windows\update.5.0
2011-08-19 16:27:51 ----A---- C:\Windows\iecheck_iplist.txt
2011-08-19 16:27:17 ----HD---- C:\Windows\update.2
2011-08-19 16:26:33 ----A---- C:\Windows\unrar.exe
2011-08-19 16:26:13 ----HD---- C:\Windows\update.7.1
2011-08-19 16:24:50 ----A---- C:\Windows\iplist.txt
2011-08-19 16:23:35 ----D---- C:\Windows\av_ico
2011-08-19 16:23:34 ----A---- C:\Windows\sysdriver32_.exe
2011-08-19 16:23:19 ----A---- C:\Windows\sysdriver32.exe
2011-08-19 16:23:02 ----A---- C:\Windows\front_ip_list.txt
2011-08-19 16:21:37 ----HD---- C:\Windows\update.1
2011-08-19 16:21:35 ----HD---- C:\Windows\update.tray-7-0-lnk
2011-08-19 16:21:35 ----HD---- C:\Windows\update.tray-7-0
2011-08-19 16:06:05 ----A---- C:\Windows\winlog-ids.txt
2011-08-19 16:06:05 ----A---- C:\Windows\winlog-dirs.txt
2011-08-19 16:05:52 ----A---- C:\Windows\services32.exe
2011-08-15 23:34:17 ----D---- C:\ProgramData\Deskshare
2011-08-15 23:33:55 ----D---- C:\Program Files\Common Files\Deskshare Shared
2011-08-15 23:33:54 ----D---- C:\Program Files\Deskshare
2011-08-11 17:39:24 ----D---- C:\Program Files\JoWood
2011-08-09 15:47:08 ----D---- C:\Users\David\AppData\Roaming\ts3overlay
2011-08-09 15:43:59 ----D---- C:\Users\David\AppData\Roaming\TS3Client
2011-08-09 15:43:11 ----D---- C:\Program Files\TeamSpeak 3 Client
2011-08-07 15:07:10 ----D---- C:\Windows\system32\URTTEMP
2011-08-05 13:07:57 ----D---- C:\Program Files\Nová složka
2011-08-02 21:54:23 ----A---- C:\Windows\DIIUnin.dat
2011-08-02 21:54:21 ----A---- C:\Windows\DIIUnin.pif
2011-08-02 21:54:21 ----A---- C:\Windows\DIIUnin.exe
2011-08-02 21:35:10 ----AT---- C:\Windows\system32\SIntfNT.dll
2011-08-02 21:35:10 ----AT---- C:\Windows\system32\SIntf32.dll
2011-08-02 21:35:10 ----AT---- C:\Windows\system32\SIntf16.dll
2011-08-02 21:34:13 ----D---- C:\ProgramData\Mozilla
2011-08-02 21:31:41 ----D---- C:\Program Files\Diablo II
2011-08-02 12:03:26 ----D---- C:\Users\David\AppData\Roaming\Sakura
2011-08-02 11:49:36 ----D---- C:\Program Files\Cenega Czech
2011-08-01 21:20:29 ----D---- C:\Users\David\AppData\Roaming\DivX
2011-08-01 15:46:44 ----D---- C:\Program Files\kill.switch ( DEMO )
2011-07-31 19:37:53 ----D---- C:\Program Files\System Shock 2
2011-07-30 18:11:11 ----A---- C:\Windows\system32\uxtuneup.dll
2011-07-30 18:11:11 ----A---- C:\Windows\system32\authuitu.dll
2011-07-30 17:57:24 ----D---- C:\Program Files\TuneUp Utilities 2010
2011-07-30 17:56:24 ----SHD---- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2011-07-28 15:38:01 ----A---- C:\Windows\system32\kernel32.dll
2011-07-28 15:37:59 ----A---- C:\Windows\system32\winsrv.dll
2011-07-28 15:37:59 ----A---- C:\Windows\system32\conhost.exe
2011-07-28 15:37:50 ----A---- C:\Windows\system32\tquery.dll
2011-07-28 15:37:50 ----A---- C:\Windows\system32\mssrch.dll
2011-07-28 15:37:49 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-07-28 15:37:48 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-07-28 15:37:48 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-07-28 15:37:48 ----A---- C:\Windows\system32\mssvp.dll
2011-07-28 15:37:48 ----A---- C:\Windows\system32\mssphtb.dll
2011-07-28 15:37:48 ----A---- C:\Windows\system32\mssph.dll
2011-07-28 15:37:47 ----A---- C:\Windows\system32\msscntrs.dll
2011-07-28 15:37:29 ----A---- C:\Windows\system32\mshtml.dll
2011-07-28 15:37:24 ----A---- C:\Windows\system32\iertutil.dll
2011-07-28 15:37:22 ----A---- C:\Windows\system32\ieframe.dll
2011-07-28 15:37:19 ----A---- C:\Windows\system32\urlmon.dll
2011-07-28 15:37:17 ----A---- C:\Windows\system32\wininet.dll
2011-07-28 15:37:17 ----A---- C:\Windows\system32\iedkcs32.dll
2011-07-28 15:37:16 ----A---- C:\Windows\system32\mstime.dll
2011-07-28 15:37:16 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-07-28 15:37:16 ----A---- C:\Windows\system32\msfeeds.dll
2011-07-28 15:37:16 ----A---- C:\Windows\system32\licmgr10.dll
2011-07-28 15:37:16 ----A---- C:\Windows\system32\iepeers.dll
2011-07-28 15:37:15 ----A---- C:\Windows\system32\mshtmled.dll
2011-07-28 15:37:15 ----A---- C:\Windows\system32\msfeedssync.exe
2011-07-28 15:37:15 ----A---- C:\Windows\system32\jsproxy.dll
2011-07-28 15:37:15 ----A---- C:\Windows\system32\ieui.dll
2011-07-28 15:37:06 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-07-28 15:37:05 ----A---- C:\Windows\system32\oleaut32.dll
2011-07-28 15:37:01 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-28 15:37:00 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-28 15:36:59 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-28 15:36:59 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-28 15:36:58 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-28 15:36:58 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-28 15:36:58 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-28 15:36:58 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-28 15:36:58 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-28 15:36:58 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-28 15:36:58 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-28 15:36:58 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-28 15:36:58 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-28 15:36:58 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-28 15:36:58 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-28 15:36:58 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-28 15:36:58 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-28 15:36:57 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-28 15:36:57 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-28 15:36:57 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-28 15:36:57 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-28 15:36:57 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-28 15:36:57 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-28 15:36:57 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-28 15:36:57 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-28 15:36:56 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-28 15:36:56 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-28 15:36:56 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-28 15:36:56 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-28 15:36:49 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-07-28 15:36:48 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-07-28 15:36:44 ----A---- C:\Windows\system32\win32k.sys
2011-07-28 15:36:41 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-07-28 15:36:40 ----A---- C:\Windows\system32\drivers\afd.sys
2011-07-28 15:36:38 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-07-28 15:36:38 ----A---- C:\Windows\system32\drivers\srv.sys
2011-07-28 15:36:37 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-07-28 15:36:35 ----A---- C:\Windows\system32\drivers\dfsc.sys
2011-07-28 15:36:30 ----A---- C:\Windows\system32\mfc42.dll
2011-07-28 15:36:29 ----A---- C:\Windows\system32\mfc42u.dll
2011-07-28 15:36:27 ----A---- C:\Windows\system32\XpsPrint.dll
2011-07-28 15:36:25 ----A---- C:\Windows\system32\inetcomm.dll
2011-07-28 15:36:21 ----A---- C:\Windows\system32\poqexec.exe
2011-07-28 15:36:18 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-07-28 15:36:16 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-07-28 15:36:11 ----A---- C:\Windows\system32\atmlib.dll
2011-07-28 15:36:11 ----A---- C:\Windows\system32\atmfd.dll
2011-07-28 15:36:09 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-07-28 15:36:09 ----A---- C:\Windows\system32\dnsapi.dll
2011-07-28 15:36:08 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-07-28 15:36:05 ----A---- C:\Windows\system32\jscript.dll
2011-07-28 15:36:04 ----A---- C:\Windows\system32\vbscript.dll
2011-07-28 15:35:35 ----A---- C:\Windows\system32\FXSCOVER.exe
2011-07-28 15:35:31 ----A---- C:\Windows\explorer.exe
2011-07-28 15:35:28 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2011-07-28 15:29:02 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-07-28 15:29:01 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-07-28 15:29:01 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-07-28 13:38:01 ----A---- C:\Windows\system32\TURegOpt.exe
2011-07-28 13:37:23 ----D---- C:\Users\David\AppData\Roaming\TuneUp Software
2011-07-28 13:36:11 ----D---- C:\ProgramData\TuneUp Software
2011-07-28 13:36:04 ----SHD---- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-07-26 20:00:50 ----D---- C:\Program Files\Bethesda Softworks
2011-07-24 19:26:43 ----D---- C:\Users\David\AppData\Roaming\Sierra
2011-07-24 19:17:10 ----D---- C:\Program Files\Sierra

