VIRY.CZ

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_35
Run by PC at 10:45:01 on 2013-01-28
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.2047.969 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\programy...ICQ atd\Avira\AntiVir Desktop\avguard.exe
C:\programy...ICQ atd\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\programy...ICQ atd\Avira\AntiVir Desktop\sched.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\ProgramData\GBox\GBox.exe
C:\ProgramData\Codec\Codec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\vVX1000.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\programy...ICQ atd\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\programy...ICQ atd\ICQ7.5\ICQ.exe
C:\programy...ICQ atd\DAEMON Tools Lite\DTLite.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.gboxapp.com/
mStart Page = hxxp://search.gboxapp.com/
uURLSearchHooks: ICQToolBar: {855F3B16-6D32-4fe6-8A56-BBB695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: ToolbarURLSearchHook Class: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - c:\program files\any video to dvd db toolbar\tbhelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - c:\program files\any video to dvd db toolbar\tbcore3.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo\YontooIEClient.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Any Video To DVD DB Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - c:\program files\any video to dvd db toolbar\tbcore3.dll
TB: ICQToolBar: {855F3B16-6D32-4FE6-8A56-BBB695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Any Video To DVD DB Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - c:\program files\any video to dvd db toolbar\tbcore3.dll
EB: ICQToolBar: {855F3B16-6D32-4FE6-8A56-BBB695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [ICQ] "c:\programy...icq atd\icq7.5\ICQ.exe" silent loginmode=4
uRun: [Google Update] "c:\users\pc\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [MSIDLL] rundll32.exe msindr32.dll,mcoOpCt
uRun: [DAEMON Tools Lite] "c:\programy...icq atd\daemon tools lite\DTLite.exe" -autorun
uRun: [beimopx] rundll32 "c:\users\pc\appdata\local\beimopx.dll",beimopx
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [avgnt] "c:\programy...icq atd\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programy...icq atd\icq7.5\ICQ.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.101.254
TCP: Interfaces\{AA4624D1-FAEC-4FBF-ACA4-D2DD8519BA54} : DHCPNameServer = 192.168.101.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pc\appdata\roaming\mozilla\firefox\profiles\9mvvu9pn.default-1357917134152\
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\programy...icq atd\picasa3\npPicasa3.dll
FF - plugin: c:\users\pc\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\pc\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\pc\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-12-06 12:16; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2012-12-06 12:16; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2013-01-26 16:24; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\pc\appdata\roaming\mozilla\firefox\profiles\9mvvu9pn.default-1357917134152\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-2-11 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-6-6 242240]
R2 AntiVirService;Avira Realtime Protection;c:\programy...icq atd\avira\antivir desktop\avguard.exe [2012-2-11 110032]
R2 AntiVirSchedulerService;Avira Scheduler;c:\programy...icq atd\avira\antivir desktop\sched.exe [2012-2-11 86224]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-2-11 83392]
R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2011-9-4 247872]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-3-11 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-10-2 382824]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2009-6-25 47104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-13 1343400]
.
=============== Created Last 30 ================
.
2013-01-28 09:40:23 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2013-01-28 09:40:23 -------- d-----w- c:\programdata\RegRun
2013-01-28 09:40:19 2 --shatr- c:\windows\winstart.bat
2013-01-28 09:40:14 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2013-01-28 09:40:11 -------- d-----w- c:\program files\UnHackMe
2013-01-25 08:24:43 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a321b1bd-c315-458a-9b34-7268ebb5976b}\mpengine.dll
2013-01-13 21:34:38 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-01-13 21:34:38 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-01-13 21:12:07 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-01-13 21:12:07 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-01-13 21:12:07 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-01-13 21:11:29 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-01-13 21:11:29 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-01-13 21:11:29 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-01-13 21:11:29 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-01-13 21:11:28 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-01-13 21:11:28 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-01-13 21:11:28 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-01-13 12:06:46 316928 ----a-w- c:\windows\system32\spoolsv.exe
2013-01-13 12:06:44 627712 ----a-w- c:\windows\system32\usp10.dll
2013-01-13 12:06:43 2344960 ----a-w- c:\windows\system32\win32k.sys
2013-01-13 12:06:40 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-01-13 12:06:13 376832 ----a-w- c:\windows\system32\dpnet.dll
2013-01-13 12:05:58 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-13 12:05:08 139264 ----a-w- c:\windows\system32\cryptsvc.dll
2013-01-13 12:05:08 1157632 ----a-w- c:\windows\system32\crypt32.dll
2013-01-13 12:05:07 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-01-13 12:03:32 987136 ----a-w- c:\program files\common files\system\ado\msado15.dll
2013-01-13 12:03:26 400896 ----a-w- c:\windows\system32\srcore.dll
2013-01-13 12:03:24 41472 ----a-w- c:\windows\system32\browcli.dll
2013-01-13 12:03:24 102912 ----a-w- c:\windows\system32\browser.dll
2013-01-13 12:01:59 245616 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-01-13 11:59:50 2048 ----a-w- c:\windows\system32\tzres.dll
2013-01-13 11:16:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-01-13 11:15:52 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-01-13 11:15:25 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-01-13 11:15:25 171904 ----a-w- c:\windows\system32\wuwebv.dll
.
==================== Find3M ====================
.
2013-01-11 11:10:30 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-11 11:10:30 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-07 05:04:20 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 04:57:38 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-11-30 05:06:15 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 05:00:06 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 03:07:41 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:51:41 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:51:41 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:51:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:51:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-20 05:10:07 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-02 04:50:33 1388544 ----a-w- c:\windows\system32\msxml6.dll
.
============= FINISH: 10:46:06,07 ===============

