VIRY.CZ

Dobrý den. Kamarádovo PC bylo napadeno tímto virem. PC jsem obnovil a vir zmizel. Prosím o dočištění. Děkuji.

Logfile of random's system information tool 1.09 (written by random/random)
Run by TOP COMPUTERS at 2013-04-14 18:04:11
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 150 GB (49%) free of 305 GB
Total RAM: 2046 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:04:28, on 14.4.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Data aplikací\Premium\ContinueToSave\ContinueToSave.exe
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Documents and Settings\All Users\Data aplikací\bProtectorForWindows\2.0.392.106\bProtect.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Documents and Settings\All Users\Data aplikací\bProtectorForWindows\2.0.392.106\bProtect.exe
C:\Program Files\DefaultTab\DefaultTabSearch.exe
C:\Documents and Settings\TOP COMPUTERS\Data aplikací\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\TOP COMPUTERS\Plocha\cureit.exe
c:\documents and settings\top computers\local settings\temp\5EFCAAF4-F643F1E2-57DDC1A2-38DC7E8C\1ra5q33b.exe
c:\documents and settings\top computers\local settings\temp\5EFCAAF4-F643F1E2-57DDC1A2-38DC7E8C\plrrt68n.exe
c:\documents and settings\top computers\local settings\temp\5EFCAAF4-F643F1E2-57DDC1A2-38DC7E8C\ewsah3wm.exe
C:\Program Files\TeamViewer\Version4\TeamViewer.exe
C:\Documents and Settings\TOP COMPUTERS\Plocha\RSIT.exe
C:\Program Files\trend micro\TOP COMPUTERS.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=6&barid={CC ... 9DD29CB0E8}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - "C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll" (file missing)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: InnoGames International Toolbar - {942cd1d4-9cc1-4d31-876a-ea8f489f7a59} - C:\Program Files\InnoGames_International\prxtbInn0.dll
R3 - URLSearchHook: ST-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\prxtbHot2.dll
R3 - URLSearchHook: aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files\atube\atubeX.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: Seekmo /fleok=1D8A83A5C2ED127E9DAB6C2A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O2 - BHO: BFlix - {0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} - C:\Program Files\BFlix\BFlix.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ShoppingReport2 - {258C9770-1713-4021-8D7E-1F184A2BD754} - (no file)
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
O2 - BHO: ST-Eng7 - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll
O2 - BHO: Ask Shopping Toolbar BHO - {4154552D-5341-5400-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\ATU-SAT\Passport.dll" (file missing)
O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\TOP COMPUTERS\Data aplikací\DefaultTab\DefaultTab\DefaultTabBHO.dll
O2 - BHO: continuetosave - {8965F9FE-2A1E-B096-C9CF-1A50B4A8A53F} - C:\Documents and Settings\All Users\Data aplikací\continuetosave\50e96b34a386b.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: InnoGames International - {942cd1d4-9cc1-4d31-876a-ea8f489f7a59} - C:\Program Files\InnoGames_International\prxtbInn0.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: BrouwsEe2save - {B6429CB6-9A3C-7FDC-6B32-4FD884240640} - C:\Documents and Settings\All Users\Data aplikací\BrouwsEe2save\515fdc4a2861c.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll
O2 - BHO: aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files\atube\atubeX.dll
O2 - BHO: Hotspot Shield - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\prxtbHot2.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.5.24.3\bh\Softonic.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: InnoGames International Toolbar - {942cd1d4-9cc1-4d31-876a-ea8f489f7a59} - C:\Program Files\InnoGames_International\prxtbInn0.dll
O3 - Toolbar: ST-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll
O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\prxtbHot2.dll
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.5.24.3\SoftonicTlbr.dll
O3 - Toolbar: aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files\atube\atubeX.dll
O3 - Toolbar: Ask Shopping Toolbar - {4154552D-5341-5400-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\ATU-SAT\Passport.dll" (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [LogitechSetup] D:\Setup\Setup.exe /start /restart /l:enu
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\NOVSLO~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9394742062
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\docume~1\alluse~1\dataap~1\bprote~1\20392~1.106\protec~1.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: bProtector - bProtector - C:\Documents and Settings\All Users\Data aplikací\bProtectorForWindows\2.0.392.106\bProtect.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: DefaultTabSearch - Unknown owner - C:\Program Files\DefaultTab\DefaultTabSearch.exe
O23 - Service: DefaultTabUpdate - Unknown owner - C:\Documents and Settings\TOP COMPUTERS\Data aplikací\DefaultTab\DefaultTab\DTUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ScanQuery Service - Unknown owner - C:\Documents and Settings\All Users\Data aplikací\ScanQuery\scanquery131.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UltiDev Cassini Web Server for ASP.NET 2.0 - UltiDev LLC - C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 17088 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\ContinueToSaveUpdaterTask{2497440E-B5FB-4133-8E0C-355B66E82007}.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-1788223648-839522115-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-1788223648-839522115-1004.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\SmartPCFix Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E}]
BFlix Class - C:\Program Files\BFlix\BFlix.dll [2011-12-30 167936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{258C9770-1713-4021-8D7E-1F184A2BD754}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
ST-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\prxtbSof2.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4154552D-5341-5400-76A7-7A786E7484D7}]
Ask Shopping Toolbar - C:\Program Files\AskPartnerNetwork\Toolbar\ATU-SAT\Passport.dll [2013-02-15 13448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}]
Incredibar.com Helper Object - C:\Program Files\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll [2011-11-28 268800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]
DefaultTab Browser Helper - C:\Documents and Settings\TOP COMPUTERS\Data aplikací\DefaultTab\DefaultTab\DefaultTabBHO.dll [2013-01-03 430712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8965F9FE-2A1E-B096-C9CF-1A50B4A8A53F}]
continuetosave - C:\Documents and Settings\All Users\Data aplikací\continuetosave\50e96b34a386b.dll [2013-01-06 118272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}]
