VIRY.CZ

Prosim o kontrolu logu,znicehoz nic nestiha cpu,at otevru internet ci nejaky program, vzdy to vyskoci treba az na 100%!



Logfile of random's system information tool 1.09 (written by random/random)
Run by Spolecna plocha at 2012-02-13 18:02:33
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (7%) free of 114 GB
Total RAM: 1791 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:02:37, on 13.2.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Documents and Settings\Spolecna plocha\Dokumenty\Vita\hijackthis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Spolecna plocha\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Spolecna plocha\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Spolecna plocha\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Spolecna plocha\Plocha\RSIT.exe
C:\Program Files\trend micro\Spolecna plocha.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=14672
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: KMPlayer Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 0224454109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0224440015
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11021 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Spolecna plocha\Data aplikací\Mozilla\Firefox\Profiles\9zrlwtmj.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.com/ig?hl=cs"
prefs.js - "extensions.enabledItems" - "amg@aaronl.com:5.6, cs@dictionaries.addons.mozilla.org:1.0.2, DTToolbar@toolbarnet.com:1.0.7.0088, {3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20101113Wb1, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0, {ea614400-e918-4741-9a97-7a972ff7c30b}:2.1.13, {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2009, {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1, foxmarks@kei.com:3.9.5, {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, jqs@sun.com:1.0, {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198, {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.babylon.com/?babsrc=SP_ss ... fID=108654"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=c:\program files\real\realplayer\browserrecord\firefox\ext
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX® Web Player
"Path"=C:\Program Files\DivX\DivX Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0]
"Description"=DivX® Content Upload Plugin
"Path"=C:\Program Files\DivX\DivX Content Uploader\npUpload.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448]
"Description"=6.0.12.448
"Path"=c:\program files\real\realplayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0]
"Description"=BlackBerry Web Software Loading Helper Plug-In for Mozilla browsers
"Path"=C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18]
"Description"=Veetle TV Core
"Path"=C:\Program Files\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files\Veetle\Player\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1]
"Description"=Yahoo! activeX Plug-in Bridge
"Path"=

C:\Program Files\Mozilla Firefox\extensions\
{42EE029C-1CB5-484B-9089-A61FE42FBA36}(2)
{800b5000-a755-47e1-992b-48a1c1357f07}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
GoogleDesktopMozilla.dll
GoogleDesktopMozillaStub.js
GoogleDesktopMozillaStub.xpt
nppl3260.xpt
nsAxSecurityPolicy.js
nsIMozAxPlugin.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
install.rdf
np32dsw.dll
npdeployJava1.dll
npdivx32.dll
npdivx32.xpt
npmozax.dll
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpjplug.dll
npUpload.xpt
nsIQTScriptablePlugin.xpt
QuickTimePlugin.class
ShockwavePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

C:\Documents and Settings\Spolecna plocha\Data aplikací\Mozilla\Firefox\Profiles\9zrlwtmj.default\extensions\
amg@aaronl.com
cs@dictionaries.addons.mozilla.org
foxmarks@kei.com
toolbar@ask.com
videodowloader@videodownloader.net
{20a82645-c095-46ed-80e3-08825760534b}
{3112ca9c-de6d-4884-a869-9855de68056c}
{3474c305-9dad-11d8-9207-00055d74c2e4}
{6d0021e8-a8d6-11dc-8314-0800200c9a66}
{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Documents and Settings\Spolecna plocha\Data aplikací\Mozilla\Firefox\Profiles\9zrlwtmj.default\searchplugins\
aolsearch-1.xml
aolsearch.xml
askcom.xml
firmycz.xml
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-18.xml
icqplugin-19.xml
icqplugin-2.xml
icqplugin-20.xml
icqplugin-21.xml
icqplugin-22.xml
icqplugin-23.xml
icqplugin-24.xml
icqplugin-25.xml
icqplugin-26.xml
icqplugin-27.xml
icqplugin-28.xml
icqplugin-29.xml
icqplugin-3.xml
icqplugin-30.xml
icqplugin-31.xml
icqplugin-32.xml
icqplugin-33.xml
icqplugin-34.xml
icqplugin-35.xml
icqplugin-36.xml
icqplugin-37.xml
icqplugin-38.xml
icqplugin-39.xml
icqplugin-4.xml
icqplugin-40.xml
icqplugin-41.xml
icqplugin-42.xml
icqplugin-43.xml
icqplugin-44.xml
icqplugin-45.xml
icqplugin-46.xml
icqplugin-47.xml
icqplugin-48.xml
icqplugin-49.xml
icqplugin-5.xml
icqplugin-50.xml
icqplugin-51.xml
icqplugin-52.xml
icqplugin-53.xml
icqplugin-54.xml
icqplugin-55.xml
icqplugin-56.xml
icqplugin-57.xml
icqplugin-58.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml
mapycz.xml
qipsearch.xml
winamp-search.xml
zbocz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-07-07 1152776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
KMPlayer Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-01-03 1514152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-19 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-07-07 1152776]
{D4027C7F-154A-4066-A1AD-4243D8127440} - KMPlayer Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-01-03 1514152]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-08-02 281768]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2010-06-09 101888]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2009-07-08 236016]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2012-01-03 1391272]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2011-11-03 1187072]
"WinFast Schedule"=C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2010-06-09 2920448]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-11-30 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atiptaxx]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-11-30 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2009-11-19 623960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2004-10-21 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTVSchdl]
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2010-06-09 101888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]
C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe [2011-05-29 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter]
C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [2011-07-20 4393816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jusched]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Language]
c:\program files\cyberlink\powerdvd8\language\language.exe [2007-12-14 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
c:\program files\cyberlink\powerdvd8\language\language.exe [2007-12-14 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicTune.exe]
C:\Program Files\MagicTune Premium\MagicTune.exe [2011-01-14 2880000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicTuneLauncher]
C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe [2011-01-04 51712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qttask]
C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-23 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WFWIZ]
C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2010-06-09 2920448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winampa]
C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlackBerry Desktop Manager.lnk]
C:\PROGRA~1\RESEAR~1\BLACKB~1\DESKTO~1.EXE [2009-11-19 1807704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^GammaTray.lnk]
C:\PROGRA~1\MAGICT~1\GAMMAT~1.EXE [2009-10-05 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
[]