Logfile of random's system information tool 1.09 (written by random/random)
Run by PC at 2013-01-28 10:48:15
Microsoft Windows 7 Ultimate
System drive C: has 123 GB (26%) free of 477 GB
Total RAM: 2047 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:48:31, on 28. 1. 2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\vVX1000.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\programy...ICQ atd\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\programy...ICQ atd\ICQ7.5\ICQ.exe
C:\programy...ICQ atd\DAEMON Tools Lite\DTLite.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\PC\Desktop\RSIT.exe
C:\Program Files\trend micro\PC.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Any Video To DVD DB Toolbar\tbhelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Any Video To DVD DB Toolbar\tbcore3.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Any Video To DVD DB Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Any Video To DVD DB Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [avgnt] "C:\programy...ICQ atd\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ICQ] "C:\programy...ICQ atd\ICQ7.5\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Google Update] "C:\Users\PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSIDLL] rundll32.exe msindr32.dll,mcoOpCt
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\programy...ICQ atd\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [beimopx] rundll32 "C:\Users\PC\AppData\Local\beimopx.dll",beimopx
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3384901290-699941994-493446988-1008\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3384901290-699941994-493446988-1008\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\programy...ICQ atd\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\programy...ICQ atd\ICQ7.5\ICQ.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\programy...ICQ atd\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\programy...ICQ atd\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 10852 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\CodecUpdaterTask{B623ED10-4D7E-4AD9-91E2-4A21D181B8EA}.job
C:\Windows\tasks\GBoxUpdaterTask{3429A4A9-EA88-40A3-B35E-01A85DA96801}.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3384901290-699941994-493446988-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3384901290-699941994-493446988-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\9mvvu9pn.default-1357917134152