InnoGames International Toolbar - C:\Program Files\InnoGames_International\prxtbInn0.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-03-19 4529272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6429CB6-9A3C-7FDC-6B32-4FD884240640}]
BrouwsEe2save - C:\Documents and Settings\All Users\Data aplikací\BrouwsEe2save\515fdc4a2861c.dll [2013-04-06 118272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\prxtbuTo2.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bfc39e47-d643-4dc2-aa1d-61377501c844}]
aTube Toolbar - C:\Program Files\atube\atubeX.dll [2011-10-31 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
Hotspot Shield Toolbar - C:\Program Files\Hotspot_Shield\prxtbHot2.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-11-15 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
Softonic Helper Object - C:\Program Files\Softonic\Softonic\1.5.24.3\bh\Softonic.dll [2012-05-29 244840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetPacks Browser Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-07-04 1310040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046}
{07AA283A-43D7-4CBE-A064-32A21112D94D}
{D4027C7F-154A-4066-A1AD-4243D8127440}
{942cd1d4-9cc1-4d31-876a-ea8f489f7a59} - InnoGames International Toolbar - C:\Program Files\InnoGames_International\prxtbInn0.dll [2011-05-09 176936]
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - ST-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\prxtbSof2.dll [2011-05-09 176936]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\prxtbuTo2.dll [2011-05-09 176936]
{F9639E4A-801B-4843-AEE3-03D9DA199E77} - Incredibar Toolbar - C:\Program Files\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll [2011-11-28 269312]
{c95a4e8e-816d-4655-8c79-d736da1adb6d} - Hotspot Shield Toolbar - C:\Program Files\Hotspot_Shield\prxtbHot2.dll [2011-05-09 176936]
{98889811-442D-49dd-99D7-DC866BE87DBC}
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetPacks Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-07-04 1310040]
{5018CFD2-804D-4C99-9F81-25EAEA2769DE} - Softonic Toolbar - C:\Program Files\Softonic\Softonic\1.5.24.3\SoftonicTlbr.dll [2012-05-29 253032]
{bfc39e47-d643-4dc2-aa1d-61377501c844} - aTube Toolbar - C:\Program Files\atube\atubeX.dll [2011-10-31 81920]
{4154552D-5341-5400-76A7-7A786E7484D7} - Ask Shopping Toolbar - C:\Program Files\AskPartnerNetwork\Toolbar\ATU-SAT\Passport.dll [2013-02-15 13448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-03 16841216]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2010-03-25 2516296]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-03-07 4767304]
"ApnTBMon"=C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2013-02-15 1483912]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2013-04-04 532040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LogitechSetup"=D:\Setup\Setup.exe /start /restart /l:enu []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-07-13 17418928]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-11-26 1057064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\docume~1\alluse~1\dataap~1\bprote~1\20392~1.106\protec~1.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Documents and Settings\TOP COMPUTERS\Local Settings\Temp\Nero Web\SetupXu.exe"="C:\Documents and Settings\TOP COMPUTERS\Local Settings\Temp\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\FlatOut2\FlatOut2.exe"="C:\Program Files\FlatOut2\FlatOut2.exe:*:Disabled:FlatOut2"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe:*:Enabled:BlueSoleil"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\Electronic Arts\Need for Speed Carbon\NFSC.exe"="C:\Program Files\Electronic Arts\Need for Speed Carbon\NFSC.exe:*:Disabled:NFSC"
"C:\Documents and Settings\TOP COMPUTERS\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\TOP COMPUTERS\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\ZAV_DEMO\New Folder\server.exe"="C:\ZAV_DEMO\New Folder\server.exe:*:Enabled:ServerEmuUbi"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Disabled:Half-Life Launcher"
"C:\Program Files\NBA 2K10 RePack by Chikatila\nba2k10.exe"="C:\Program Files\NBA 2K10 RePack by Chikatila\nba2k10.exe:*:Disabled:2K Sports NBA 2K10"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Counter-Strike 1.6 Standalone\launcher.exe"="C:\Program Files\Counter-Strike 1.6 Standalone\launcher.exe:*:Enabled:Creted by Martin.cz"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup"
"C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe"="C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager"
"C:\Documents and Settings\TOP COMPUTERS\Plocha\WALKER\CS--Source\hl2.exe"="C:\Documents and Settings\TOP COMPUTERS\Plocha\WALKER\CS--Source\hl2.exe:*:Disabled:hl2"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe"="C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe:*:Disabled:Assassin's Creed Brotherhood Multiplayer"
"C:\Program Files\Ubisoft\Assassin's Creed Revelations\ACRMP.exe"="C:\Program Files\Ubisoft\Assassin's Creed Revelations\ACRMP.exe:*:Disabled:Assassin's Creed Revelations Multiplayer"
"C:\Program Files\Farming Simulator 2011\game.exe"="C:\Program Files\Farming Simulator 2011\game.exe:*:Disabled:Farming Simulator 2011"
"C:\Program Files\Farming Simulator 2011\FarmingSimulator2011.exe"="C:\Program Files\Farming Simulator 2011\FarmingSimulator2011.exe:*:Disabled:Farming Simulator 2011"
"C:\Program Files\Farming Simulator 2011 Demo\game.exe"="C:\Program Files\Farming Simulator 2011 Demo\game.exe:*:Disabled:Farming Simulator 2011 Demo"
"C:\Program Files\Farming Simulator 2011 Demo\FarmingSimulator2011.exe"="C:\Program Files\Farming Simulator 2011 Demo\FarmingSimulator2011.exe:*:Disabled:Farming Simulator 2011 Demo"
"C:\Counter-Strike 1.6\csko.exe"="C:\Counter-Strike 1.6\csko.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe"="C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\WINDOWS\KMSEmulator.exe"="C:\WINDOWS\KMSEmulator.exe:*:Enabled:KMSEmulator"
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe"="C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe"="C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe:LocalSubNet:Enabled:UltiDev Cassini Web Server for ASP.NET 2.0"
"C:\Documents and Settings\TOP COMPUTERS\Plocha\WALKER\CS\CS--Source\hl2.exe"="C:\Documents and Settings\TOP COMPUTERS\Plocha\WALKER\CS\CS--Source\hl2.exe:*:Disabled:hl2"
"C:\Program Files\atube\dtUser.exe"="C:\Program Files\atube\dtUser.exe:*:Enabled:aTube Toolbar DTX Broker"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=lvcodec2.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo"=vfwwdm32.dll
"MSVideo8"=VfWWDM32.dll
"vidc.XVID"=xvidvfw.dll
"msacm.vorbis"=vorbis.acm
"VIDC.FMVC"=fmcodec.dll
"msacm.dvacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"=C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