C:\Documents and Settings\Spolecna plocha\Nabídka Start\Programy\Po spuštění
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-09-30 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll [2005-01-31 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll [2008-12-21 210168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\PROGRA~1\COMMON~1\stardock\MCPCore.dll [2005-05-10 86016]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll [2008-05-15 65536]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoBandCustomize"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoBandCustomize"=0
"NoDriveAutoRun"=67108863
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=i420vfw.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"vidc.tscc"=tsccvid.dll
"vidc.ffds"=ff_vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.VP60"=vp6vfw.dll
"vidc.VP61"=vp6vfw.dll
"msacm.ac3filter"=ac3filter.acm
"vidc.VP62"=vp6vfw.dll
"wave1"=wdmaud.drv
"vidc.yv12"=yv12vfw.dll
"VIDC.FMVC"=fmcodec.dll

======List of files/folders created in the last 1 month======

2012-02-13 18:02:33 ----D---- C:\rsit
2012-02-13 18:02:33 ----D---- C:\Program Files\trend micro
2012-02-13 17:28:55 ----SHD---- C:\RECYCLER
2012-02-12 23:00:15 ----A---- C:\ComboFix.txt
2012-02-12 22:18:43 ----A---- C:\WINDOWS\MBR.exe
2012-02-12 22:18:42 ----A---- C:\WINDOWS\zip.exe
2012-02-12 22:18:42 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-02-12 22:18:42 ----A---- C:\WINDOWS\SWSC.exe
2012-02-12 22:18:42 ----A---- C:\WINDOWS\SWREG.exe
2012-02-12 22:18:42 ----A---- C:\WINDOWS\sed.exe
2012-02-12 22:18:42 ----A---- C:\WINDOWS\PEV.exe
2012-02-12 22:18:42 ----A---- C:\WINDOWS\grep.exe
2012-02-12 22:03:54 ----A---- C:\WINDOWS\NIRCMD.exe
2012-02-12 22:02:03 ----D---- C:\WINDOWS\ERDNT
2012-02-12 19:30:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\DriverGenius
2012-02-12 19:25:27 ----D---- C:\Program Files\Core Temp
2012-02-12 19:25:17 ----D---- C:\Program Files\Driver-Soft
2012-02-08 19:29:03 ----D---- C:\Program Files\The KMPlayer
2012-02-08 18:28:00 ----D---- C:\Documents and Settings\Spolecna plocha\Data aplikací\Mirillis
2012-02-08 18:28:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\Mirillis
2012-02-08 18:24:55 ----D---- C:\Program Files\Mirillis
2012-02-08 17:26:19 ----D---- C:\Program Files\Microsoft
2012-02-08 17:26:06 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2012-02-08 17:26:06 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2012-02-08 17:26:05 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2012-02-08 17:26:05 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2012-02-08 17:26:04 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2012-02-08 17:26:04 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2012-02-08 17:26:03 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2012-02-08 17:26:03 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2012-02-08 17:26:02 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2012-02-08 17:26:02 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2012-02-08 17:26:02 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2012-02-08 17:26:01 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2012-02-08 17:26:01 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2012-02-08 17:26:00 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2012-02-08 17:25:59 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2012-02-08 17:25:58 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2012-02-08 17:25:57 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2012-02-08 17:25:56 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2012-02-08 17:25:56 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2012-02-08 17:25:55 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2012-02-08 17:25:54 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2012-02-08 17:25:54 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2012-02-08 17:25:53 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2012-02-08 17:25:53 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2012-02-08 17:25:53 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2012-02-08 17:25:53 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2012-02-08 17:25:52 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2012-02-08 17:25:52 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2012-02-08 17:25:51 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2012-02-08 17:25:50 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2012-02-08 17:25:50 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2012-02-08 17:25:50 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2012-02-08 17:25:50 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2012-02-08 17:25:49 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2012-02-08 17:25:49 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2012-02-08 17:25:49 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2012-02-08 17:25:48 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2012-02-08 17:25:48 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2012-02-08 17:25:47 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2012-02-08 17:25:47 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2012-02-08 17:25:47 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2012-02-08 17:25:46 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2012-02-08 17:25:46 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2012-02-08 17:25:45 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2012-02-08 17:25:45 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2012-02-08 17:25:44 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2012-02-08 17:25:43 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2012-02-08 17:25:43 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2012-02-08 17:25:43 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2012-02-08 17:25:42 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2012-02-08 17:25:42 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2012-02-08 17:25:41 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2012-02-08 17:25:40 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2012-02-08 17:25:39 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2012-02-08 17:25:39 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2012-02-08 17:25:39 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2012-02-08 17:25:38 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2012-02-08 17:25:37 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2012-02-08 17:25:37 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2012-02-08 17:25:36 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2012-02-08 17:25:35 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2012-02-08 17:25:35 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2012-02-08 17:25:32 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2012-02-08 17:25:32 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2012-02-08 17:25:30 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2012-02-08 17:23:50 ----HD---- C:\WINDOWS\msdownld.tmp
2012-02-08 17:23:41 ----D---- C:\WINDOWS\Logs
2012-02-04 14:31:17 ----D---- C:\Program Files\Common Files\Common Share
2012-02-04 14:31:16 ----A---- C:\WINDOWS\system32\gdiplus.dll
2012-02-04 14:31:13 ----D---- C:\Program Files\OJOsoft
2012-01-26 22:19:03 ----A---- C:\SRStatus.txt
2012-01-15 18:20:00 ----D---- C:\Program Files\Ask.com
2012-01-15 18:19:29 ----D---- C:\Program Files\DsNET Corp