======List of files/folders modified in the last 1 month======

2011-08-22 11:30:28 ----D---- C:\Windows\Temp
2011-08-22 11:30:16 ----RD---- C:\Program Files
2011-08-22 11:29:30 ----D---- C:\Windows\tracing
2011-08-22 11:16:42 ----D---- C:\Windows\system32\config
2011-08-22 11:12:33 ----D---- C:\Users\David\AppData\Roaming\Skype
2011-08-22 11:04:03 ----D---- C:\Windows
2011-08-22 11:03:53 ----D---- C:\Users\David\AppData\Roaming\GameTracker
2011-08-22 11:03:46 ----D---- C:\Program Files\QIP 2010
2011-08-22 11:01:55 ----HD---- C:\ProgramData
2011-08-21 22:13:25 ----D---- C:\Windows\system32\Tasks
2011-08-21 22:12:30 ----SHD---- C:\System Volume Information
2011-08-21 22:12:27 ----D---- C:\Windows\system32\drivers
2011-08-21 22:12:26 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-08-20 20:54:39 ----D---- C:\Windows\winsxs
2011-08-20 20:44:36 ----SHD---- C:\Windows\Installer
2011-08-20 17:43:13 ----A---- C:\Windows\system32\CmdLineExt03.dll
2011-08-20 17:09:43 ----D---- C:\Windows\System32
2011-08-20 17:09:43 ----D---- C:\Windows\inf
2011-08-20 17:09:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-20 14:34:13 ----D---- C:\Windows\system32\catroot
2011-08-20 14:34:12 ----D---- C:\Windows\system32\DriverStore
2011-08-20 12:40:28 ----RD---- C:\Program Files\Skype
2011-08-20 12:40:28 ----D---- C:\ProgramData\Skype
2011-08-19 16:44:48 ----D---- C:\Windows\Prefetch
2011-08-19 16:27:38 ----D---- C:\Windows\system32\drivers\etc
2011-08-18 23:58:16 ----D---- C:\Program Files\Mozilla Firefox
2011-08-18 09:20:46 ----D---- C:\Users\David\AppData\Roaming\VoipDiscount
2011-08-16 19:09:11 ----D---- C:\Windows\system32\wdi
2011-08-16 12:20:19 ----D---- C:\Users\David\AppData\Roaming\gtk-2.0
2011-08-15 23:33:55 ----D---- C:\Program Files\Common Files
2011-08-13 11:21:14 ----D---- C:\Windows\system32\NDF
2011-08-11 21:10:27 ----HD---- C:\Program Files\InstallShield Installation Information
2011-08-11 21:09:27 ----D---- C:\Program Files\EA Games
2011-08-07 15:27:21 ----SHD---- C:\$Recycle.Bin
2011-08-07 15:26:55 ----RD---- C:\Users
2011-08-07 15:15:50 ----D---- C:\Windows\system32\catroot2
2011-08-07 15:09:38 ----D---- C:\Windows\Registration
2011-08-07 15:09:13 ----D---- C:\Program Files\Internet Explorer
2011-08-07 15:08:12 ----RSD---- C:\Windows\assembly
2011-08-07 14:30:26 ----D---- C:\ProgramData\PMB Files
2011-08-07 12:39:31 ----D---- C:\Program Files\Warcraft III
2011-07-29 06:49:19 ----D---- C:\Windows\Microsoft.NET
2011-07-28 16:36:45 ----RSD---- C:\Windows\Fonts
2011-07-28 16:36:42 ----D---- C:\Windows\system32\migration
2011-07-28 16:01:39 ----D---- C:\Program Files\Microsoft Silverlight
2011-07-24 19:15:27 ----D---- C:\Program Files\Common Files\InstallShield