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.146 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@bittorrent.com/BitTorrentDNA]
"Description"=Delivery Network Acceleration by BitTorrent™
"Path"=C:\Program Files\DNA\plugins\npbtdna.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@esn.me/esnsonar,version=0.70.0]
"Description"=ESN Sonar browser plugin
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\programy...ICQ atd\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35]
"Description"=
"Path"=C:\Windows\system32\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
npbittorrent.dll
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-09-04 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-04-15 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-09-04 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
SMTTB2009 Class - C:\Program Files\Any Video To DVD DB Toolbar\tbcore3.dll [2010-02-16 2495488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
Yontoo - C:\Program Files\Yontoo\YontooIEClient.dll [2011-12-09 194848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2011-07-20 1055808]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-20 988480]
{338B4DFE-2E2C-4338-9E41-E176D497299E} - Any Video To DVD DB Toolbar - C:\Program Files\Any Video To DVD DB Toolbar\tbcore3.dll [2010-02-16 2495488]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"VX1000"=C:\Windows\vVX1000.exe [2010-05-20 762736]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2010-05-20 119152]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2010-06-14 153672]
"avgnt"=C:\programy...ICQ atd\Avira\AntiVir Desktop\avgnt.exe [2012-08-09 348664]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files\Steam\Steam.exe [2013-01-12 1354736]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
"ICQ"=C:\programy...ICQ atd\ICQ7.5\ICQ.exe [2011-08-01 124480]
"Google Update"=C:\Users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-18 136176]
"MSIDLL"=msindr32.dll,mcoOpCt []
"DAEMON Tools Lite"=C:\programy...ICQ atd\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]
"beimopx"=rundll32 C:\Users\PC\AppData\Local\beimopx.dll,beimopx []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-01-08 18705664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\programy...ICQ atd\BitTorrent\bittorrent.exe"="C:\programy...ICQ atd\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-01-28 10:48:15 ----D---- C:\rsit
2013-01-28 10:48:15 ----D---- C:\Program Files\trend micro
2013-01-28 10:40:23 ----D---- C:\ProgramData\RegRun
2013-01-28 10:40:23 ----A---- C:\Windows\system32\drivers\Partizan.sys
2013-01-28 10:40:19 ----RASHOT---- C:\Windows\winstart.bat
2013-01-28 10:40:14 ----A---- C:\Windows\system32\drivers\UnHackMeDrv.sys
2013-01-28 10:40:11 ----D---- C:\Program Files\UnHackMe
2013-01-26 15:33:47 ----D---- C:\Program Files\Common Files\Skype
2013-01-19 11:58:01 ----D---- C:\Program Files\Mozilla Firefox
2013-01-13 22:34:38 ----A---- C:\Windows\system32\atmlib.dll
2013-01-13 22:34:38 ----A---- C:\Windows\system32\atmfd.dll
2013-01-13 22:26:14 ----A---- C:\Windows\system32\vbscript.dll
2013-01-13 22:26:14 ----A---- C:\Windows\system32\mshtmled.dll
2013-01-13 22:26:14 ----A---- C:\Windows\system32\jsproxy.dll
2013-01-13 22:26:14 ----A---- C:\Windows\system32\ieUnatt.exe
2013-01-13 22:26:14 ----A---- C:\Windows\system32\ieui.dll
2013-01-13 22:26:13 ----A---- C:\Windows\system32\wininet.dll
2013-01-13 22:26:13 ----A---- C:\Windows\system32\url.dll
2013-01-13 22:26:13 ----A---- C:\Windows\system32\msfeeds.dll
2013-01-13 22:26:13 ----A---- C:\Windows\system32\jscript9.dll
2013-01-13 22:26:13 ----A---- C:\Windows\system32\jscript.dll
2013-01-13 22:26:12 ----A---- C:\Windows\system32\urlmon.dll
2013-01-13 22:26:12 ----A---- C:\Windows\system32\iertutil.dll
2013-01-13 22:26:12 ----A---- C:\Windows\system32\ieframe.dll
2013-01-13 22:26:10 ----A---- C:\Windows\system32\mshtml.dll
2013-01-13 22:12:07 ----A---- C:\Windows\system32\Wdfres.dll
2013-01-13 22:12:07 ----A---- C:\Windows\system32\drivers\WdfLdr.sys
2013-01-13 22:12:07 ----A---- C:\Windows\system32\drivers\Wdf01000.sys
2013-01-13 22:11:29 ----A---- C:\Windows\system32\WUDFSvc.dll
2013-01-13 22:11:29 ----A---- C:\Windows\system32\WUDFPlatform.dll
2013-01-13 22:11:29 ----A---- C:\Windows\system32\drivers\WUDFRd.sys
2013-01-13 22:11:29 ----A---- C:\Windows\system32\drivers\WUDFPf.sys
2013-01-13 22:11:28 ----A---- C:\Windows\system32\WUDFx.dll
2013-01-13 22:11:28 ----A---- C:\Windows\system32\WUDFHost.exe
2013-01-13 22:11:28 ----A---- C:\Windows\system32\WUDFCoinstaller.dll
2013-01-13 13:06:46 ----A---- C:\Windows\system32\spoolsv.exe
2013-01-13 13:06:44 ----A---- C:\Windows\system32\usp10.dll
2013-01-13 13:06:43 ----A---- C:\Windows\system32\win32k.sys
2013-01-13 13:06:40 ----A---- C:\Windows\system32\wintrust.dll
2013-01-13 13:06:13 ----A---- C:\Windows\system32\dpnet.dll
2013-01-13 13:05:58 ----A---- C:\Windows\system32\win32spl.dll
2013-01-13 13:05:08 ----A---- C:\Windows\system32\cryptsvc.dll
2013-01-13 13:05:08 ----A---- C:\Windows\system32\crypt32.dll