======List of files/folders modified in the last 1 month======

2012-02-13 18:02:33 ----D---- C:\Program Files
2012-02-13 17:53:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Zoom Player
2012-02-13 17:46:02 ----D---- C:\WINDOWS\Temp
2012-02-13 17:43:16 ----SD---- C:\WINDOWS\Tasks
2012-02-13 17:30:36 ----D---- C:\WINDOWS\system32\CatRoot2
2012-02-13 17:30:23 ----D---- C:\WINDOWS
2012-02-12 23:08:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-02-12 23:00:28 ----D---- C:\Qoobox
2012-02-12 22:49:04 ----A---- C:\WINDOWS\system.ini
2012-02-12 22:48:11 ----D---- C:\WINDOWS\system32\drivers\etc
2012-02-12 22:46:52 ----D---- C:\WINDOWS\system32
2012-02-12 22:37:04 ----D---- C:\WINDOWS\system32\drivers
2012-02-12 22:37:04 ----D---- C:\WINDOWS\AppPatch
2012-02-12 22:36:58 ----D---- C:\Program Files\Common Files
2012-02-12 21:45:26 ----D---- C:\Documents and Settings\Spolecna plocha\Data aplikací\Winamp
2012-02-12 21:45:26 ----D---- C:\Documents and Settings\Spolecna plocha\Data aplikací\Media Player Classic
2012-02-12 19:07:45 ----D---- C:\WINDOWS\Prefetch
2012-02-11 18:26:19 ----D---- C:\Program Files\Mozilla Firefox
2012-02-11 15:24:02 ----A---- C:\WINDOWS\NeroDigital.ini
2012-02-09 10:10:54 ----SD---- C:\Documents and Settings\Spolecna plocha\Data aplikací\Microsoft
2012-02-08 19:31:33 ----SHD---- C:\WINDOWS\Installer
2012-02-08 19:31:27 ----D---- C:\Config.Msi
2012-02-08 18:22:09 ----D---- C:\WINDOWS\WinSxS
2012-02-08 17:26:41 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2012-02-08 17:26:07 ----D---- C:\WINDOWS\system32\DirectX
2012-02-08 17:26:06 ----HD---- C:\WINDOWS\inf
2012-02-08 17:23:45 ----D---- C:\Temp
2012-02-07 21:45:25 ----D---- C:\My Music
2012-02-05 11:56:39 ----D---- C:\WinFast WorkArea
2012-02-04 10:22:07 ----D---- C:\Program Files\rajce
2012-01-29 14:29:41 ----D---- C:\Program Files\Anvsoft Flash to 3GP Converter
2012-01-29 14:28:25 ----D---- C:\Program Files\Eurotran 2003
2012-01-29 14:27:19 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-01-29 14:26:31 ----D---- C:\Program Files\Your Uninstaller! 7
2012-01-26 21:05:09 ----SHD---- C:\System Volume Information
2012-01-26 18:21:15 ----D---- C:\WINDOWS\Registration
2012-01-25 19:10:34 ----D---- C:\Documents and Settings\Spolecna plocha\Data aplikací\DAEMON Tools Pro
2012-01-25 19:10:34 ----D---- C:\Documents and Settings\Spolecna plocha\Data aplikací\DAEMON Tools Lite
2012-01-25 19:10:16 ----D---- C:\WINDOWS\Debug
2012-01-25 19:08:02 ----D---- C:\Program Files\CCleaner
2012-01-16 06:03:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-01-15 19:38:29 ----D---- C:\WINDOWS\system32\Restore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 imagedrv;imagedrv; C:\WINDOWS\System32\Drivers\imagedrv.sys [2008-06-08 11304]
R0 imagesrv;imagesrv; C:\WINDOWS\system32\DRIVERS\imagesrv.sys [2008-06-08 132904]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2011-11-03 64512]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-05-01 43528]
R0 SmartDefragDriver;SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [2010-11-26 14776]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-11-09 717296]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-06-30 138192]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [2010-04-22 14336]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver; C:\WINDOWS\system32\DRIVERS\wfcxacap.sys [2006-03-24 9856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-06-30 66616]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-01-02 9728]
R2 wfcxatun;WinFast TV Analog Tuner Driver; C:\WINDOWS\system32\drivers\wfcxatun.sys [2006-03-24 31616]
R2 WFCXVCAP;WinFast TV Video Capture Driver; C:\WINDOWS\system32\drivers\wfcxvcap.sys [2006-03-24 167296]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-09-30 3565056]
R3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2009-01-18 47360]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 ULCDRHlp;ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver; C:\WINDOWS\system32\drivers\wfcxdtun.sys [2006-03-24 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver; C:\WINDOWS\system32\drivers\wfcxtcap.sys [2006-03-24 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver; C:\WINDOWS\system32\drivers\wfcxxbar.sys [2006-03-24 10368]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-11-22 250496]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys []
S3 acyarvmp;acyarvmp; C:\WINDOWS\system32\drivers\acyarvmp.sys []
S3 ALSysIO;ALSysIO; \??\C:\DOCUME~1\SPOLEC~1\LOCALS~1\Temp\ALSysIO.sys []
S3 AVFSFilter;AVFSFilter; C:\WINDOWS\system32\DRIVERS\avfsfilter.sys []
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\SPOLEC~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2004-08-31 26240]
S3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-01-02 3968]
S3 FlyPCI;FlyPCI; \??\C:\WINDOWS\system32\drivers\FlyPCI.sys []
S3 GcKernel;Ovladač filtru Microsoft SideWinder Value Add; C:\WINDOWS\system32\DRIVERS\GcKernel.sys [2008-04-14 59136]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-11-20 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2007-11-20 20520]
S3 HIDSwvd;Miniovladač stanadardu HID Microsoft SideWinder Virtual; C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 2688]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 kvnet;Kerio Virtual Network Adapter; C:\WINDOWS\system32\DRIVERS\kvnet.sys [2009-03-23 29696]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer; C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RegFilter;RegFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys []
S3 RimUsb;zařízení BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UrlFilter;UrlFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys []
S3 USB_RNDIS;D-Link DSL Bridge/Router; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys []
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288]
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2006-02-20 8336]
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2006-02-20 94064]
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2006-02-20 85408]
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2006-02-20 83344]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WFBDA7700;WinFast DTV Dongle DIB7700; C:\WINDOWS\System32\Drivers\wfbda77.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 FileMonitor;FileMonitor; \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-06-30 269480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-09-30 602112]
R2 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-08-16 222968]
R2 IMFservice;IMF Service; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-07-20 820568]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-07-19 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 71096]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-09-29 593920]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2009-07-08 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2009-07-08 170480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 BBSvc;Bing Bar Update Service; C:\Program Files\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2009-07-08 1108464]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Program Files\ICQ6Toolbar
C:\Program Files\Ask.com
C:\Program Files\Veetle\plugins

:sevices
ICQ Service
BBUpdate

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8dcb7100-df86-4384-8842-8fa844297b3f}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na MoveIt!. Po skenu restartujte PC a dejte log z ComboFix, když už jste ho provedl.

Tak bohuzel OTM nejde spustit!