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
R0 BtHidBus;Bluetooth HID Bus Service; C:\Windows\System32\Drivers\BtHidBus.sys [2009-09-24 19592]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NAV\1100000.088\SYMDS.SYS [2009-08-30 328752]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NAV\1100000.088\SYMEFA.SYS [2009-08-30 169008]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2010-07-12 54112]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2011-03-01 34896]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
R1 ccHP;Symantec Hash Provider; C:\Windows\system32\drivers\NAV\1100000.088\ccHPx86.sys [2009-08-25 501888]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-05 218688]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NAV\1100000.088\SRTSPX.SYS [2009-08-30 43696]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\system32\drivers\NAV\1100000.088\SYMTDIV.SYS [2009-08-30 338480]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-08 2506232]
R3 btnetBUs;Bluetooth PAN Bus Service; C:\Windows\System32\Drivers\btnetBus.sys [2009-09-24 22528]
R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 IvtBtBUs;IVT Bluetooth Bus Service; C:\Windows\System32\Drivers\IvtBtBus.sys [2009-08-26 25480]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2009-07-14 18432]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-14 8192]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2009-10-10 84992]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-05-05 1095808]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2011-08-21 124976]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-05-27 245936]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2009-08-28 32392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20090829.001\BHDrvx86.sys []
S1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20090828.002\IDSVix86.sys []
S1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NAV\1100000.088\Ironx86.SYS [2009-08-30 114736]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
S3 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2009-06-17 17928]
S3 EagleNT;EagleNT; C:\Windows\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; C:\Windows\system32\drivers\EagleXNt.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20090829.019\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20090829.019\NAVEX15.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RimUsb;zařízení BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2011-02-16 64000]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\system32\drivers\NAV\1100000.088\SRTSP.SYS [2009-08-30 325168]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2009-08-26 14856]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdvancedSystemCareService;Advanced SystemCare Service; C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656]
R2 BsMobileCS;BsMobileCS; C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-11-17 143467]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ddservice;ddservice; C:\Windows\update.7.1\svchostdriver.exe [2011-08-19 382464]
R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
R2 GS In-Game Service;GS In-Game Service; C:\Program Files\GameTracker\GSInGameService.exe [2011-04-29 1677096]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 srvbtcclient;srvbtcclient; C:\Windows\update.5.0\svchost.exe [2011-08-21 355840]
R2 srviecheck;srviecheck; C:\Windows\update.2\svchost.exe [2011-08-21 634880]
R2 srvsysdriver32;srvsysdriver32; C:\Windows\sysdriver32.exe [2011-08-19 258048]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2011-07-08 1052480]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 BsHelpCS;BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2009-11-17 102503]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-05 136176]
S2 NAV;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe /s NAV /m C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\diMaster.dll /prefetch:1 []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-05 136176]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-09-08 575488]
S3 TuneUp.Defrag;@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2011-07-30 435008]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

Zdravím, je to normální že FB vir ustřeluje antivir.

Tohle fixni v HJT :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: FaceSmooch Toolbar - {3c490bf5-4244-4310-b4a7-3361f288dac5} - C:\Program Files\facesmoochtb\facesmoochDx.dll
O2 - BHO: Updater For FaceSmooch Toolbar - {41069220-f72a-40ea-a8f3-bcd5e1fbc8f0} - C:\Program Files\facesmoochtb\auxi\facesmoochAu.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.DLL (file missing)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\ToolBar\searchqudtx.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\ToolBar\searchqudtx.dll
O3 - Toolbar: FaceSmooch Toolbar - {3c490bf5-4244-4310-b4a7-3361f288dac5} - C:\Program Files\facesmoochtb\facesmoochDx.dll
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [FaceSmooch Toolbar Antiphishing] "C:\ProgramData\FaceSmooch Toolbar Antiphishing\facesmo2_0dn.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [wxpdrv] C:\Windows\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\Windows\update.tray-7-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico1] C:\Windows\update.tray-15-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico2] C:\Windows\update.tray-12-0\svchost.exe
O4 - HKLM\..\Run: [9841003.exe] "C:\Windows\Temp\9841003.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\Windows\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\Windows\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [45644730-loader2.exe] "C:\Windows\Temp\45644730-loader2.exe"
O4 - HKLM\..\Run: [8989864.exe] "C:\Windows\Temp\8989864.exe"
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\Windows\l1rezerv.exe"
O4 - HKLM\..\Run: [7673655.exe] "C:\Windows\Temp\7673655.exe"
O4 - HKLM\..\Run: [tray_ico3] C:\Windows\update.tray-10-0\svchost.exe
O4 - HKLM\..\Run: [systemup] "C:\Windows\systemup.exe" stand
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe

HJT najdeš zde :

C:\Program Files\trend micro\David.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Odebrat programy odinstaluj Advanced SystemCare a Spybot SD


Přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :

ddservice

Služba Google Update (gupdate)

Služba Google Update (gupdatem)

Nero BackItUp Scheduler 3

NMIndexingService - Nero AG

NMSAccess

srvbtcclient

srviecheck

srvsysdriver32

wxpdrivers

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !!!

tak jo všechno jsem udělal jak jste napsal a tady je ten log z Mbam :


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 7534

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

22.8.2011 13:48:27
mbam-log-2011-08-22 (13-48-18).txt

Typ kontroly: Rychlý test
Testované objekty: 171977
Uplynulý čas: 5 minut, 12 sekund

Infikované procesy v paměti: 3
Infikované moduly v paměti: 0
Infikované klíče v registru: 17
Infikované hodnoty v registru: 2
Infikované datové položky v registru: 3
Infikované složky: 1
Infikované soubory: 29

Infikované procesy v paměti:
c:\Windows\systemup.exe (Trojan.Agent.Gen) -> 4892 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 3340 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 2088 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Delf) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{984A9162-8891-4D19-8CFE-17648BB4E1EC} (Spyware.GamePlayLabs) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{984A9162-8891-4D19-8CFE-17648BB4E1EC} (Spyware.GamePlayLabs) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{199C34A4-5436-403F-A250-219E16672570} (Spyware.GamePlayLabs) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8E7AD93B-3E87-423D-947F-A321FA7E31C4} (Spyware.GamePlayLabs) -> No action taken.
HKEY_CLASSES_ROOT\BHO.GamePlayLabsBHO.1 (Spyware.GamePlayLabs) -> No action taken.
HKEY_CLASSES_ROOT\BHO.GamePlayLabsBHO (Spyware.GamePlayLabs) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{984A9162-8891-4D19-8CFE-17648BB4E1EC} (Spyware.GamePlayLabs) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{984A9162-8891-4D19-8CFE-17648BB4E1EC} (Spyware.GamePlayLabs) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
c:\Windows\rpcminer (Trojan.BCMiner) -> No action taken.

Infikované soubory:
c:\Users\David\downloads\mediapluginsetup.exe (Spyware.GamePlayLabs) -> No action taken.
c:\Windows\systemup.exe (Trojan.Agent.Gen) -> No action taken.
c:\Windows\Temp\1411965.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\3331104.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5639318.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5742278.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\7673655.exe (Trojan.Agent) -> No action taken.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Delf) -> No action taken.
c:\Windows\sysdriver32_.exe (Trojan.Delf) -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Agent) -> No action taken.
c:\Windows\services32.exe (Trojan.Agent) -> No action taken.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.
c:\Users\David\AppData\Local\gameplaylabs plugin\BHO.dll (Spyware.GamePlayLabs) -> No action taken.

Vše co Mbam našel nech smazat.