======List of files/folders created in the last 1 month======

2013-04-14 18:04:13 ----D---- C:\Program Files\trend micro
2013-04-14 18:04:11 ----D---- C:\rsit
2013-04-14 17:11:04 ----D---- C:\Documents and Settings\TOP COMPUTERS\Data aplikací\Malwarebytes
2013-04-14 17:10:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-04-14 17:10:49 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2013-04-14 17:10:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-04-14 16:52:51 ----A---- C:\WINDOWS\system32\drivers\aswVmm.sys
2013-04-14 16:52:50 ----A---- C:\WINDOWS\system32\drivers\aswRvrt.sys
2013-04-14 16:52:50 ----A---- C:\WINDOWS\system32\drivers\aswMonFlt.sys
2013-04-14 15:48:10 ----D---- C:\Registr
2013-04-14 15:47:51 ----D---- C:\Program Files\CCleaner
2013-04-14 15:45:00 ----D---- C:\Documents and Settings\TOP COMPUTERS\Data aplikací\Thinstall
2013-04-14 15:31:43 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2013-04-14 15:04:24 ----A---- C:\Documents and Settings\All Users\Data aplikací\b0hb.js
2013-04-11 17:59:30 ----A---- C:\Documents and Settings\All Users\Data aplikací\bh0b.dat
2013-04-11 07:19:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2808735$
2013-04-11 07:19:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2820917$
2013-04-11 07:15:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2813345$
2013-04-11 07:14:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2813170$
2013-04-07 07:59:00 ----D---- C:\BMW M3 Challenge
2013-04-06 09:51:48 ----D---- C:\Documents and Settings\TOP COMPUTERS\Data aplikací\Systweak
2013-04-06 09:51:30 ----A---- C:\WINDOWS\system32\roboot.exe
2013-04-06 09:50:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\BrouwsEe2save
2013-03-31 14:40:20 ----D---- C:\Program Files\Microsoft XNA
2013-03-21 22:07:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2807986$
2013-03-16 08:23:40 ----D---- C:\Program Files\Common Files\Adobe AIR
2013-03-15 19:32:48 ----D---- C:\Program Files\Common Files\InterVideo
2013-03-15 19:32:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\InterVideo
2013-03-15 19:32:39 ----A---- C:\WINDOWS\system32\IVIresizeW7.dll
2013-03-15 19:32:39 ----A---- C:\WINDOWS\system32\IVIresizePX.dll
2013-03-15 19:32:39 ----A---- C:\WINDOWS\system32\IVIresizeP6.dll
2013-03-15 19:32:39 ----A---- C:\WINDOWS\system32\IVIresizeM6.dll
2013-03-15 19:32:38 ----A---- C:\WINDOWS\system32\IVIresizeA6.dll
2013-03-15 19:32:38 ----A---- C:\WINDOWS\system32\IVIresize.dll
2013-03-15 19:31:46 ----D---- C:\Program Files\Windows Media Components
2013-03-15 19:30:19 ----D---- C:\Program Files\Common Files\Ulead Systems
2013-03-15 19:30:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\Ulead Systems
2013-03-15 17:31:10 ----D---- C:\My Videos
2013-03-15 17:30:58 ----D---- C:\Documents and Settings\TOP COMPUTERS\Data aplikací\aHisoft
2013-03-15 17:30:29 ----D---- C:\Program Files\aHisoft
2013-03-15 17:29:36 ----D---- C:\Documents and Settings\TOP COMPUTERS\Data aplikací\SmartPCFix
2013-03-15 17:27:38 ----D---- C:\Documents and Settings\TOP COMPUTERS\Data aplikací\GetRightToGo
2013-03-15 17:22:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\YTD Video Downloader
2013-03-15 17:22:28 ----D---- C:\Program Files\GreenTree Applications