Tak alespon prikladam log combofixu




ComboFix 12-02-12.01 - Spolecna plocha 12.02.2012 22:24:55.9.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1791.1103 [GMT 1:00]
Spuštěný z: c:\documents and settings\Spolecna plocha\Dokumenty\Downloads\ComboFix.exe
AV: 3.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
c:\windows\system32\Dvbpws.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-12 do 2012-02-12 )))))))))))))))))))))))))))))))
.
.
2012-02-12 18:30 . 2012-02-12 18:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DriverGenius
2012-02-12 18:25 . 2012-02-12 18:27 -------- d-----w- c:\program files\Core Temp
2012-02-12 18:25 . 2012-02-12 18:25 -------- d-----w- c:\program files\Driver-Soft
2012-02-08 18:31 . 2012-02-08 18:31 -------- d-----w- c:\documents and settings\Spolecna plocha\Local Settings\Data aplikací\AskToolbar
2012-02-08 18:31 . 2012-02-08 18:31 -------- d-----w- c:\documents and settings\Spolecna plocha\Local Settings\Data aplikací\APN
2012-02-08 18:29 . 2012-02-11 14:12 -------- d-----w- c:\program files\The KMPlayer
2012-02-08 17:28 . 2012-02-08 17:28 -------- d-----w- c:\documents and settings\Spolecna plocha\Data aplikací\Mirillis
2012-02-08 17:28 . 2012-02-08 17:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Mirillis
2012-02-08 17:27 . 2012-02-11 14:23 -------- d-----w- c:\documents and settings\Spolecna plocha\Local Settings\Data aplikací\Mirillis
2012-02-08 17:24 . 2012-02-08 17:24 -------- d-----w- c:\program files\Mirillis
2012-02-08 16:25 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-02-08 16:23 . 2012-02-12 20:44 -------- d-----w- c:\windows\Logs
2012-02-04 13:31 . 2012-02-04 13:31 -------- d-----w- c:\program files\Common Files\Common Share
2012-02-04 13:31 . 2008-12-18 12:38 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-02-04 13:31 . 2012-02-04 13:31 -------- d-----w- c:\program files\OJOsoft
2012-01-15 17:20 . 2012-02-08 18:31 -------- d-----w- c:\program files\Ask.com
2012-01-15 17:19 . 2012-01-15 17:19 -------- d-----w- c:\program files\DsNET Corp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-02 18:58 . 2011-05-29 05:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-01 22:10 . 2011-09-02 05:09 256 ----a-w- c:\documents and settings\Spolecna plocha\pool.bin
2011-11-25 21:57 . 2002-09-20 18:05 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2002-09-20 17:41 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2002-09-20 18:05 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2002-09-20 18:05 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2002-09-20 18:04 152064 ----a-w- c:\windows\system32\schannel.dll
2009-01-02 14:39 . 2009-01-02 14:39 29 ----a-w- c:\program files\hdtv.sys
2009-01-02 14:39 . 2009-01-02 14:39 23 ----a-w- c:\program files\hfkud16.sys
2012-02-11 17:25 . 2012-01-11 14:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-12-03 18:13 . 2008-12-03 18:13 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\system32\nbDX.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2011-11-03 1187072]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2010-06-09 2920448]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2010-06-09 101888]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Spolecna plocha\Nabídka Start\Programy\Po spuštění\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-1-4 3450608]
.
c:\documents and settings\Spolecna plocha\Nabídka Start\Programy\Po spuštění\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-1-4 3450608]
.
c:\documents and settings\Spolecna plocha\Nabídka Start\Programy\Po spuštění\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-1-4 3450608]
.
c:\documents and settings\Spolecna plocha\Nabídka Start\Programy\Po spuštění\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-1-4 3450608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 14:13 49152 ----a-w- c:\progra~1\COMMON~1\stardock\MCPStub.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-12-21 15:11 210168 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlackBerry Desktop Manager.lnk]
backup=c:\windows\pss\BlackBerry Desktop Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^GammaTray.lnk]
backup=c:\windows\pss\GammaTray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-11-30 19:10 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atiptaxx]
2004-11-30 19:10 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-11-19 20:29 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2004-10-21 22:41 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTVSchdl]
2010-06-09 11:53 101888 ----a-w- c:\program files\WinFast\WFDTV\DTVSchdl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]
2011-05-29 16:30 221184 ----a-w- c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter]
2011-07-20 10:19 4393816 ----a-w- c:\program files\IObit\IObit Malware Fighter\IMF.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jusched]
2007-07-12 02:00 132496 ----a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Language]
2007-12-14 10:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-12-14 10:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicTune.exe]
2011-01-14 15:51 2880000 ----a-w- c:\program files\MagicTune Premium\MagicTune.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicTuneLauncher]
2011-01-04 07:31 51712 ----a-w- c:\program files\MagicTune Premium\MagicTuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qttask]
2008-05-27 08:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 08:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-23 10:52 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WFWIZ]
2010-06-09 14:25 2920448 ----a-w- c:\program files\WinFast\WFDTV\WFWIZ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winampa]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"OEXPRESS"=c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"LanguageShortcut"="c:\program files\cyberlink\powerdvd8\language\language.exe"
"WinFastDTV"=c:\program files\WinFast\WFDTV\DTVSchdl.exe
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe"
"SoundMan"=SOUNDMAN.EXE
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9.9.2011 16:42 64512]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [25.9.2011 10:57 14776]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.11.2008 23:19 717296]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [15.10.2009 13:54 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 3:54 66600]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\drivers\wfcxacap.sys [11.3.2009 16:30 9856]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [27.6.2008 16:50 61424]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [20.4.2009 18:55 136360]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [15.6.2011 17:33 249648]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [3.12.2009 15:42 222968]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [25.9.2011 11:01 820568]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 6:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 6:24 1365288]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [11.3.2009 16:30 31616]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [11.3.2009 16:30 167296]
R3 ALSysIO;ALSysIO;\??\c:\docume~1\SPOLEC~1\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\SPOLEC~1\LOCALS~1\Temp\ALSysIO.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [3.11.2011 12:06 15232]
R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [25.9.2007 17:48 47360]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [15.10.2009 13:54 65576]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [11.3.2009 16:30 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [11.3.2009 16:30 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [11.3.2009 16:30 10368]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3.11.2011 12:06 2152152]
S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys --> c:\windows\system32\DRIVERS\avfsfilter.sys [?]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7.7.2011 19:31 195336]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [2.1.2009 15:08 4134]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [20.11.2007 9:27 13352]
S3 kvnet;Kerio Virtual Network Adapter;c:\windows\system32\drivers\kvnet.sys [23.3.2009 10:25 29696]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [25.9.2011 11:01 30368]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [20.11.2007 9:21 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [20.11.2007 9:21 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [20.11.2007 9:21 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [20.11.2007 9:21 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [20.11.2007 9:21 98568]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [25.9.2011 11:01 16080]
S3 WFBDA7700;WinFast DTV Dongle DIB7700;c:\windows\system32\Drivers\wfbda77.sys --> c:\windows\system32\Drivers\wfbda77.sys [?]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [25.9.2011 11:01 239600]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ALSYSIO
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 11:06]
.
2012-02-12 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 15:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=14672
mWindow Title =
IE: Add to AMV Convert Tool...
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 194.228.41.65
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Spolecna plocha\Data aplikací\Mozilla\Firefox\Profiles\9zrlwtmj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=cs
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=88c39767000000000000000fea584600&tlver=1.4.35.10&affID=108654
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-12 22:48
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-343818398-329068152-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-343818398-329068152-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3A9D25AD-C5D5-44C7-DB35-ADE9BE2F0A17}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"paefhgepephcimaokfjccodgaiolhimc"=hex:61,62,62,65,62,68,6d,6d,6e,63,6f,69,6d,
6b,6e,62,6d,6a,61,62,67,6e,6f,70,6e,61,63,6a,65,6d,67,61,62,61,00,00
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="6BC6E17583D71AA3B369121D997A738FDCBEF53CCBC810685EAC75F92A929B6EC924D4A94AD7B548FE745AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74CA6171C11EC38DE3DA2D97226D213B55544D3A6A13514742D439BF74913F94444E1BBA487410189325A7BFDF2EDD70F2B6CA02BA3040854476A40323640B65FAD5CE8830D57AD8DFA2B92A06A2F3B0809DFE2CC599FDC36FAF14550E750BA4D23A6CB4CAB17F769AA00681A9F784A369BB869BE4522E92DAAD3D570250CCC5CD9BE8E25919A33426DF743B8C2D205B92256B51ABCA57D7348D151148942267E1EE38C9ABFFDA76481F49D315CCEE05772DD005BEC4AD764DF70CC1F0540F4C74C1D561888648E3EBB9DA319C37DC3747333336152B22F038DF50EDB5C5EDBF35833AFF097F297E1815C37ED27760B202284EAF241082BF204EF12772571EF61C53293DB68D26687D0DDED0E89D407070F3FFB37DF75697D86AD8684CD59BB10B16D2C744B31110A351512BCBFB5FA7F5E166CBA292BFB0FEF44D0F614F4BDA7C9F6DA37E5412367553820A1F33D9E00C60277EDEADAE5B8AB0B88290D296771CE2BB487B0381BC26742CAC723111FA5163C0AA44ABE21AFBD9E76579FDE1EDA9824012BF8CEEC63B5EF761F9F5C9BAFAD46C7183B909ACCB8DF9DA407833D7512463DCDDDC3FEB321443DFA0F4E28027E6086648A90348CC7712F9555061278B6B41AFC56D72DC29B05EB13EB18CD249415D10AD583C110273B14926CDC5E3D9B58FBA9A9D1C4C3ABBC050283F086C20AAB67ED10AE0E1C296C676A04FE58C1E4DEF92D75FA0B8E6FB9BDC6F69345AD0F37B9D68160D21AB2F0774E296A2BA74FBA62BF2A20359B940DFEC6BCBFEAD768087073C2654417BB014A53BA20F2B4279E35018B13EE8BDD8DE7479EB6D15A6EB5E4D1C39407C2521295F26CA2C354CE06A672B42B57A1235548753ABF45708D9CA5684743B1F31960C48AC5FBA112BC2C207B903F01C2CF43265E81A484FA465B768DE34D5421C36D775BA4B887A07C93BD65603074FB6379BB78BAB5457CABD44C000413EEE99CFC820BB5E964572A014FDF395CAAFAEFDBF519FDC42E1DE630525EE6F8F40D7F966C24FEA399ADFA7D59FB832C93939E97F57BBAA75B2AB558E72D1F64516FDE06EF91D7FEFB44315595307B0812BBA89892C032B9DD11647D9ED51443609BC0DDFEA5EA98565A2B1CEF5834DCFD0FDE1254EAF9DAB8685B113CA4808373BDBBEFBA973990E6D7D4A308318F9D214C24F978E17B6AE3E6114C3C49729ACFA600547B7E968BDF45B08834DE48BFBBD56E0BF070F5534C671129CD584CFD2DCACD68CD592AB2E7D15525FB6569BC80B2CB42E3C679FCD1EBFCE6D24AC52B"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1052)
c:\windows\system32\Ati2evxx.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
Celkový čas: 2012-02-12 23:00:10
ComboFix-quarantined-files.txt 2012-02-12 22:00
.
Před spuštěním: 7 830 548 480
Po spuštění: 7 787 159 552
.
- - End Of File - - 41953CE5B2716FBFA7681BC6D1A4A482