2013-01-13 13:05:07 ----A---- C:\Windows\system32\cryptnet.dll
2013-01-13 13:04:46 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2013-01-13 13:04:44 ----A---- C:\Windows\system32\schannel.dll
2013-01-13 13:04:44 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2013-01-13 13:04:44 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2013-01-13 13:04:44 ----A---- C:\Windows\system32\drivers\cng.sys
2013-01-13 13:04:40 ----A---- C:\Windows\system32\msxml3.dll
2013-01-13 13:04:30 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-01-13 13:04:25 ----A---- C:\Windows\system32\drivers\ntfs.sys
2013-01-13 13:04:22 ----A---- C:\Windows\system32\msxml6.dll
2013-01-13 13:04:02 ----A---- C:\Windows\system32\KernelBase.dll
2013-01-13 13:04:01 ----A---- C:\Windows\system32\winsrv.dll
2013-01-13 13:04:01 ----A---- C:\Windows\system32\kernel32.dll
2013-01-13 13:04:01 ----A---- C:\Windows\system32\conhost.exe
2013-01-13 13:04:00 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-13 13:04:00 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-13 13:04:00 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-01-13 13:04:00 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-13 13:04:00 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-13 13:04:00 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-01-13 13:04:00 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-13 13:04:00 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-13 13:04:00 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-01-13 13:04:00 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-13 13:04:00 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-13 13:04:00 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-13 13:04:00 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-01-13 13:04:00 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-01-13 13:04:00 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-13 13:04:00 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-13 13:04:00 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-13 13:04:00 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-01-13 13:04:00 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-13 13:04:00 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-01-13 13:04:00 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-01-13 13:04:00 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-01-13 13:04:00 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-13 13:04:00 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-13 13:04:00 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-13 13:04:00 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-01-13 13:04:00 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-13 13:04:00 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-13 13:03:26 ----A---- C:\Windows\system32\srcore.dll
2013-01-13 13:03:24 ----A---- C:\Windows\system32\netapi32.dll
2013-01-13 13:03:24 ----A---- C:\Windows\system32\browser.dll
2013-01-13 13:03:24 ----A---- C:\Windows\system32\browcli.dll
2013-01-13 13:02:59 ----A---- C:\Windows\system32\kerberos.dll
2013-01-13 13:02:56 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-01-13 13:02:56 ----A---- C:\Windows\system32\ntkrnlpa.exe
2013-01-13 13:02:53 ----A---- C:\Windows\system32\msi.dll
2013-01-13 13:02:51 ----A---- C:\Windows\system32\d3d10level9.dll
2013-01-13 13:02:45 ----A---- C:\Windows\system32\Wpc.dll
2013-01-13 13:02:45 ----A---- C:\Windows\system32\gameux.dll
2013-01-13 13:02:11 ----A---- C:\Windows\system32\ncrypt.dll
2013-01-13 13:02:09 ----A---- C:\Windows\system32\rdrmemptylst.exe
2013-01-13 13:02:09 ----A---- C:\Windows\system32\rdpwsx.dll
2013-01-13 13:02:09 ----A---- C:\Windows\system32\rdpcorekmts.dll
2013-01-13 13:02:08 ----A---- C:\Windows\system32\drivers\partmgr.sys
2013-01-13 13:02:06 ----A---- C:\Windows\system32\profsvc.dll
2013-01-13 13:02:05 ----A---- C:\Windows\system32\synceng.dll
2013-01-13 13:02:03 ----A---- C:\Windows\system32\localspl.dll
2013-01-13 13:02:02 ----A---- C:\Windows\system32\DWrite.dll
2013-01-13 13:02:02 ----A---- C:\Windows\system32\d3d10warp.dll
2013-01-13 13:02:02 ----A---- C:\Windows\system32\d3d10_1core.dll
2013-01-13 13:02:02 ----A---- C:\Windows\system32\d3d10_1.dll
2013-01-13 13:02:02 ----A---- C:\Windows\system32\d2d1.dll
2013-01-13 13:01:59 ----A---- C:\Windows\system32\drivers\volsnap.sys
2013-01-13 13:01:56 ----A---- C:\Windows\system32\shell32.dll
2013-01-13 12:59:50 ----A---- C:\Windows\system32\tzres.dll
2013-01-13 12:16:12 ----A---- C:\Windows\system32\wups2.dll
2013-01-13 12:16:12 ----A---- C:\Windows\system32\wucltux.dll
2013-01-13 12:16:12 ----A---- C:\Windows\system32\wuaueng.dll
2013-01-13 12:16:12 ----A---- C:\Windows\system32\wuauclt.exe
2013-01-13 12:15:52 ----A---- C:\Windows\system32\wups.dll
2013-01-13 12:15:52 ----A---- C:\Windows\system32\wudriver.dll
2013-01-13 12:15:52 ----A---- C:\Windows\system32\wuapi.dll
2013-01-13 12:15:25 ----A---- C:\Windows\system32\wuwebv.dll
2013-01-13 12:15:25 ----A---- C:\Windows\system32\wuapp.exe