======List of files/folders modified in the last 1 month======

2013-04-14 18:04:13 ----RD---- C:\Program Files
2013-04-14 18:00:03 ----D---- C:\WINDOWS\system32\drivers
2013-04-14 17:16:58 ----D---- C:\WINDOWS\Temp
2013-04-14 17:15:28 ----D---- C:\WINDOWS\system32\config
2013-04-14 17:15:23 ----D---- C:\WINDOWS\system32\CatRoot2
2013-04-14 17:07:33 ----SHD---- C:\WINDOWS\Installer
2013-04-14 17:07:33 ----SHD---- C:\Config.Msi
2013-04-14 17:06:19 ----D---- C:\WINDOWS\Debug
2013-04-14 17:06:19 ----D---- C:\WINDOWS
2013-04-14 17:00:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2013-04-14 17:00:34 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-04-14 16:54:15 ----N---- C:\WINDOWS\SchedLgU.Txt
2013-04-14 16:52:50 ----SD---- C:\WINDOWS\Tasks
2013-04-14 16:33:57 ----D---- C:\WINDOWS\system32
2013-04-14 16:31:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2013-04-14 16:31:44 ----HD---- C:\WINDOWS\inf
2013-04-14 16:31:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-04-14 16:31:37 ----D---- C:\Program Files\Internet Explorer
2013-04-14 16:27:26 ----A---- C:\WINDOWS\system32\MRT.exe
2013-04-14 16:24:02 ----D---- C:\Documents and Settings\TOP COMPUTERS\Data aplikací\uTorrent
2013-04-14 16:22:05 ----D---- C:\WINDOWS\Logs
2013-04-14 16:22:04 ----D---- C:\WINDOWS\Minidump
2013-04-14 15:54:31 ----D---- C:\Program Files\Start-Q
2013-04-14 15:31:35 ----D---- C:\WINDOWS\system32\CatRoot
2013-04-14 15:25:32 ----D---- C:\WINDOWS\system32\wbem
2013-04-14 15:25:31 ----D---- C:\WINDOWS\Registration
2013-04-14 15:04:11 ----D---- C:\Documents and Settings
2013-04-11 07:20:26 ----HD---- C:\WINDOWS\$hf_mig$
2013-04-10 20:41:28 ----D---- C:\WINDOWS\Prefetch
2013-04-09 16:30:45 ----D---- C:\Documents and Settings\TOP COMPUTERS\Data aplikací\Skype
2013-04-08 19:19:41 ----A---- C:\WINDOWS\NeroDigital.ini
2013-04-06 09:50:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\InstallMate
2013-04-05 21:29:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
2013-04-05 13:54:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2013-04-05 13:54:40 ----RD---- C:\Program Files\Skype
2013-03-31 14:44:01 ----D---- C:\WINDOWS\system32\en-US
2013-03-31 14:43:59 ----D---- C:\WINDOWS\Microsoft.NET
2013-03-31 14:40:48 ----RSD---- C:\WINDOWS\assembly
2013-03-31 14:40:47 ----D---- C:\WINDOWS\system32\DirectX
2013-03-31 14:40:21 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-03-31 08:54:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-03-16 09:48:45 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2013-03-16 08:24:24 ----D---- C:\Documents and Settings\TOP COMPUTERS\Data aplikací\Adobe
2013-03-16 08:24:19 ----D---- C:\Program Files\Common Files\Adobe
2013-03-16 08:23:44 ----D---- C:\Program Files\Adobe
2013-03-16 08:23:40 ----D---- C:\Program Files\Common Files
2013-03-16 08:22:46 ----D---- C:\WINDOWS\WinSxS
2013-03-15 19:32:37 ----HD---- C:\Program Files\InstallShield Installation Information
2013-03-15 19:31:35 ----RSD---- C:\WINDOWS\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-03-07 49248]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 43008]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2013-03-07 49760]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-03-07 765736]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-03-07 368176]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-03-07 62376]
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-11-26 36776]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-11-26 38440]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-03-07 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2010-03-22 50704]
R3 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-03-07 164736]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-05 4611072]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-06-28 45824]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-06-28 20480]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-11-26 118952]
S0 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\Drivers\vbtenum.sys []
S0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-03-06 1669664]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-03-06 2261792]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-03-07 41376]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2007-03-07 491168]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SQTECH905C;DualCamera; C:\WINDOWS\System32\Drivers\Capt905c.sys [2006-01-26 34686]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 taphss;Anchorfree HSS Adapter; C:\WINDOWS\system32\DRIVERS\taphss.sys [2011-11-23 32768]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 APNMCP;Ask Update Service; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-02-15 169096]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-03-07 45248]
R2 bProtector;bProtector; C:\Documents and Settings\All Users\Data aplikací\bProtectorForWindows\2.0.392.106\bProtect.exe [2012-05-12 1441784]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 DefaultTabSearch;DefaultTabSearch; C:\Program Files\DefaultTab\DefaultTabSearch.exe [2013-02-11 572928]
R2 DefaultTabUpdate;DefaultTabUpdate; C:\Documents and Settings\TOP COMPUTERS\Data aplikací\DefaultTab\DefaultTab\DTUpdate.exe [2012-10-18 107520]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2010-04-05 116104]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-11-26 1554728]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2012-11-15 161768]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-07-11 75136]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
R2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-03-19 3289208]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\PROGRA~1\SPYWAR~1\sp_rsser.exe [2008-05-22 924672]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2007-03-03 67056]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0; C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2012-10-17 49152]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe []
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-03-06 105248]
S2 ScanQuery Service;ScanQuery Service; C:\Documents and Settings\All Users\Data aplikací\ScanQuery\scanquery131.exe [2011-05-20 40960]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-14 256904]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 30785672]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-11-28 800040]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UPnPService;UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]