Nejdříve zkuste spustit OTM v nouz. režimu, případně stáhněte nový a zkuste znovu. Pak pořešíme CF.

Tak jsem stahnul novy OTM,pustil nouzovy rezim a ucinil nekolik marnych pokusu!

Zkuste stáhnout v jiné podobě. Linky:

http://oldtimer.geekstogo.com/OTM.com

nebo

http://oldtimer.geekstogo.com/OTM.scr

Zdravim!
Tak bohuzel-ten OTM z1 linku nejde nainstalovat ani v nouzovem rezimu,a z toho 2 mi nejde nacist stranka!

OK. Dejte log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

ComboFix 12-02-12.01 - Spolecna plocha 14.02.2012 19:47:48.10.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1791.1146 [GMT 1:00]
Spuštěný z: c:\documents and settings\Spolecna plocha\Dokumenty\Downloads\ComboFix.exe
AV: 3.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-14 do 2012-02-14 )))))))))))))))))))))))))))))))
.
.
2012-02-13 17:02 . 2012-02-13 17:02 -------- d-----w- C:\rsit
2012-02-13 17:02 . 2012-02-13 17:02 -------- d-----w- c:\program files\trend micro
2012-02-12 18:30 . 2012-02-12 18:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DriverGenius
2012-02-12 18:25 . 2012-02-12 18:27 -------- d-----w- c:\program files\Core Temp
2012-02-12 18:25 . 2012-02-12 18:25 -------- d-----w- c:\program files\Driver-Soft
2012-02-08 18:31 . 2012-02-08 18:31 -------- d-----w- c:\documents and settings\Spolecna plocha\Local Settings\Data aplikací\AskToolbar
2012-02-08 18:31 . 2012-02-08 18:31 -------- d-----w- c:\documents and settings\Spolecna plocha\Local Settings\Data aplikací\APN
2012-02-08 18:29 . 2012-02-11 14:12 -------- d-----w- c:\program files\The KMPlayer
2012-02-08 17:28 . 2012-02-08 17:28 -------- d-----w- c:\documents and settings\Spolecna plocha\Data aplikací\Mirillis
2012-02-08 17:28 . 2012-02-08 17:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Mirillis
2012-02-08 17:27 . 2012-02-11 14:23 -------- d-----w- c:\documents and settings\Spolecna plocha\Local Settings\Data aplikací\Mirillis
2012-02-08 17:24 . 2012-02-08 17:24 -------- d-----w- c:\program files\Mirillis
2012-02-08 16:25 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-02-08 16:23 . 2012-02-12 20:44 -------- d-----w- c:\windows\Logs
2012-02-04 13:31 . 2012-02-04 13:31 -------- d-----w- c:\program files\Common Files\Common Share
2012-02-04 13:31 . 2008-12-18 12:38 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-02-04 13:31 . 2012-02-04 13:31 -------- d-----w- c:\program files\OJOsoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-02 18:58 . 2011-05-29 05:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-01 22:10 . 2011-09-02 05:09 256 ----a-w- c:\documents and settings\Spolecna plocha\pool.bin
2011-11-25 21:57 . 2002-09-20 18:05 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2002-09-20 17:41 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2002-09-20 18:05 60416 ----a-w- c:\windows\system32\packager.exe
2009-01-02 14:39 . 2009-01-02 14:39 29 ----a-w- c:\program files\hdtv.sys
2009-01-02 14:39 . 2009-01-02 14:39 23 ----a-w- c:\program files\hfkud16.sys
2012-02-11 17:25 . 2012-01-11 14:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-12-03 18:13 . 2008-12-03 18:13 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-12_21.49.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-14 18:12 . 2012-02-14 18:12 16384 c:\windows\Temp\Perflib_Perfdata_3b8.dat
+ 2007-04-13 19:20 . 2012-02-14 18:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-04-13 19:20 . 2012-02-10 14:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-04-13 19:20 . 2012-02-10 14:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-04-13 19:20 . 2012-02-14 18:41 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-15 10:52 . 2012-02-14 18:41 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-10-15 10:52 . 2012-02-10 14:45 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2012-02-13 16:31 . 2012-02-14 18:41 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2012-01-27 15:21 . 2012-02-10 14:45 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2011-11-03 1187072]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2010-06-09 2920448]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2010-06-09 101888]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Spolecna plocha\Nabídka Start\Programy\Po spuštění\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-1-4 3450608]
.
c:\documents and settings\Spolecna plocha\Nabídka Start\Programy\Po spuštění\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-1-4 3450608]
.
c:\documents and settings\Spolecna plocha\Nabídka Start\Programy\Po spuštění\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-1-4 3450608]
.
c:\documents and settings\Spolecna plocha\Nabídka Start\Programy\Po spuštění\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-1-4 3450608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 14:13 49152 ----a-w- c:\progra~1\COMMON~1\stardock\MCPStub.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-12-21 15:11 210168 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlackBerry Desktop Manager.lnk]
backup=c:\windows\pss\BlackBerry Desktop Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^GammaTray.lnk]
backup=c:\windows\pss\GammaTray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-11-30 19:10 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atiptaxx]
2004-11-30 19:10 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-11-19 20:29 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2004-10-21 22:41 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTVSchdl]
2010-06-09 11:53 101888 ----a-w- c:\program files\WinFast\WFDTV\DTVSchdl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]
2011-05-29 16:30 221184 ----a-w- c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter]
2011-07-20 10:19 4393816 ----a-w- c:\program files\IObit\IObit Malware Fighter\IMF.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jusched]
2007-07-12 02:00 132496 ----a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Language]
2007-12-14 10:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-12-14 10:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicTune.exe]
2011-01-14 15:51 2880000 ----a-w- c:\program files\MagicTune Premium\MagicTune.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicTuneLauncher]
2011-01-04 07:31 51712 ----a-w- c:\program files\MagicTune Premium\MagicTuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qttask]
2008-05-27 08:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 08:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-23 10:52 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WFWIZ]
2010-06-09 14:25 2920448 ----a-w- c:\program files\WinFast\WFDTV\WFWIZ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winampa]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"OEXPRESS"=c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"LanguageShortcut"="c:\program files\cyberlink\powerdvd8\language\language.exe"