Nyní použijeme větší kalibr, tak že pozorně čti, protože tenhle softík netoleruje chyby.


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

tady je log z ComboFix:


ComboFix 11-08-22.02 - David 22.08.2011 14:41:58.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2038.1221 [GMT 2:00]
Spuštěný z: c:\users\David\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\2nm940xt.default\searchplugins\SearchquWebSearch.xml
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\iun6002.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\rpcminer.rar
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-22 do 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-22 11:41 . 2011-08-22 11:41 -------- d-----w- c:\users\David\AppData\Roaming\Malwarebytes
2011-08-22 11:40 . 2010-11-29 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-22 11:40 . 2011-08-22 11:40 -------- d-----w- c:\programdata\Malwarebytes
2011-08-22 11:40 . 2011-08-22 11:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-22 11:40 . 2010-11-29 15:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 11:32 . 2011-08-22 11:32 -------- d-----w- c:\program files\CCleaner
2011-08-22 09:30 . 2011-08-22 11:22 -------- d-----w- c:\program files\trend micro
2011-08-22 09:30 . 2011-08-22 09:31 -------- d-----w- C:\rsit
2011-08-22 09:18 . 2011-08-22 09:18 -------- d-----w- c:\users\David\AppData\Local\CrashDumps
2011-08-22 09:01 . 2011-08-22 09:01 -------- d--h--w- c:\windows\update.tray-10-0
2011-08-22 09:01 . 2011-08-22 09:01 -------- d--h--w- c:\windows\update.tray-10-0-lnk
2011-08-21 20:12 . 2011-08-21 20:12 -------- d-----w- c:\program files\Symantec
2011-08-21 20:12 . 2011-08-21 20:12 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-08-21 20:12 . 2011-08-21 20:12 -------- d-----w- c:\windows\system32\drivers\NAV
2011-08-20 18:48 . 2011-08-21 18:22 -------- d-----w- c:\users\Public\entropia universe
2011-08-20 18:44 . 2011-08-20 18:47 -------- d-----w- c:\windows\Entropia Universe
2011-08-20 18:44 . 2011-08-20 18:48 -------- d-----w- c:\program files\Entropia Universe
2011-08-20 14:53 . 2011-08-22 11:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-20 14:53 . 2011-08-22 11:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-20 13:23 . 2011-08-20 13:23 -------- d-----w- c:\program files\THQ
2011-08-20 12:38 . 2011-08-20 12:38 -------- d--h--w- c:\windows\update.tray-12-0
2011-08-20 12:38 . 2011-08-20 12:38 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-08-20 11:32 . 2011-08-20 11:32 -------- d--h--w- c:\programdata\Common Files
2011-08-20 11:32 . 2011-08-20 13:09 -------- d-----w- c:\programdata\MFAData
2011-08-20 10:37 . 2011-08-20 10:37 -------- d--h--w- c:\windows\update.tray-15-0
2011-08-20 10:37 . 2011-08-20 10:37 -------- d--h--w- c:\windows\update.tray-15-0-lnk
2011-08-19 14:44 . 2011-08-19 14:44 -------- d-----w- c:\windows\ufa
2011-08-19 14:26 . 2011-08-19 14:44 246272 ----a-w- c:\windows\unrar.exe
2011-08-19 14:26 . 2011-08-19 14:26 -------- d--h--w- c:\windows\update.7.1
2011-08-19 14:23 . 2011-08-22 09:03 -------- d-----w- c:\windows\av_ico
2011-08-19 14:21 . 2011-08-19 14:21 -------- d--h--w- c:\windows\update.tray-7-0
2011-08-19 14:21 . 2011-08-19 14:21 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-08-15 21:34 . 2011-08-22 11:39 -------- d-----w- c:\programdata\Deskshare
2011-08-15 21:34 . 2011-08-15 21:34 -------- d-----w- c:\users\David\AppData\Local\Spoon
2011-08-15 21:33 . 2004-03-08 22:00 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2011-08-15 21:33 . 2004-03-08 22:00 1081616 ----a-w- c:\windows\system32\Mscomctl.ocx
2011-08-11 15:39 . 2011-08-11 15:39 -------- d-----w- c:\program files\JoWood
2011-08-09 13:47 . 2011-08-09 14:00 -------- d-----w- c:\users\David\AppData\Roaming\ts3overlay
2011-08-09 13:43 . 2011-08-22 11:35 -------- d-----w- c:\users\David\AppData\Roaming\TS3Client
2011-08-09 13:43 . 2011-08-09 13:43 -------- d-----w- c:\program files\TeamSpeak 3 Client
2011-08-07 13:26 . 2011-08-07 13:27 -------- d-----w- c:\users\ja
2011-08-07 13:19 . 2011-08-07 13:19 -------- d-----w- c:\users\David\AppData\Local\The Lord of the Rings Online
2011-08-07 13:14 . 2011-08-07 13:17 -------- d-----w- c:\users\David\AppData\Local\Turbine
2011-08-07 13:09 . 2011-08-08 11:35 -------- d-----w- c:\users\David\AppData\Local\ApplicationHistory
2011-08-07 13:07 . 2011-08-07 13:07 -------- d-----w- c:\windows\system32\URTTEMP
2011-08-05 11:07 . 2011-08-05 11:08 -------- d-----w- c:\program files\Nová složka
2011-08-02 19:54 . 2011-08-02 19:54 94208 ----a-w- c:\windows\DIIUnin.exe
2011-08-02 19:54 . 2011-08-02 19:54 2829 ----a-w- c:\windows\DIIUnin.pif
2011-08-02 19:35 . 2011-08-02 20:19 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-08-02 19:35 . 2011-08-02 20:19 17212 ----atw- c:\windows\system32\SIntf32.dll
2011-08-02 19:35 . 2011-08-02 20:19 12067 ----atw- c:\windows\system32\SIntf16.dll
2011-08-02 19:31 . 2011-08-09 13:40 -------- d-----w- c:\program files\Diablo II
2011-08-02 10:03 . 2011-08-02 10:03 -------- d-----w- c:\users\David\AppData\Roaming\Sakura
2011-08-02 09:49 . 2011-08-02 09:49 -------- d-----w- c:\program files\Cenega Czech
2011-08-01 19:20 . 2011-08-01 19:20 -------- d-----w- c:\users\David\AppData\Roaming\DivX
2011-08-01 13:46 . 2011-08-01 13:48 -------- d-----w- c:\program files\kill.switch ( DEMO )
2011-07-31 17:37 . 2011-07-31 20:01 -------- d-----w- c:\program files\System Shock 2
2011-07-30 16:11 . 2011-07-08 11:15 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-07-30 16:11 . 2011-07-08 11:14 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2011-07-30 15:57 . 2011-07-30 16:11 -------- d-----w- c:\program files\TuneUp Utilities 2010
2011-07-30 15:56 . 2011-07-30 15:56 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2011-07-30 15:50 . 2011-08-13 09:19 -------- d-----w- c:\users\David\AppData\Local\Diagnostics
2011-07-28 13:50 . 2011-07-20 07:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{497A56E6-9840-47C1-948E-9257468BE123}\mpengine.dll
2011-07-28 13:36 . 2011-06-02 05:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-28 13:35 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-07-28 13:35 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
2011-07-28 13:35 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-07-28 13:29 . 2011-05-04 02:43 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-28 13:29 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-07-28 13:29 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-28 11:38 . 2011-07-08 11:20 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2011-07-28 11:37 . 2011-07-30 15:57 -------- d-----w- c:\users\David\AppData\Roaming\TuneUp Software
2011-07-28 11:36 . 2011-07-30 15:56 -------- d-----w- c:\programdata\TuneUp Software
2011-07-28 11:36 . 2011-07-28 11:36 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-07-26 18:00 . 2011-07-26 18:00 -------- d-----w- c:\program files\Bethesda Softworks
2011-07-24 17:26 . 2011-07-24 17:26 -------- d-----w- c:\users\David\AppData\Roaming\Sierra
2011-07-24 17:17 . 2011-07-24 17:17 -------- d-----w- c:\program files\Sierra
2011-07-24 17:15 . 2004-04-18 21:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-07-24 17:15 . 2004-04-18 21:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-07-24 17:15 . 2004-04-18 21:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-07-24 17:15 . 2004-04-18 21:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-07-24 17:15 . 2004-04-18 21:36 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-07-24 17:15 . 2004-04-18 21:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-07-24 17:15 . 2011-07-24 17:15 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-07-24 17:15 . 2011-07-24 17:15 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-07-24 16:34 . 2011-08-19 15:11 -------- d-----w- c:\users\David\SR Manager
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-20 15:43 . 2011-05-08 12:18 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-07-04 11:43 . 2011-03-05 19:09 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-03-05 19:09 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-03-05 19:10 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-03-05 19:10 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-03-05 19:10 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2011-03-05 19:10 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-03-05 19:10 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2011-03-05 19:10 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-05-24 17:14 . 2011-03-05 19:21 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"GameTracker"="c:\program files\GameTracker\GTLite.exe" [2011-04-29 4018984]
"Infium"="c:\program files\QIP 2010\qip.exe" [2011-07-18 6812032]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-29 17361032]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2011-07-25 2585408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BlackBerry Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-11-19 1807704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\WI3C8A~1\Datamngr\datamngr.dll c:\progra~1\WI3C8A~1\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
2009-11-17 09:50 315478 ----a-w- c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"BlackBerryAutoUpdate"=c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20090829.001\BHDrvx86.sys [x]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20090828.002\IDSVix86.sys [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1100000.088\Ironx86.SYS [2009-08-30 114736]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
R3 EagleXNt;EagleXNt; [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R4 ddservice;ddservice;c:\windows\update.7.1\svchostdriver.exe [2011-08-19 382464]
R4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-05 136176]
R4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-05 136176]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-09-24 19592]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1100000.088\SYMDS.SYS [2009-08-30 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1100000.088\SYMEFA.SYS [2009-08-30 169008]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-07-12 54112]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1100000.088\ccHPx86.sys [2009-08-24 501888]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-05 218688]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NAV\1100000.088\SYMTDIV.SYS [2009-08-30 338480]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-11-17 143467]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [2011-04-29 1677096]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2011-07-08 1052480]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2009-09-24 22528]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2009-08-26 25480]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-05 19:10]
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-05 19:10]
.
2011-08-22 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-03-14 15:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - c:\program files\CentrumczToolbar\IEToolbar.dll
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\2nm940xt.default\
FF - prefs.js: browser.search.selectedEngine - Centrum.cz Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/index.php?toolbar=centrum-1.0.0&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: GamePlayLabs Plugin: plugin2@gameplaylabs.com - %profile%\extensions\plugin2@gameplaylabs.com
FF - Ext: MP3 Rocket Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Facesmooch: {ba23dafc-5a36-4bdd-9d69-ed60da9d6c78} - %profile%\extensions\{ba23dafc-5a36-4bdd-9d69-ed60da9d6c78}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Lišta Centrum.cz Toolbar em:version=1.203.023.002 em:displayname=Lišta Centrum.cz Toolbar em:iconURL=chrome://cetrumczp/skin/logo.ico em:creator=iGeared LLC em:description=Lišta Centrum.cz Toolbar em:homepageURL=http://www.igeared.com >: Cetrumcz@igeared - c:\program files\CentrumczToolbar\Firefox\Cetrumcz@igeared
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
MSConfigStartUp-4StoryPrePatch - c:\program files\Gameforge4D\4Story\PrePatch.exe
MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
MSConfigStartUp-QIP Internet Guardian - c:\users\David\AppData\Roaming\QipGuard\QipGuard.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-QipGuard - c:\users\David\AppData\Roaming\QipGuard\QipGuard.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-08-22 14:56:37
ComboFix-quarantined-files.txt 2011-08-22 12:56
.
Před spuštěním: Volných bajtů: 35 369 287 680
Po spuštění: Volných bajtů: 34 426 200 064
.
- - End Of File - - F8AC042FA5058B1E78B7044CED1D885D