-----------------EOF-----------------

Zdravím!
Poprosím o log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Přikládám log

ComboFix 13-04-14.01 - TOP COMPUTERS 14.04.2013 18:46:35.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1367 [GMT 2:00]
Spuštěný z: c:\documents and settings\TOP COMPUTERS\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\TOP COMPUTERS\WINDOWS
c:\program files\BasicScan
c:\program files\BasicScan\uninstall.exe
c:\program files\BFlix\BFLIx.dll
c:\program files\Incredibar.com
c:\program files\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll
c:\program files\Incredibar.com\incredibar\1.5.3.27\incredibar.crx
c:\program files\Incredibar.com\incredibar\1.5.3.27\incredibarApp.dll
c:\program files\Incredibar.com\incredibar\1.5.3.27\incredibarEng.dll
c:\program files\Incredibar.com\incredibar\1.5.3.27\incredibarsrv.exe
c:\program files\Incredibar.com\incredibar\1.5.3.27\inCRedibartlbr.dll
c:\program files\Incredibar.com\incredibar\1.5.3.27\uninstall.exe
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome\basicscan.jar
c:\program files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\install.rdf
c:\program files\ScanQuery
c:\program files\ScanQuery\scanquery.exe
c:\program files\ScanQuery\uninstall.exe
C:\Thumbs.db
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\roboot.exe
c:\windows\system32\SETE4.tmp
c:\windows\system32\SETE9.tmp
c:\windows\system32\SETF0.tmp
c:\windows\system32\WinSys.exe
c:\windows\UA000079.DLL
c:\windows\unin0405.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BASICSCAN_SERVICE
-------\Legacy_DEFAULTTABSEARCH
-------\Legacy_SCANQUERY_SERVICE
-------\Service_DefaultTabSearch
-------\Service_ScanQuery Service
-------\Legacy_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-14 do 2013-04-14 )))))))))))))))))))))))))))))))
.
.
2013-04-14 16:04 . 2013-04-14 16:04 -------- d-----w- c:\program files\trend micro
2013-04-14 16:04 . 2013-04-14 16:04 -------- d-----w- C:\rsit
2013-04-14 15:15 . 2013-04-14 15:15 -------- d-----w- c:\documents and settings\TOP COMPUTERS\Doctor Web
2013-04-14 15:11 . 2013-04-14 15:11 -------- d-----w- c:\documents and settings\TOP COMPUTERS\Data aplikací\Malwarebytes
2013-04-14 15:10 . 2013-04-14 15:10 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-04-14 15:10 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-14 15:10 . 2013-04-14 15:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-14 14:52 . 2013-03-06 22:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-04-14 14:52 . 2013-03-06 22:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-04-14 14:52 . 2013-03-06 22:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-04-14 13:48 . 2013-04-14 13:49 -------- d-----w- C:\Registr
2013-04-14 13:47 . 2013-04-14 13:47 -------- d-----w- c:\program files\CCleaner
2013-04-14 13:45 . 2013-04-14 13:45 -------- d-----w- c:\documents and settings\TOP COMPUTERS\Data aplikací\Thinstall
2013-04-14 13:31 . 2001-10-24 09:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2013-04-14 13:31 . 2001-10-24 09:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-04-14 13:25 . 2013-04-14 13:25 -------- d-----w- c:\windows\system32\wbem\Repository
2013-04-14 13:04 . 2013-04-14 13:04 3023 ----a-w- c:\documents and settings\All Users\Data aplikací\b0hb.js
2013-04-14 13:04 . 2013-04-14 13:19 -------- d-s---w- c:\documents and settings\Administrator
2013-04-11 15:59 . 2013-04-11 15:59 133632 ----a-w- c:\documents and settings\All Users\Data aplikací\bh0b.dat
2013-04-07 05:59 . 2013-04-07 06:00 -------- d-----w- C:\BMW M3 Challenge
2013-04-06 07:51 . 2013-04-06 07:57 -------- d-----w- c:\documents and settings\TOP COMPUTERS\Data aplikací\Systweak
2013-04-06 07:50 . 2013-04-06 07:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\BrouwsEe2save
2013-03-31 12:40 . 2013-03-31 12:40 -------- d-----w- c:\program files\Microsoft XNA
2013-03-21 17:44 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-21 17:44 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-19 20:30 . 2013-03-19 20:30 6066296 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-03-16 06:23 . 2013-04-14 15:07 -------- d-----w- c:\program files\Common Files\Adobe AIR
2013-03-15 17:32 . 2013-03-15 17:32 -------- d-----w- c:\program files\Common Files\InterVideo
2013-03-15 17:32 . 2013-03-15 17:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\InterVideo
2013-03-15 17:32 . 2007-03-06 10:58 210456 ----a-w- c:\windows\system32\IVIresizeW7.dll
2013-03-15 17:32 . 2007-03-06 10:58 194072 ----a-w- c:\windows\system32\IVIresizePX.dll
2013-03-15 17:32 . 2007-03-06 10:58 198168 ----a-w- c:\windows\system32\IVIresizeP6.dll
2013-03-15 17:32 . 2007-03-06 10:58 198168 ----a-w- c:\windows\system32\IVIresizeM6.dll
2013-03-15 17:32 . 2007-03-06 10:58 206360 ----a-w- c:\windows\system32\IVIresizeA6.dll
2013-03-15 17:32 . 2007-03-06 10:58 26136 ----a-w- c:\windows\system32\IVIresize.dll
2013-03-15 17:32 . 2000-01-04 05:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2013-03-15 17:31 . 2013-03-15 17:31 -------- d-----w- c:\program files\Windows Media Components
2013-03-15 17:30 . 2013-03-15 17:31 -------- d-----w- c:\program files\Common Files\Ulead Systems
2013-03-15 17:30 . 2013-03-15 17:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ulead Systems
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-14 15:00 . 2012-06-20 16:19 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-14 15:00 . 2011-09-04 18:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 08:36 . 2006-03-02 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2006-03-02 12:00 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 15:56 . 2004-08-17 15:45 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-06 22:33 . 2011-02-28 12:32 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 22:33 . 2011-02-28 12:32 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 22:33 . 2008-05-22 11:10 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 22:33 . 2008-05-22 11:10 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 22:33 . 2008-05-22 11:10 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 22:32 . 2011-02-28 12:31 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 22:32 . 2008-05-22 11:10 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-02 02:08 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:08 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:08 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:57 . 2006-03-02 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:58 . 2008-03-25 16:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-04-13 18:56 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2006-03-02 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:15 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet(3).dll