"WinFastDTV"=c:\program files\WinFast\WFDTV\DTVSchdl.exe
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe"
"SoundMan"=SOUNDMAN.EXE
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9.9.2011 16:42 64512]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [25.9.2011 10:57 14776]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.11.2008 23:19 717296]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [15.10.2009 13:54 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 3:54 66600]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\drivers\wfcxacap.sys [11.3.2009 16:30 9856]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [27.6.2008 16:50 61424]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [20.4.2009 18:55 136360]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [15.6.2011 17:33 249648]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [3.12.2009 15:42 222968]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [25.9.2011 11:01 820568]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 6:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 6:24 1365288]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [11.3.2009 16:30 31616]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [11.3.2009 16:30 167296]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [3.11.2011 12:06 15232]
R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [25.9.2007 17:48 47360]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [15.10.2009 13:54 65576]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [11.3.2009 16:30 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [11.3.2009 16:30 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [11.3.2009 16:30 10368]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3.11.2011 12:06 2152152]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\SPOLEC~1\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\SPOLEC~1\LOCALS~1\Temp\ALSysIO.sys [?]
S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys --> c:\windows\system32\DRIVERS\avfsfilter.sys [?]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7.7.2011 19:31 195336]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [2.1.2009 15:08 4134]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [20.11.2007 9:27 13352]
S3 kvnet;Kerio Virtual Network Adapter;c:\windows\system32\drivers\kvnet.sys [23.3.2009 10:25 29696]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [25.9.2011 11:01 30368]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [20.11.2007 9:21 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [20.11.2007 9:21 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [20.11.2007 9:21 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [20.11.2007 9:21 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [20.11.2007 9:21 98568]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [25.9.2011 11:01 16080]
S3 WFBDA7700;WinFast DTV Dongle DIB7700;c:\windows\system32\Drivers\wfbda77.sys --> c:\windows\system32\Drivers\wfbda77.sys [?]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [25.9.2011 11:01 239600]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 11:06]
.
2012-02-14 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 15:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=14672
mWindow Title =
IE: Add to AMV Convert Tool...
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 194.228.41.65
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Spolecna plocha\Data aplikací\Mozilla\Firefox\Profiles\9zrlwtmj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=cs
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=88c39767000000000000000fea584600&tlver=1.4.35.10&affID=108654
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-14 20:00
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-343818398-329068152-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-343818398-329068152-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3A9D25AD-C5D5-44C7-DB35-ADE9BE2F0A17}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"paefhgepephcimaokfjccodgaiolhimc"=hex:61,62,62,65,62,68,6d,6d,6e,63,6f,69,6d,
6b,6e,62,6d,6a,61,62,67,6e,6f,70,6e,61,63,6a,65,6d,67,61,62,61,00,00
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="6BC6E17583D71AA3B369121D997A738FDCBEF53CCBC810685EAC75F92A929B6EC924D4A94AD7B548FE745AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74CA6171C11EC38DE3DA2D97226D213B55544D3A6A13514742D439BF74913F94444E1BBA487410189325A7BFDF2EDD70F2B6CA02BA3040854476A40323640B65FAD5CE8830D57AD8DFA2B92A06A2F3B0809DFE2CC599FDC36FAF14550E750BA4D23A6CB4CAB17F769AA00681A9F784A369BB869BE4522E92DAAD3D570250CCC5CD9BE8E25919A33426DF743B8C2D205B92256B51ABCA57D7348D151148942267E1EE38C9ABFFDA76481F49D315CCEE05772DD005BEC4AD764DF70CC1F0540F4C74C1D561888648E3EBB9DA319C37DC3747333336152B22F038DF50EDB5C5EDBF35833AFF097F297E1815C37ED27760B202284EAF241082BF204EF12772571EF61C53293DB68D26687D0DDED0E89D407070F3FFB37DF75697D86AD8684CD59BB10B16D2C744B31110A351512BCBFB5FA7F5E166CBA292BFB0FEF44D0F614F4BDA7C9F6DA37E5412367553820A1F33D9E00C60277EDEADAE5B8AB0B88290D296771CE2BB487B0381BC26742CAC723111FA5163C0AA44ABE21AFBD9E76579FDE1EDA9824012BF8CEEC63B5EF761F9F5C9BAFAD46C7183B909ACCB8DF9DA407833D7512463DCDDDC3FEB321443DFA0F4E28027E6086648A90348CC7712F9555061278B6B41AFC56D72DC29B05EB13EB18CD249415D10AD583C110273B14926CDC5E3D9B58FBA9A9D1C4C3ABBC050283F086C20AAB67ED10AE0E1C296C676A04FE58C1E4DEF92D75FA0B8E6FB9BDC6F69345AD0F37B9D68160D21AB2F0774E296A2BA74FBA62BF2A20359B940DFEC6BCBFEAD768087073C2654417BB014A53BA20F2B4279E35018B13EE8BDD8DE7479EB6D15A6EB5E4D1C39407C2521295F26CA2C354CE06A672B42B57A1235548753ABF45708D9CA5684743B1F31960C48AC5FBA112BC2C207B903F01C2CF43265E81A484FA465B768DE34D5421C36D775BA4B887A07C93BD65603074FB6379BB78BAB5457CABD44C000413EEE99CFC820BB5E964572A014FDF395CAAFAEFDBF519FDC42E1DE630525EE6F8F40D7F966C24FEA399ADFA7D59FB832C93939E97F57BBAA75B2AB558E72D1F64516FDE06EF91D7FEFB44315595307B0812BBA89892C032B9DD11647D9ED51443609BC0DDFEA5EA98565A2B1CEF5834DCFD0FDE1254EAF9DAB8685B113CA4808373BDBBEFBA973990E6D7D4A308318F9D214C24F978E17B6AE3E6114C3C49729ACFA600547B7E968BDF45B08834DE48BFBBD56E0BF070F5534C671129CD584CFD2DCACD68CD592AB2E7D15525FB6569BC80B2CB42E3C679FCD1EBFCE6D24AC52B"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1052)
c:\windows\system32\Ati2evxx.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
- - - - - - - > 'explorer.exe'(3852)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\progra~1\COMMON~1\stardock\MCPCore.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\tray.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-02-14 20:05:28
ComboFix-quarantined-files.txt 2012-02-14 19:05
ComboFix2.txt 2012-02-12 22:00
.
Před spuštěním: Volných bajtů: 10 856 734 720
Po spuštění: Volných bajtů: 10 836 836 352
.
- - End Of File - - CEC816760B3FAE22D06E7CE0F7D0B037