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

bohužel jsem byl donucen restartovat to s F8 a dát poslední funkční konfiguraci..... poté co combofix udělal ten sken tak mi nešel ani chrome ani firefox a ani explorer

Když tu akci s tím skriptem uděláš znovu, ale tentokrát v Nouzovém režimu ?

No jak se zdá s nouzovým režimem mám problém....nebo mi to asi blokuje ten virus či co...ale když zapnu počítač v nouzovém režimu tak se mi po asi 2 minutách restartuje počítač do normalního režimu.

Tak to provedeme jinak.


Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\

tady to je:


All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder c:\*.tmp not found.
File/Folder c:\WINDOWS\System32\*.tmp not found.
File/Folder c:\WINDOWS\*.tmp not found.
c:\windows\unrar.exe moved successfully.
File/Folder c:\windows\update.tray-10-0 not found.
File/Folder c:\windows\update.tray-10-0-lnk not found.
File/Folder c:\windows\update.tray-12-0 not found.
File/Folder c:\windows\update.tray-12-0-lnk not found.
File/Folder c:\windows\update.tray-15-0 not found.
File/Folder c:\windows\update.tray-15-0-lnk not found.
File/Folder c:\windows\ufa not found.
File/Folder c:\windows\update.7.1 not found.
File/Folder c:\windows\av_ico not found.
File/Folder c:\windows\update.tray-7-0 not found.
File/Folder c:\windows\update.tray-7-0-lnk not found.
========== SERVICES/DRIVERS ==========
Error: No service named ddservice was found to stop!
Service\Driver key ddservice not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: David
->Temp folder emptied: 10203 bytes
->Temporary Internet Files folder emptied: 1142869 bytes
->Java cache emptied: 327401 bytes
->FireFox cache emptied: 52073082 bytes
->Google Chrome cache emptied: 183270920 bytes
->Flash cache emptied: 42432 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ja
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2035414 bytes
->Google Chrome cache emptied: 7750201 bytes
->Flash cache emptied: 713 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 870 bytes
RecycleBin emptied: 2517 bytes

Total Files Cleaned = 235,00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 08232011_113648

Zajímavé, OTMoveIt hlásí že už tam většina není, tak že se přesvědčíme.

Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.


Pak mi sem dej aktuální log.txt z Rsit.

log z Rsitu



Logfile of random's system information tool 1.09 (written by random/random)
Run by David at 2011-08-23 12:06:03
Microsoft Windows 7 Ultimate
System drive C: has 36 GB (23%) free of 153 GB
Total RAM: 2038 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:06:27, on 23.8.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\Explorer.EXE
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\David\Desktop\Programy\PC Protection\RSIT.exe
C:\Program Files\trend micro\David.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Lišta Centrum.cz Toolbar - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WI3C8A~1\Datamngr\DATAMN~1.EXE
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [GameTracker] "C:\Program Files\GameTracker\GTLite.exe"
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP 2010\qip.exe" /autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - Global Startup: BlackBerry Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs: C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~1\WI3C8A~1\Datamngr\IEBHO.dll
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - IVT Corporation - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files\GameTracker\GSInGameService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 5971 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\RegistryBooster.job

=========Mozilla firefox=========

ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\2nm940xt.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "Cetrumcz@igeared:1.203.023.002, toolbar@ask.com:3.12.2.100006, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, plugin2@gameplaylabs.com:2.0, {ba23dafc-5a36-4bdd-9d69-ed60da9d6c78}:1.1, {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9, {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.5.0.8013, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.20"
prefs.js - "keyword.URL" - "http://search.centrum.cz/index.php?tool ... m-1.0.0&q="