2013-02-05 20:15 . 2006-03-02 12:00 1212928 ----a-w- c:\windows\system32\urlmon(3).dll
2013-02-05 20:15 . 2006-03-02 12:00 105984 ----a-w- c:\windows\system32\url(3).dll
2013-01-26 03:55 . 2006-03-02 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{D8278076-BC68-4484-9233-6E7F1628B56C}"= "c:\program files\AskPartnerNetwork\Toolbar\searchhook.dll" [2013-02-15 130696]
"{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}"= "c:\program files\InnoGames_International\prxtbInn0.dll" [2011-05-09 176936]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-05-09 176936]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\prxtbHot2.dll" [2011-05-09 176936]
"{bfc39e47-d643-4dc2-aa1d-61377501c844}"= "c:\program files\atube\atubeX.dll" [2011-10-31 81920]
.
[HKEY_CLASSES_ROOT\clsid\{d8278076-bc68-4484-9233-6e7f1628b56c}]
[HKEY_CLASSES_ROOT\TypeLib\{7C4EE486-5EA5-4683-8C23-BF520933BB5E}]
.
[HKEY_CLASSES_ROOT\clsid\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
.
[HKEY_CLASSES_ROOT\clsid\{bfc39e47-d643-4dc2-aa1d-61377501c844}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Softonic-Eng7\prxtbSof2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{4154552D-5341-5400-76A7-7A786E7484D7}]
2013-02-15 02:39 13448 ----a-w- c:\program files\AskPartnerNetwork\Toolbar\ATU-SAT\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{8965F9FE-2A1E-B096-C9CF-1A50B4A8A53F}]
2013-01-06 12:16 118272 ----a-w- c:\documents and settings\All Users\Data aplikací\continuetosave\50e96b34a386b.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}]
2011-05-09 09:49 176936 ----a-w- c:\program files\InnoGames_International\prxtbInn0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{B6429CB6-9A3C-7FDC-6B32-4FD884240640}]
2013-04-06 08:26 118272 ----a-w- c:\documents and settings\All Users\Data aplikací\BrouwsEe2save\515fdc4a2861c.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{bfc39e47-d643-4dc2-aa1d-61377501c844}]
2011-10-31 11:02 81920 ----a-w- c:\program files\atube\atubeX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Hotspot_Shield\prxtbHot2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}"= "c:\program files\InnoGames_International\prxtbInn0.dll" [2011-05-09 176936]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-05-09 176936]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\prxtbHot2.dll" [2011-05-09 176936]
"{bfc39e47-d643-4dc2-aa1d-61377501c844}"= "c:\program files\atube\atubeX.dll" [2011-10-31 81920]
"{4154552D-5341-5400-76A7-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\ATU-SAT\Passport.dll" [2013-02-15 13448]
.
[HKEY_CLASSES_ROOT\clsid\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
.
[HKEY_CLASSES_ROOT\clsid\{bfc39e47-d643-4dc2-aa1d-61377501c844}]
.
[HKEY_CLASSES_ROOT\clsid\{4154552d-5341-5400-76a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{942CD1D4-9CC1-4D31-876A-EA8F489F7A59}"= "c:\program files\InnoGames_International\prxtbInn0.dll" [2011-05-09 176936]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-05-09 176936]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\prxtbHot2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"ApnTBMon"="c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-02-15 1483912]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-11-26 12:54 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-06-28 16:43 8466432 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-06-28 16:43 1626112 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 13:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\SweetIM\\Communicator\\SweetPacksUpdateManager.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Counter-Strike 1.6\\csko.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\WINDOWS\\KMSEmulator.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Documents and Settings\\TOP COMPUTERS\\Plocha\\WALKER\\CS\\CS--Source\\hl2.exe"=
"c:\\Program Files\\atube\\dtUser.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [14.4.2013 16:52 49248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28.2.2011 14:32 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [22.5.2008 13:10 368176]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [22.5.2008 13:05 135936]
R2 APNMCP;Ask Update Service;c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe [15.2.2013 4:39 169096]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.5.2008 13:10 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [14.4.2013 16:52 66336]
R2 bProtector;bProtector;c:\documents and settings\All Users\Data aplikací\bProtectorForWindows\2.0.392.106\bProtect.exe [12.5.2012 12:13 1441784]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 18:33 50704]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [19.3.2013 22:26 3289208]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\ULTIDEVCASSINWEBSERVER2A.EXE [8.2.2007 1:06 49152]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe --> c:\program files\ICQ6Toolbar\ICQ Service.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [14.4.2013 16:52 164736]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096]
S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [5.1.2010 17:25 544768]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 12:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 15:00]
.
2013-04-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2013-04-14 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-04-14 22:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/ig
mStart Page = hxxp://home.sweetim.com/?st=6&barid={CC9970E2-57B7-43DC-B5A8-E19DD29CB0E8}
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\novslo~1\OFFICE11\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-LogitechSetup - d:\setup\Setup.exe
AddRemove-BasicScan - c:\program files\BasicScan\uninstall.exe
AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.3.27\uninstall.exe
AddRemove-ScanQuery - c:\program files\ScanQuery\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-14 19:01
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2112)
c:\documents and settings\All Users\Data aplikací\bProtectorForWindows\2.0.392.106\protector.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\documents and settings\All Users\Data aplikací\Premium\ContinueToSave\ContinueToSave.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\progra~1\SPYWAR~1\sp_rsser.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2013-04-14 19:08:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-04-14 17:08
.
Před spuštěním: Volných bajtů: 159 018 778 624
Po spuštění: Volných bajtů: 160 100 868 096
.
- - End Of File - - B8A0D925FF999ABE361CA216AA33A397