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\program files\Ask.com
c:\program files\ICQ6Toolbar

Driver::
ICQ Service

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-

Firefox::
FF - ProfilePath - c:\documents and settings\Spolecna plocha\Data aplikací\Mozilla\Firefox\Profiles\9zrlwtmj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=88c39767000000000000000fea584600&tlver=1.4.35.10&affID=108654

RegLock::
[HKEY_USERS\S-1-5-21-343818398-329068152-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

Regnull::
[HKEY_USERS\S-1-5-21-343818398-329068152-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3A9D25AD-C5D5-44C7-DB35-ADE9BE2F0A17}*]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Tak jsem to udelal,dle vaseho navodu,zlepseni zadne!Ale uz vim co mi tak zatezuje procesor!Dosel jsem na to nahodne,kdyz po tom prvnim dnesnim pouziti combofixu to po nechtelo restart pc,a tim padem zustaly zavreny ant.progr.-avira a ad aware!Pocitac v tu chvily jel krasne svizne,dokonce jsem se svym jednojadrem rozjel format MKV!Takze postupnym zapnutim jsem prisel na to ze to dela ad-aware,ale ve spravci uloh se mi to neukazuje!!Proc to dela?




ComboFix 12-02-12.01 - Spolecna plocha 14.02.2012 20:59:42.11.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1791.1139 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\Spolecna plocha\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\Spolecna plocha\Plocha\CFScript.txt..txt
AV: 3.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}


((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))


c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_1c5.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Thumbs.db
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Thumbs.db
c:\program files\ICQ6Toolbar\Version.txt
C:\WINDOWS\system32\Dvbpws.dll


((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICQ_SERVICE
-------\Service_ICQ Service


((((((((((((((((((((((((( Soubory vytvořené od 2012-01-14 do 2012-02-14 )))))))))))))))))))))))))))))))


2012-02-13 17:02:33 . 2012-02-13 17:02:42 -------- d-----w- C:\rsit
2012-02-13 17:02:33 . 2012-02-13 17:02:37 -------- d-----w- C:\Program Files\trend micro
2012-02-12 18:30:42 . 2012-02-12 18:32:07 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\DriverGenius
2012-02-12 18:25:27 . 2012-02-12 18:27:49 -------- d-----w- C:\Program Files\Core Temp
2012-02-12 18:25:17 . 2012-02-12 18:25:17 -------- d-----w- C:\Program Files\Driver-Soft
2012-02-08 18:31:10 . 2012-02-08 18:31:33 -------- d-----w- C:\Documents and Settings\Spolecna plocha\Local Settings\Data aplikací\AskToolbar
2012-02-08 18:31:04 . 2012-02-08 18:31:04 -------- d-----w- C:\Documents and Settings\Spolecna plocha\Local Settings\Data aplikací\APN
2012-02-08 18:29:03 . 2012-02-14 19:38:10 -------- d-----w- C:\Program Files\The KMPlayer
2012-02-08 17:28:00 . 2012-02-08 17:28:00 -------- d-----w- C:\Documents and Settings\Spolecna plocha\Data aplikací\Mirillis
2012-02-08 17:28:00 . 2012-02-08 17:28:00 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Mirillis
2012-02-08 17:27:59 . 2012-02-14 19:40:00 -------- d-----w- C:\Documents and Settings\Spolecna plocha\Local Settings\Data aplikací\Mirillis
2012-02-08 17:24:55 . 2012-02-08 17:24:55 -------- d-----w- C:\Program Files\Mirillis
2012-02-08 16:25:59 . 2009-09-04 16:29:32 1974616 ----a-w- C:\WINDOWS\system32\D3DCompiler_42.dll
2012-02-08 16:23:41 . 2012-02-12 20:44:55 -------- d-----w- C:\WINDOWS\Logs
2012-02-04 13:31:17 . 2012-02-04 13:31:18 -------- d-----w- C:\Program Files\Common Files\Common Share
2012-02-04 13:31:16 . 2008-12-18 12:38:30 1700352 ----a-w- C:\WINDOWS\system32\gdiplus.dll
2012-02-04 13:31:13 . 2012-02-04 13:31:13 -------- d-----w- C:\Program Files\OJOsoft
.