======List of files/folders modified in the last 1 month======

2013-01-28 10:48:27 ----D---- C:\Windows\Prefetch
2013-01-28 10:48:20 ----D---- C:\Windows\Temp
2013-01-28 10:48:15 ----RD---- C:\Program Files
2013-01-28 10:46:16 ----D---- C:\Windows\system32\config
2013-01-28 10:44:22 ----SHD---- C:\System Volume Information
2013-01-28 10:40:23 ----HD---- C:\ProgramData
2013-01-28 10:40:23 ----D---- C:\Windows\system32\drivers
2013-01-28 10:40:19 ----D---- C:\Windows
2013-01-28 10:40:15 ----D---- C:\Windows\system32\Tasks
2013-01-28 10:32:59 ----D---- C:\Users\PC\AppData\Roaming\ICQ
2013-01-28 10:32:58 ----D---- C:\Program Files\Steam
2013-01-28 10:32:37 ----D---- C:\ProgramData\NVIDIA
2013-01-27 20:55:38 ----D---- C:\Users\PC\AppData\Roaming\BitTorrent
2013-01-27 20:53:04 ----D---- C:\Users\PC\AppData\Roaming\Skype
2013-01-26 17:47:19 ----D---- C:\ProgramData\Spybot - Search & Destroy
2013-01-26 15:33:55 ----SHD---- C:\Windows\Installer
2013-01-26 15:33:55 ----D---- C:\ProgramData\Skype
2013-01-26 15:33:47 ----RD---- C:\Program Files\Skype
2013-01-26 15:33:47 ----D---- C:\Program Files\Common Files
2013-01-25 09:21:02 ----D---- C:\Program Files\Common Files\Steam
2013-01-24 18:35:45 ----D---- C:\Windows\System32
2013-01-24 18:35:45 ----D---- C:\Windows\inf
2013-01-24 18:35:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-01-24 11:46:43 ----D---- C:\Windows\system32\catroot2
2013-01-20 13:54:54 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-01-14 10:29:45 ----D---- C:\Windows\rescache
2013-01-14 09:48:35 ----D---- C:\Windows\Microsoft.NET
2013-01-14 09:47:56 ----RSD---- C:\Windows\assembly
2013-01-14 09:18:41 ----D---- C:\Windows\winsxs
2013-01-14 09:16:16 ----D---- C:\Windows\system32\sk-SK
2013-01-14 09:16:14 ----D---- C:\Windows\system32\migration
2013-01-14 09:16:13 ----D---- C:\Program Files\Internet Explorer
2013-01-14 09:16:10 ----D---- C:\Windows\AppPatch
2013-01-14 09:16:09 ----RSD---- C:\Windows\Fonts
2013-01-14 09:16:08 ----D---- C:\Program Files\Windows Journal
2013-01-14 09:16:00 ----D---- C:\Windows\system32\en-US
2013-01-14 09:16:00 ----D---- C:\Windows\system32\drivers\en-US
2013-01-14 09:15:59 ----D---- C:\Windows\system32\wbem
2013-01-14 09:15:54 ----D---- C:\Windows\system32\DriverStore
2013-01-14 09:15:16 ----D---- C:\Program Files\Microsoft Silverlight
2013-01-13 22:34:50 ----D---- C:\Windows\system32\catroot
2013-01-13 22:34:11 ----D---- C:\Program Files\NVIDIA Corporation
2013-01-13 22:30:07 ----D---- C:\ProgramData\Microsoft Help
2013-01-13 22:05:58 ----D---- C:\Windows\debug
2013-01-13 22:04:28 ----A---- C:\Windows\win.ini
2013-01-13 22:04:27 ----D---- C:\Program Files\Common Files\System
2013-01-13 22:01:31 ----D---- C:\Users\PC\AppData\Roaming\AIMP3
2013-01-11 12:10:30 ----A---- C:\Windows\system32\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2012-05-08 137928]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2011-12-15 36000]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-06 242240]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2012-05-08 83392]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\l160x86.sys [2009-07-13 47104]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 VX1000;VX-1000; C:\Windows\system32\DRIVERS\VX1000.sys [2010-05-20 1961072]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2010-04-27 22856]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2010-04-27 15048]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2010-04-27 66632]
S0 Partizan;Partizan; C:\Windows\system32\drivers\Partizan.sys [2013-01-28 35816]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2012-04-08 25280]
S3 mbr;mbr; \??\C:\Users\PC\AppData\Local\Temp\mbr.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2010-04-27 37704]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2010-04-27 31816]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira Realtime Protection; C:\programy...ICQ atd\Avira\AntiVir Desktop\avguard.exe [2012-05-08 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\programy...ICQ atd\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2011-07-20 247872]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2010-05-20 139632]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-10-02 645992]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-10 1258856]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2012-08-23 76888]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2013-01-24 541608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-07 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-11 251400]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-07 136176]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-08 136120]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 30785672]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-01-19 115608]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-03-13 1343400]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