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\documents and settings\All Users\Data aplikací\b0hb.js
c:\documents and settings\All Users\Data aplikací\bh0b.dat

Folder::
c:\program files\AskPartnerNetwork
c:\documents and settings\All Users\Data aplikací\BrouwsEe2save
c:\program files\uTorrentBar
c:\program files\ICQ6Toolbar

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{4154552D-5341-5400-76A7-7A786E7484D7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{B6429CB6-9A3C-7FDC-6B32-4FD884240640}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnTBMon"=-

Driver::
ICQ Service
Skype C2C Service

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Udělal jsem vše dle pokunu. CF se spustil a zastavil se na Dokončená fáze_2 a nic se 45 minut neděje. PC zaseklé není. Vytíženost CPU je na nule. Vypadá to, jako by se CF zastavil. Takže jsem CF po 45 min. vypnul a PC restartoval. PC normálně naběhlo. Prosím o další postup co mám dělat dál. Děkuji.

Zkuste to se stejným skriptem, ale v nouz. režimu.

Paráda. V nozovém režimu vše proběhlo ok. Přikládám log.

ComboFix 13-04-14.01 - TOP COMPUTERS 14.04.2013 21:34:07.3.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1754 [GMT 2:00]
Spuštěný z: c:\documents and settings\TOP COMPUTERS\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\TOP COMPUTERS\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
file zipped: c:\documents and settings\All Users\Data aplikací\b0hb.js
file zipped: c:\documents and settings\All Users\Data aplikací\bh0b.dat
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Data aplikací\b0hb.js
c:\program files\AskPartnerNetwork
c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe
c:\program files\AskPartnerNetwork\Toolbar\APNSetup.exe
c:\program files\AskPartnerNetwork\Toolbar\ATU-SAT\Passport.dll
c:\program files\AskPartnerNetwork\Toolbar\searchhook.dll
c:\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe
c:\program files\AskPartnerNetwork\Toolbar\SO.dll
c:\program files\AskPartnerNetwork\Toolbar\toolbar.dll
c:\program files\AskPartnerNetwork\Toolbar\Toolbar.exe
c:\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll
c:\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe
c:\program files\AskPartnerNetwork\Toolbar\Updater\ask-search.xml
c:\program files\AskPartnerNetwork\Toolbar\Updater\ATU-SAT\config.xml
c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
c:\program files\uTorrentBar
c:\program files\uTorrentBar\GottenAppsContextMenu.xml
c:\program files\uTorrentBar\ldrtbuTo0.dll
c:\program files\uTorrentBar\ldrtbuTo2.dll
c:\program files\uTorrentBar\ldrtbuTor.dll
c:\program files\uTorrentBar\OtherAppsContextMenu.xml
c:\program files\uTorrentBar\prxtbuTo0.dll
c:\program files\uTorrentBar\prxtbuTo1.dll
c:\program files\uTorrentBar\prxtbuTo2.dll
c:\program files\uTorrentBar\prxtbuTor.dll
c:\program files\uTorrentBar\SharedAppsContextMenu.xml
c:\program files\uTorrentBar\tbuTor.dll
c:\program files\uTorrentBar\toolbar.cfg
c:\program files\uTorrentBar\ToolbarContextMenu.xml
c:\program files\uTorrentBar\uninstall.exe
c:\program files\uTorrentBar\uTorrentBarToolbarHelper.exe
c:\program files\uTorrentBar\uTorrentBarToolbarHelper1.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ICQ_SERVICE
-------\Legacy_SKYPE_C2C_SERVICE
-------\Service_ICQ Service
-------\Service_Skype C2C Service
-------\Legacy_APNMCP
-------\Legacy_APNMCP
-------\Service_APNMCP
-------\Service_APNMCP
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-14 do 2013-04-14 )))))))))))))))))))))))))))))))
.
.
2013-04-14 16:04 . 2013-04-14 16:04 -------- d-----w- c:\program files\trend micro
2013-04-14 16:04 . 2013-04-14 16:04 -------- d-----w- C:\rsit
2013-04-14 15:15 . 2013-04-14 15:15 -------- d-----w- c:\documents and settings\TOP COMPUTERS\Doctor Web
2013-04-14 15:11 . 2013-04-14 15:11 -------- d-----w- c:\documents and settings\TOP COMPUTERS\Data aplikací\Malwarebytes
2013-04-14 15:10 . 2013-04-14 15:10 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-04-14 15:10 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-14 15:10 . 2013-04-14 15:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-14 14:52 . 2013-03-06 22:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-04-14 14:52 . 2013-03-06 22:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-04-14 14:52 . 2013-03-06 22:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-04-14 13:48 . 2013-04-14 13:49 -------- d-----w- C:\Registr
2013-04-14 13:47 . 2013-04-14 13:47 -------- d-----w- c:\program files\CCleaner
2013-04-14 13:45 . 2013-04-14 13:45 -------- d-----w- c:\documents and settings\TOP COMPUTERS\Data aplikací\Thinstall
2013-04-14 13:31 . 2001-10-24 09:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2013-04-14 13:31 . 2001-10-24 09:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-04-14 13:25 . 2013-04-14 13:25 -------- d-----w- c:\windows\system32\wbem\Repository
2013-04-14 13:04 . 2013-04-14 13:19 -------- d-s---w- c:\documents and settings\Administrator
2013-04-11 15:59 . 2013-04-11 15:59 133632 ----a-w- c:\documents and settings\All Users\Data aplikací\bh0b.dat
2013-04-07 05:59 . 2013-04-07 06:00 -------- d-----w- C:\BMW M3 Challenge
2013-04-06 07:51 . 2013-04-06 07:57 -------- d-----w- c:\documents and settings\TOP COMPUTERS\Data aplikací\Systweak
2013-04-06 07:50 . 2013-04-06 07:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\BrouwsEe2save
2013-03-31 12:40 . 2013-03-31 12:40 -------- d-----w- c:\program files\Microsoft XNA