"Cetrumcz@igeared"=C:\Program Files\CentrumczToolbar\Firefox\Cetrumcz@igeared
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0]
"Description"=BlackBerry Web Software Loading Helper Plug-In for Mozilla browsers
"Path"=C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
npnul32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
Cetrumcz_igeared.xml
facesmoochtb.xml
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\2nm940xt.default\extensions\
plugin2@gameplaylabs.com
toolbar@ask.com
{99079a25-328f-4bd4-be04-00955acaa0a7}
{ba23dafc-5a36-4bdd-9d69-ed60da9d6c78}
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A}]
CentrumczToolbar BHO - C:\Program Files\CentrumczToolbar\IEToolbar.dll [2010-03-26 1286448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-07-11 3821568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-03-27 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-20 988480]
{D5D47440-0750-463D-BAEF-A47D02414806} - Lišta Centrum.cz Toolbar - C:\Program Files\CentrumczToolbar\IEToolbar.dll [2010-03-26 1286448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2009-05-05 1466368]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-05-27 1721640]
"RIMBBLaunchAgent.exe"=C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [2011-02-18 79192]
"DATAMNGR"=C:\PROGRA~1\WI3C8A~1\Datamngr\DATAMN~1.EXE [2011-03-24 1115536]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"GameTracker"=C:\Program Files\GameTracker\GTLite.exe [2011-04-29 4018984]
"Infium"=C:\Program Files\QIP 2010\qip.exe [2011-07-18 6812032]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-07-29 17361032]
"ccleaner"=C:\Program Files\CCleaner\CCleaner.exe [2011-07-25 2585408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [2009-11-17 315478]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
BlackBerry Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~1\WI3C8A~1\Datamngr\IEBHO.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutorun"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=serwvdrv.dll
"msacm.vorbis"=vorbis.acm
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2011-08-23 12:06:03 ----D---- C:\rsit
2011-08-22 16:17:06 ----D---- C:\Windows\temp
2011-08-22 16:15:34 ----SHD---- C:\$RECYCLE.BIN
2011-08-22 14:39:50 ----D---- C:\Windows\ERDNT
2011-08-22 13:41:04 ----D---- C:\Users\David\AppData\Roaming\Malwarebytes
2011-08-22 13:40:56 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-08-22 13:40:55 ----D---- C:\ProgramData\Malwarebytes
2011-08-22 13:40:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-08-22 13:40:52 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-08-22 13:32:07 ----D---- C:\Program Files\CCleaner
2011-08-22 11:30:16 ----D---- C:\Program Files\trend micro
2011-08-21 22:12:26 ----D---- C:\Program Files\Symantec
2011-08-21 22:12:26 ----A---- C:\Windows\system32\drivers\SYMEVENT.SYS
2011-08-21 22:12:02 ----D---- C:\Windows\system32\drivers\NAV
2011-08-20 20:55:12 ----A---- C:\Windows\wininit.ini
2011-08-20 20:44:47 ----D---- C:\Windows\Entropia Universe
2011-08-20 20:44:46 ----D---- C:\Program Files\Entropia Universe
2011-08-20 16:53:28 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-08-20 16:53:28 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-08-20 15:23:12 ----D---- C:\Program Files\THQ
2011-08-20 13:32:52 ----HD---- C:\ProgramData\Common Files
2011-08-20 13:32:43 ----D---- C:\ProgramData\MFAData
2011-08-15 23:34:17 ----D---- C:\ProgramData\Deskshare
2011-08-11 17:39:24 ----D---- C:\Program Files\JoWood
2011-08-09 15:47:08 ----D---- C:\Users\David\AppData\Roaming\ts3overlay
2011-08-09 15:43:59 ----D---- C:\Users\David\AppData\Roaming\TS3Client
2011-08-09 15:43:11 ----D---- C:\Program Files\TeamSpeak 3 Client
2011-08-07 15:07:10 ----D---- C:\Windows\system32\URTTEMP
2011-08-05 13:07:57 ----D---- C:\Program Files\Nová složka
2011-08-02 21:54:23 ----A---- C:\Windows\DIIUnin.dat
2011-08-02 21:54:21 ----A---- C:\Windows\DIIUnin.pif
2011-08-02 21:54:21 ----A---- C:\Windows\DIIUnin.exe
2011-08-02 21:35:10 ----AT---- C:\Windows\system32\SIntfNT.dll
2011-08-02 21:35:10 ----AT---- C:\Windows\system32\SIntf32.dll
2011-08-02 21:35:10 ----AT---- C:\Windows\system32\SIntf16.dll
2011-08-02 21:34:13 ----D---- C:\ProgramData\Mozilla
2011-08-02 21:31:41 ----D---- C:\Program Files\Diablo II
2011-08-02 12:03:26 ----D---- C:\Users\David\AppData\Roaming\Sakura
2011-08-02 11:49:36 ----D---- C:\Program Files\Cenega Czech
2011-08-01 21:20:29 ----D---- C:\Users\David\AppData\Roaming\DivX
2011-08-01 15:46:44 ----D---- C:\Program Files\kill.switch ( DEMO )
2011-07-31 19:37:53 ----D---- C:\Program Files\System Shock 2
2011-07-30 18:11:11 ----A---- C:\Windows\system32\uxtuneup.dll
2011-07-30 18:11:11 ----A---- C:\Windows\system32\authuitu.dll
2011-07-30 17:57:24 ----D---- C:\Program Files\TuneUp Utilities 2010
2011-07-30 17:56:24 ----SHD---- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2011-07-28 15:38:01 ----A---- C:\Windows\system32\kernel32.dll
2011-07-28 15:37:59 ----A---- C:\Windows\system32\winsrv.dll
2011-07-28 15:37:59 ----A---- C:\Windows\system32\conhost.exe
2011-07-28 15:37:50 ----A---- C:\Windows\system32\tquery.dll
2011-07-28 15:37:50 ----A---- C:\Windows\system32\mssrch.dll
2011-07-28 15:37:49 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-07-28 15:37:48 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-07-28 15:37:48 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-07-28 15:37:48 ----A---- C:\Windows\system32\mssvp.dll
2011-07-28 15:37:48 ----A---- C:\Windows\system32\mssphtb.dll
2011-07-28 15:37:48 ----A---- C:\Windows\system32\mssph.dll
2011-07-28 15:37:47 ----A---- C:\Windows\system32\msscntrs.dll
2011-07-28 15:37:29 ----A---- C:\Windows\system32\mshtml.dll
2011-07-28 15:37:24 ----A---- C:\Windows\system32\iertutil.dll
2011-07-28 15:37:22 ----A---- C:\Windows\system32\ieframe.dll
2011-07-28 15:37:19 ----A---- C:\Windows\system32\urlmon.dll
2011-07-28 15:37:17 ----A---- C:\Windows\system32\wininet.dll
2011-07-28 15:37:17 ----A---- C:\Windows\system32\iedkcs32.dll
2011-07-28 15:37:16 ----A---- C:\Windows\system32\mstime.dll
2011-07-28 15:37:16 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-07-28 15:37:16 ----A---- C:\Windows\system32\msfeeds.dll
2011-07-28 15:37:16 ----A---- C:\Windows\system32\licmgr10.dll
2011-07-28 15:37:16 ----A---- C:\Windows\system32\iepeers.dll
2011-07-28 15:37:15 ----A---- C:\Windows\system32\mshtmled.dll
2011-07-28 15:37:15 ----A---- C:\Windows\system32\msfeedssync.exe
2011-07-28 15:37:15 ----A---- C:\Windows\system32\jsproxy.dll
2011-07-28 15:37:15 ----A---- C:\Windows\system32\ieui.dll
2011-07-28 15:37:06 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-07-28 15:37:05 ----A---- C:\Windows\system32\oleaut32.dll
2011-07-28 15:37:01 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-28 15:37:00 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-28 15:36:59 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-28 15:36:59 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-28 15:36:58 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-28 15:36:58 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-28 15:36:58 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-28 15:36:58 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-28 15:36:58 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-28 15:36:58 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-28 15:36:58 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-28 15:36:58 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-28 15:36:58 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-28 15:36:58 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-28 15:36:58 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-28 15:36:58 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-28 15:36:58 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-28 15:36:57 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-28 15:36:57 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-28 15:36:57 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-28 15:36:57 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-28 15:36:57 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-28 15:36:57 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-28 15:36:57 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-28 15:36:57 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-28 15:36:56 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-28 15:36:56 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-28 15:36:56 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-28 15:36:56 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-28 15:36:49 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-07-28 15:36:48 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-07-28 15:36:44 ----A---- C:\Windows\system32\win32k.sys
2011-07-28 15:36:41 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-07-28 15:36:40 ----A---- C:\Windows\system32\drivers\afd.sys
2011-07-28 15:36:38 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-07-28 15:36:38 ----A---- C:\Windows\system32\drivers\srv.sys
2011-07-28 15:36:37 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-07-28 15:36:35 ----A---- C:\Windows\system32\drivers\dfsc.sys
2011-07-28 15:36:30 ----A---- C:\Windows\system32\mfc42.dll
2011-07-28 15:36:29 ----A---- C:\Windows\system32\mfc42u.dll
2011-07-28 15:36:27 ----A---- C:\Windows\system32\XpsPrint.dll
2011-07-28 15:36:25 ----A---- C:\Windows\system32\inetcomm.dll
2011-07-28 15:36:21 ----A---- C:\Windows\system32\poqexec.exe
2011-07-28 15:36:18 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-07-28 15:36:16 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-07-28 15:36:11 ----A---- C:\Windows\system32\atmlib.dll
2011-07-28 15:36:11 ----A---- C:\Windows\system32\atmfd.dll
2011-07-28 15:36:09 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-07-28 15:36:09 ----A---- C:\Windows\system32\dnsapi.dll
2011-07-28 15:36:08 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-07-28 15:36:05 ----A---- C:\Windows\system32\jscript.dll
2011-07-28 15:36:04 ----A---- C:\Windows\system32\vbscript.dll
2011-07-28 15:35:35 ----A---- C:\Windows\system32\FXSCOVER.exe
2011-07-28 15:35:31 ----A---- C:\Windows\explorer.exe
2011-07-28 15:35:28 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2011-07-28 15:29:02 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-07-28 15:29:01 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-07-28 15:29:01 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-07-28 13:38:01 ----A---- C:\Windows\system32\TURegOpt.exe
2011-07-28 13:37:23 ----D---- C:\Users\David\AppData\Roaming\TuneUp Software
2011-07-28 13:36:11 ----D---- C:\ProgramData\TuneUp Software
2011-07-28 13:36:04 ----SHD---- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-07-26 20:00:50 ----D---- C:\Program Files\Bethesda Softworks
2011-07-24 19:26:43 ----D---- C:\Users\David\AppData\Roaming\Sierra
2011-07-24 19:17:10 ----D---- C:\Program Files\Sierra