(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-01-02 18:58:02 . 2011-05-29 05:24:53 414368 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2012-01-01 22:10:25 . 2011-09-02 05:09:06 256 ----a-w- C:\Documents and Settings\Spolecna plocha\pool.bin
2011-11-25 21:57:27 . 2002-09-20 18:05:00 293376 ----a-w- C:\WINDOWS\system32\winsrv.dll
2011-11-23 14:40:43 . 2002-09-20 17:41:20 1859584 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-11-20 06:12:48 . 2002-09-20 18:05:38 60416 ----a-w- C:\WINDOWS\system32\packager.exe
2009-01-02 14:39:56 . 2009-01-02 14:39:56 29 ----a-w- C:\Program Files\hdtv.sys
2009-01-02 14:39:32 . 2009-01-02 14:39:32 23 ----a-w- C:\Program Files\hfkud16.sys
2012-02-11 17:25:40 . 2012-01-11 14:11:34 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll
2008-12-03 18:13:01 . 2008-12-03 18:13:02 122880 ----a-w- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 10:06:54 163328 --sha-r- C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sha-r- C:\WINDOWS\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sha-r- C:\WINDOWS\system32\nbDX.dll


((((((((((((((((((((((((((((( SnapShot@2012-02-12_21.49.03 )))))))))))))))))))))))))))))))))))))))))

+ 2012-02-14 20:14:38 . 2012-02-14 20:14:38 16384 C:\WINDOWS\temp\Perflib_Perfdata_3f8.dat
+ 2007-04-13 19:20:20 . 2012-02-14 19:45:21 32768 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-04-13 19:20:20 . 2012-02-10 14:45:51 32768 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-04-13 19:20:20 . 2012-02-10 14:45:51 32768 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-04-13 19:20:20 . 2012-02-14 19:45:21 32768 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-15 10:52:38 . 2012-02-14 19:45:21 16384 C:\WINDOWS\system32\config\systemprofile\IETldCache\index.dat
- 2009-10-15 10:52:38 . 2012-02-10 14:45:51 16384 C:\WINDOWS\system32\config\systemprofile\IETldCache\index.dat
+ 2012-02-14 19:45:21 . 2012-02-14 19:45:21 16384 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2012-01-27 15:21:01 . 2012-02-10 14:45:51 16384 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))


*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 12:58:52 495616]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe" [2011-11-03 11:06:56 1187072]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2010-06-09 14:25:32 2920448]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 07:14:36 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 15:09:56 281768]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2010-06-09 11:53:26 101888]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 10:31:24 236016]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 09:44:34 31072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 06:52:18 15360]

C:\Documents and Settings\Spolecna plocha\Nabídka Start\Programy\Po spuštění\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2009-1-4 3450608]

C:\Documents and Settings\Spolecna plocha\Nabídka Start\Programy\Po spuštění\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2009-1-4 3450608]

C:\Documents and Settings\Spolecna plocha\Nabídka Start\Programy\Po spuštění\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2009-1-4 3450608]

C:\Documents and Settings\Spolecna plocha\Nabídka Start\Programy\Po spuštění\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2009-1-4 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 14:13:38 49152 ----a-w- C:\PROGRA~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-12-21 15:11:58 210168 ----a-w- C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlackBerry Desktop Manager.lnk]
backup=C:\WINDOWS\pss\BlackBerry Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^GammaTray.lnk]
backup=C:\WINDOWS\pss\GammaTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-11-30 19:10:00 344064 ----a-w- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atiptaxx]
2004-11-30 19:10:00 344064 ----a-w- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-11-19 20:29:16 623960 ----a-w- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2004-10-21 22:41:49 57344 ----a-w- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTVSchdl]
2010-06-09 11:53:26 101888 ----a-w- C:\Program Files\WinFast\WFDTV\DTVSchdl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]
2011-05-29 16:30:46 221184 ----a-w- C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44:34 31072 ----a-w- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter]
2011-07-20 10:19:44 4393816 ----a-w- C:\Program Files\IObit\IObit Malware Fighter\IMF.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jusched]
2007-07-12 02:00:36 132496 ----a-w- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Language]
2007-12-14 10:36:42 50472 ------w- c:\Program Files\CyberLink\PowerDVD8\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-12-14 10:36:42 50472 ------w- c:\Program Files\CyberLink\PowerDVD8\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicTune.exe]
2011-01-14 15:51:14 2880000 ----a-w- C:\Program Files\MagicTune Premium\MagicTune.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicTuneLauncher]
2011-01-04 07:31:48 51712 ----a-w- C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qttask]
2008-05-27 08:50:30 413696 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 08:50:30 413696 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06:06 254696 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-23 10:52:48 198160 ----a-w- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WFWIZ]
2010-06-09 14:25:32 2920448 ----a-w- C:\Program Files\WinFast\WFDTV\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winampa]
2009-07-01 16:37:06 37888 ----a-w- C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37:06 37888 ----a-w- C:\Program Files\Winamp\winampa.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
"OEXPRESS"=C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"LanguageShortcut"="c:\program files\cyberlink\powerdvd8\language\language.exe"
"WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
"SoundMan"=SOUNDMAN.EXE
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

Log není kompletní, je ale vidět, že CF smazal, co jsme potřebovali. Budete asi muset vyzkoušet jiný antispy. Nevím proč, ale na vašem stroji se zřejmě s Avirou nesnáší.

Tak jo,jdu ho smaznout,zkusim neco jineho!Na zbytky po combu.asi T Cleaner,ze?
Dekuju moc za pomoc a zdravim do Plzne!

Ano, T-Cleanerem CF odinstalujete. Nemáte zač a děkuji za pozdrav!