Zdravím, tohle fixni v HJT :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Any Video To DVD DB Toolbar\tbhelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Any Video To DVD DB Toolbar\tbcore3.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Any Video To DVD DB Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Any Video To DVD DB Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Google Update] "C:\Users\PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [beimopx] rundll32 "C:\Users\PC\AppData\Local\beimopx.dll",beimopx
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3384901290-699941994-493446988-1008\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

HJT najdeš zde :

C:\Program Files\trend micro\PC.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :

Google Update Service (gupdate)

Služba Google Update (gupdatem)

Google Updater Service (gusvc)

ICQ Service

NMIndexingService - Nero AG

NVIDIA Update Service Daemon

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.


Přes Odebrat programy odinstaluj ICQ6Toolbar a Spybot - SD který je už za zenitem.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
C:\WINDOWS\System32\tmpDA2.tmp moved successfully.
C:\WINDOWS\System32\tmpDE1.tmp moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
File/Folder C:\Users\PC\AppData\Local\beimopx.dll not found.
File/Folder C:\Users\PC\AppData\Local\Temp\mbr.sys not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\beimopx not found.
========== SERVICES/DRIVERS ==========
Error: No service named mbr was found to stop!
Service\Driver key mbr not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: PC
->Temp folder emptied: 18487911 bytes
->Temporary Internet Files folder emptied: 3850642 bytes
->Java cache emptied: 4860458 bytes
->FireFox cache emptied: 60678390 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 689 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 18349543 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 726 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 101,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 01292013_094737

Files moved on Reboot...
File C:\Users\PC\AppData\Local\Temp\OICE_EC450CD3-7465-42D8-84CA-C5CAF1C45B8E.0\C7326CAD. not found!

Registry entries deleted on Reboot...

Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

ComboFix 13-01-30.04 - PC . 01. 2013 12:49:50.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.2047.1181 [GMT 1:00]
Running from: c:\users\PC\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Any Video To DVD DB Toolbar\tbHElper.dll
c:\programdata\Codecv
c:\programdata\Codecv\background.html
c:\programdata\Codecv\content.js
c:\programdata\Codecv\fofegflgalmdgdkkdcdobcgbdiipfbdh.crx
c:\programdata\Codecv\settings.ini
c:\programdata\Codecv\uninstall.exe
c:\users\Public\Desktop\weather.lnk
c:\windows\7Loader.TAG
.
.
((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-31 )))))))))))))))))))))))))))))))
.
.
2013-01-31 11:56 . 2013-01-31 11:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-30 16:55 . 2013-01-31 11:48 -------- d-----w- C:\Weather
2013-01-29 08:38 . 2013-01-29 08:38 -------- d-----w- c:\program files\CCleaner
2013-01-29 08:22 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9418D3E3-37F1-4B4E-AC8A-AEB1DBAE17E6}\mpengine.dll
2013-01-28 09:48 . 2013-01-29 08:24 -------- d-----w- c:\program files\trend micro
2013-01-28 09:40 . 2013-01-28 10:13 -------- d-----w- c:\programdata\RegRun
2013-01-28 09:40 . 2013-01-28 09:40 2 --shatr- c:\windows\winstart.bat
2013-01-28 09:40 . 2013-01-28 10:13 -------- d-----w- c:\program files\UnHackMe
2013-01-26 14:33 . 2013-01-26 14:33 -------- d-----w- c:\program files\Common Files\Skype
2013-01-13 21:34 . 2012-12-16 14:25 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-01-13 21:34 . 2012-12-16 14:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-01-13 21:12 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-01-13 21:12 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-01-13 21:12 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-01-13 21:11 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-01-13 21:11 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-01-13 21:11 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-01-13 21:11 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-01-13 21:11 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-01-13 21:11 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-01-13 21:11 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-01-13 12:06 . 2012-02-11 05:41 316928 ----a-w- c:\windows\system32\spoolsv.exe
2013-01-13 12:06 . 2012-11-22 09:33 627712 ----a-w- c:\windows\system32\usp10.dll
2013-01-13 12:06 . 2012-11-23 03:06 2344960 ----a-w- c:\windows\system32\win32k.sys
2013-01-13 12:06 . 2012-08-24 17:10 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-01-13 12:06 . 2012-11-02 04:48 376832 ----a-w- c:\windows\system32\dpnet.dll
2013-01-13 12:05 . 2012-11-09 04:49 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-13 12:05 . 2012-06-02 04:45 139264 ----a-w- c:\windows\system32\cryptsvc.dll
2013-01-13 12:05 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\system32\crypt32.dll
2013-01-13 12:05 . 2012-06-02 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-01-13 12:03 . 2012-06-06 05:09 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2013-01-13 12:03 . 2012-05-05 07:44 400896 ----a-w- c:\windows\system32\srcore.dll
2013-01-13 12:03 . 2012-07-04 21:23 41472 ----a-w- c:\windows\system32\browcli.dll
2013-01-13 12:03 . 2012-07-04 21:23 102912 ----a-w- c:\windows\system32\browser.dll
2013-01-13 12:01 . 2012-09-06 16:48 245616 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-01-13 11:59 . 2012-11-09 04:49 2048 ----a-w- c:\windows\system32\tzres.dll
2013-01-13 11:16 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2013-01-13 11:16 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2013-01-13 11:16 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2013-01-13 11:16 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-01-13 11:15 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2013-01-13 11:15 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2013-01-13 11:15 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-01-13 11:15 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-01-13 11:15 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-11 11:10 . 2012-05-02 14:35 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-11 11:10 . 2011-05-15 13:01 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-19 10:58 . 2013-01-19 10:58 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2013-01-12 1354736]
"ICQ"="c:\programy...icq atd\ICQ7.5\ICQ.exe" [2011-08-01 124480]
"DAEMON Tools Lite"="c:\programy...icq atd\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"cfweatherStation"="c:\weather\Weather.exe" [2009-08-17 1189376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
"avgnt"="c:\programy...icq atd\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\programy...icq atd\Avira\AntiVir Desktop\sched.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 11:10]
.
2013-01-31 c:\windows\Tasks\CodecUpdaterTask{B623ED10-4D7E-4AD9-91E2-4A21D181B8EA}.job
- c:\programdata\Codec\Codec.exe [2012-08-28 08:59]
.
2013-01-31 c:\windows\Tasks\GBoxUpdaterTask{3429A4A9-EA88-40A3-B35E-01A85DA96801}.job
- c:\programdata\GBox\GBox.exe [2012-08-28 08:59]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 15:06]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 15:06]
.
2013-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3384901290-699941994-493446988-1000Core.job
- c:\users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-31 19:31]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3384901290-699941994-493446988-1000UA.job
- c:\users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-31 19:31]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programy...icq atd\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.101.254
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\9mvvu9pn.default-1357917134152\
FF - ExtSQL: 2012-12-06 12:16; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2012-12-06 12:16; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2013-01-26 16:24; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\9mvvu9pn.default-1357917134152\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-MSIDLL - msindr32.dll
AddRemove-{2EF17083-57D4-4D64-AE4F-55F32A2C4571} - c:\programdata\Codecv\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\programy...icq atd\Avira\AntiVir Desktop\avguard.exe
c:\programy...icq atd\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\sppsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2013-01-31 13:02:29 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-31 12:02
.
Pre-Run: 127 051 673 600 bytes free
Post-Run: 126 988 857 344 bytes free
.
- - End Of File - - D354CD9C7549117C67A7AF489A8230F8