======List of files/folders modified in the last 1 month======

2011-08-23 12:06:15 ----D---- C:\Windows\Prefetch
2011-08-23 12:05:33 ----D---- C:\Users\David\AppData\Roaming\Skype
2011-08-23 12:05:16 ----D---- C:\Users\David\AppData\Roaming\GameTracker
2011-08-23 12:05:04 ----D---- C:\Windows\SoftwareDistribution
2011-08-23 12:05:04 ----D---- C:\Windows
2011-08-23 12:04:58 ----D---- C:\Program Files\QIP 2010
2011-08-23 12:04:41 ----D---- C:\Windows\tracing
2011-08-23 11:37:16 ----D---- C:\Windows\system32\config
2011-08-23 11:34:05 ----SHD---- C:\System Volume Information
2011-08-23 11:33:46 ----D---- C:\Windows\system32\drivers
2011-08-22 16:12:12 ----A---- C:\Windows\system.ini
2011-08-22 16:11:56 ----D---- C:\Windows\system32\drivers\etc
2011-08-22 16:00:22 ----D---- C:\Windows\System32
2011-08-22 16:00:21 ----D---- C:\Windows\AppPatch
2011-08-22 16:00:17 ----D---- C:\Program Files\Common Files
2011-08-22 14:47:08 ----D---- C:\Windows\Tasks
2011-08-22 14:47:08 ----D---- C:\Windows\system32\Tasks
2011-08-22 14:25:03 ----D---- C:\Windows\debug
2011-08-22 13:40:55 ----D---- C:\ProgramData
2011-08-22 13:40:52 ----RD---- C:\Program Files
2011-08-22 13:35:12 ----D---- C:\Users\David\AppData\Roaming\DAEMON Tools Lite
2011-08-22 13:34:45 ----D---- C:\Windows\Logs
2011-08-22 13:23:10 ----D---- C:\Program Files\facesmoochtb
2011-08-22 13:23:10 ----D---- C:\Program Files\Ask.com
2011-08-21 22:12:26 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-08-20 20:54:39 ----D---- C:\Windows\winsxs
2011-08-20 20:44:36 ----SHD---- C:\Windows\Installer
2011-08-20 17:43:13 ----A---- C:\Windows\system32\CmdLineExt03.dll
2011-08-20 17:09:43 ----D---- C:\Windows\inf
2011-08-20 17:09:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-20 14:34:13 ----D---- C:\Windows\system32\catroot
2011-08-20 14:34:12 ----D---- C:\Windows\system32\DriverStore
2011-08-20 12:40:28 ----RD---- C:\Program Files\Skype
2011-08-20 12:40:28 ----D---- C:\ProgramData\Skype
2011-08-18 23:58:16 ----D---- C:\Program Files\Mozilla Firefox
2011-08-18 09:20:46 ----D---- C:\Users\David\AppData\Roaming\VoipDiscount
2011-08-16 19:09:11 ----D---- C:\Windows\system32\wdi
2011-08-16 12:20:19 ----D---- C:\Users\David\AppData\Roaming\gtk-2.0
2011-08-13 11:21:14 ----D---- C:\Windows\system32\NDF
2011-08-11 21:10:27 ----HD---- C:\Program Files\InstallShield Installation Information
2011-08-11 21:09:27 ----D---- C:\Program Files\EA Games
2011-08-07 15:26:55 ----RD---- C:\Users
2011-08-07 15:15:50 ----D---- C:\Windows\system32\catroot2
2011-08-07 15:09:38 ----D---- C:\Windows\Registration
2011-08-07 15:09:13 ----D---- C:\Program Files\Internet Explorer
2011-08-07 15:08:12 ----RSD---- C:\Windows\assembly
2011-08-07 14:30:26 ----D---- C:\ProgramData\PMB Files
2011-08-07 12:39:31 ----D---- C:\Program Files\Warcraft III
2011-07-29 06:49:19 ----D---- C:\Windows\Microsoft.NET
2011-07-28 16:36:45 ----RSD---- C:\Windows\Fonts
2011-07-28 16:36:42 ----D---- C:\Windows\system32\migration
2011-07-28 16:01:39 ----D---- C:\Program Files\Microsoft Silverlight
2011-07-24 19:15:27 ----D---- C:\Program Files\Common Files\InstallShield

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
R0 BtHidBus;Bluetooth HID Bus Service; C:\Windows\System32\Drivers\BtHidBus.sys [2009-09-24 19592]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NAV\1100000.088\SYMDS.SYS [2009-08-30 328752]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NAV\1100000.088\SYMEFA.SYS [2009-08-30 169008]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2010-07-12 54112]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2011-03-01 34896]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
R1 ccHP;Symantec Hash Provider; C:\Windows\system32\drivers\NAV\1100000.088\ccHPx86.sys [2009-08-25 501888]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-05 218688]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NAV\1100000.088\SRTSPX.SYS [2009-08-30 43696]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\system32\drivers\NAV\1100000.088\SYMTDIV.SYS [2009-08-30 338480]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-08 2506232]
R3 btnetBUs;Bluetooth PAN Bus Service; C:\Windows\System32\Drivers\btnetBus.sys [2009-09-24 22528]
R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 IvtBtBUs;IVT Bluetooth Bus Service; C:\Windows\System32\Drivers\IvtBtBus.sys [2009-08-26 25480]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2009-07-14 18432]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-14 8192]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2009-10-10 84992]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-05-05 1095808]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2011-08-21 124976]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-05-27 245936]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2009-08-28 32392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20090829.001\BHDrvx86.sys []
S1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20090828.002\IDSVix86.sys []
S1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NAV\1100000.088\Ironx86.SYS [2009-08-30 114736]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
S3 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2009-06-17 17928]
S3 EagleNT;EagleNT; C:\Windows\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; C:\Windows\system32\drivers\EagleXNt.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20090829.019\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20090829.019\NAVEX15.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RimUsb;zařízení BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2011-02-16 64000]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\system32\drivers\NAV\1100000.088\SRTSP.SYS [2009-08-30 325168]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2009-08-26 14856]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BsMobileCS;BsMobileCS; C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-11-17 143467]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
R2 GS In-Game Service;GS In-Game Service; C:\Program Files\GameTracker\GSInGameService.exe [2011-04-29 1677096]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2011-07-08 1052480]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 BsHelpCS;BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2009-11-17 102503]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-09-08 575488]
S3 TuneUp.Defrag;@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2011-07-30 435008]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-05 136176]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-05 136176]
S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S4 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]

-----------------EOF-----------------

Tak, ještě tam pusť znovu Mbam, ale tentokrát Kompletní kontrolu a zase mi sem dej log, dříve než něco smažeš.

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 7534

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23.8.2011 14:33:20
mbam-log-2011-08-23 (14-33-02).txt

Typ kontroly: Úplný test (C:\|D:\|E:\|F:\|G:\|H:\|)
Testované objekty: 322390
Uplynulý čas: 59 minut, 33 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\program files\system shock 2\CRACK\system shock 2 v2.03 nocd.exe (RiskWare.Tool.CK) -> No action taken.
c:\program files\system shock 2\SHOCK\system shock 2 v2.03 nocd.exe (RiskWare.Tool.CK) -> No action taken.