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

ComboFix 13-01-30.04 - PC . 02. 2013 10:42:59.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.2047.740 [GMT 1:00]
Running from: c:\users\PC\Desktop\ComboFix.exe
Command switches used :: c:\users\PC\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\PC\AppData\Local\beimopx.dll"
"c:\users\PC\AppData\Local\Temp\mbr.sys"
.
.
((((((((((((((((((((((((( Files Created from 2013-01-01 to 2013-02-01 )))))))))))))))))))))))))))))))
.
.
2013-02-01 09:50 . 2013-02-01 09:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-02-01 09:50 . 2013-02-01 09:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-31 11:56 . 2013-02-01 09:50 -------- d-----w- c:\users\PC\AppData\Local\temp
2013-01-31 11:55 . 2013-01-31 11:55 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9418D3E3-37F1-4B4E-AC8A-AEB1DBAE17E6}\offreg.dll
2013-01-30 16:55 . 2013-02-01 09:41 -------- d-----w- C:\Weather
2013-01-29 08:38 . 2013-01-29 08:38 -------- d-----w- c:\program files\CCleaner
2013-01-29 08:22 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9418D3E3-37F1-4B4E-AC8A-AEB1DBAE17E6}\mpengine.dll
2013-01-28 09:48 . 2013-01-29 08:24 -------- d-----w- c:\program files\trend micro
2013-01-28 09:40 . 2013-01-28 10:13 -------- d-----w- c:\programdata\RegRun
2013-01-28 09:40 . 2013-01-28 09:40 2 --shatr- c:\windows\winstart.bat
2013-01-28 09:40 . 2013-01-28 10:13 -------- d-----w- c:\program files\UnHackMe
2013-01-26 14:33 . 2013-01-26 14:33 -------- d-----w- c:\program files\Common Files\Skype
2013-01-13 21:34 . 2012-12-16 14:25 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-01-13 21:34 . 2012-12-16 14:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-01-13 21:12 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-01-13 21:12 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-01-13 21:12 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-01-13 21:11 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-01-13 21:11 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-01-13 21:11 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-01-13 21:11 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-01-13 21:11 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-01-13 21:11 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-01-13 21:11 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-01-13 12:06 . 2012-02-11 05:41 316928 ----a-w- c:\windows\system32\spoolsv.exe
2013-01-13 12:06 . 2012-11-22 09:33 627712 ----a-w- c:\windows\system32\usp10.dll
2013-01-13 12:06 . 2012-11-23 03:06 2344960 ----a-w- c:\windows\system32\win32k.sys
2013-01-13 12:06 . 2012-08-24 17:10 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-01-13 12:06 . 2012-11-02 04:48 376832 ----a-w- c:\windows\system32\dpnet.dll
2013-01-13 12:05 . 2012-11-09 04:49 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-13 12:05 . 2012-06-02 04:45 139264 ----a-w- c:\windows\system32\cryptsvc.dll
2013-01-13 12:05 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\system32\crypt32.dll
2013-01-13 12:05 . 2012-06-02 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-01-13 12:03 . 2012-06-06 05:09 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2013-01-13 12:03 . 2012-05-05 07:44 400896 ----a-w- c:\windows\system32\srcore.dll
2013-01-13 12:03 . 2012-07-04 21:23 41472 ----a-w- c:\windows\system32\browcli.dll
2013-01-13 12:03 . 2012-07-04 21:23 102912 ----a-w- c:\windows\system32\browser.dll
2013-01-13 12:01 . 2012-09-06 16:48 245616 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-01-13 11:59 . 2012-11-09 04:49 2048 ----a-w- c:\windows\system32\tzres.dll
2013-01-13 11:16 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2013-01-13 11:16 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2013-01-13 11:16 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2013-01-13 11:16 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-01-13 11:15 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2013-01-13 11:15 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2013-01-13 11:15 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-01-13 11:15 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-01-13 11:15 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-11 11:10 . 2012-05-02 14:35 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-11 11:10 . 2011-05-15 13:01 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-19 10:58 . 2013-01-19 10:58 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2013-01-12 1354736]
"ICQ"="c:\programy...icq atd\ICQ7.5\ICQ.exe" [2011-08-01 124480]
"DAEMON Tools Lite"="c:\programy...icq atd\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"cfweatherStation"="c:\weather\Weather.exe" [2009-08-17 1189376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
"avgnt"="c:\programy...icq atd\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\programy...icq atd\Avira\AntiVir Desktop\sched.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 11:10]
.
2013-02-01 c:\windows\Tasks\CodecUpdaterTask{B623ED10-4D7E-4AD9-91E2-4A21D181B8EA}.job
- c:\programdata\Codec\Codec.exe [2012-08-28 08:59]
.
2013-02-01 c:\windows\Tasks\GBoxUpdaterTask{3429A4A9-EA88-40A3-B35E-01A85DA96801}.job
- c:\programdata\GBox\GBox.exe [2012-08-28 08:59]
.
2013-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 15:06]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 15:06]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3384901290-699941994-493446988-1000Core.job
- c:\users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-31 19:31]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3384901290-699941994-493446988-1000UA.job
- c:\users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-31 19:31]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programy...icq atd\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.101.254
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\9mvvu9pn.default-1357917134152\
FF - ExtSQL: 2012-12-06 12:16; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2012-12-06 12:16; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2013-01-26 16:24; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\9mvvu9pn.default-1357917134152\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
Completion time: 2013-02-01 10:53:13
ComboFix-quarantined-files.txt 2013-02-01 09:53
ComboFix2.txt 2013-01-31 12:02
.
Pre-Run: 126 805 434 368 bytes free
Post-Run: 126 509 002 752 bytes free
.
- - End Of File - - E872AC0D92DF1BA2F93BC79390285960

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Pak dej vědět jaký je stav PC.

PC celkovo štartuje rýchlejšie, pri štarte PC už nevyskakujú dialógové okná s chybou.
Všetko sa zdá v norme.

Ďakujem za Váš čas

Není zač a