2013-03-21 17:44 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-21 17:44 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-19 20:30 . 2013-03-19 20:30 6066296 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-03-16 06:23 . 2013-04-14 15:07 -------- d-----w- c:\program files\Common Files\Adobe AIR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-14 15:00 . 2012-06-20 16:19 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-14 15:00 . 2011-09-04 18:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 08:36 . 2006-03-02 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2006-03-02 12:00 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 15:56 . 2004-08-17 15:45 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-06 22:33 . 2011-02-28 12:32 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 22:33 . 2011-02-28 12:32 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 22:33 . 2008-05-22 11:10 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 22:33 . 2008-05-22 11:10 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 22:33 . 2008-05-22 11:10 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 22:32 . 2011-02-28 12:31 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 22:32 . 2008-05-22 11:10 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-02 02:08 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:08 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:08 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:57 . 2006-03-02 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:58 . 2008-03-25 16:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-04-13 18:56 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2006-03-02 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:15 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet(3).dll
2013-02-05 20:15 . 2006-03-02 12:00 1212928 ----a-w- c:\windows\system32\urlmon(3).dll
2013-02-05 20:15 . 2006-03-02 12:00 105984 ----a-w- c:\windows\system32\url(3).dll
2013-01-26 03:55 . 2006-03-02 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}"= "c:\program files\InnoGames_International\prxtbInn0.dll" [2011-05-09 176936]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-05-09 176936]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\prxtbHot2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Softonic-Eng7\prxtbSof2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{8965F9FE-2A1E-B096-C9CF-1A50B4A8A53F}]
2013-01-06 12:16 118272 ----a-w- c:\documents and settings\All Users\Data aplikací\continuetosave\50e96b34a386b.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}]
2011-05-09 09:49 176936 ----a-w- c:\program files\InnoGames_International\prxtbInn0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Hotspot_Shield\prxtbHot2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-11-26 12:54 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-06-28 16:43 8466432 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-06-28 16:43 1626112 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 13:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\SweetIM\\Communicator\\SweetPacksUpdateManager.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Counter-Strike 1.6\\csko.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\WINDOWS\\KMSEmulator.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Documents and Settings\\TOP COMPUTERS\\Plocha\\WALKER\\CS\\CS--Source\\hl2.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [14.4.2013 16:52 49248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28.2.2011 14:32 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [22.5.2008 13:10 368176]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [22.5.2008 13:05 135936]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.5.2008 13:10 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [14.4.2013 16:52 66336]
R2 bProtector;bProtector;c:\documents and settings\All Users\Data aplikací\bProtectorForWindows\2.0.392.106\bProtect.exe [12.5.2012 12:13 1441784]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 18:33 50704]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\ULTIDEVCASSINWEBSERVER2A.EXE [8.2.2007 1:06 49152]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [14.4.2013 16:52 164736]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096]
S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [5.1.2010 17:25 544768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 12:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 15:00]
.
2013-04-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2013-04-14 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-04-14 22:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/ig
mStart Page = hxxp://home.sweetim.com/?st=6&barid={CC9970E2-57B7-43DC-B5A8-E19DD29CB0E8}
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\novslo~1\OFFICE11\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{D8278076-BC68-4484-9233-6E7F1628B56C} - c:\program files\AskPartnerNetwork\Toolbar\searchhook.dll
URLSearchHooks-{bfc39e47-d643-4dc2-aa1d-61377501c844} - c:\program files\atube\atubeX.dll
AddRemove-uTorrentBar Toolbar - c:\program files\uTorrentBar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-14 21:47
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3748)
c:\documents and settings\All Users\Data aplikací\bProtectorForWindows\2.0.392.106\protector.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\progra~1\SPYWAR~1\sp_rsser.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Celkový čas: 2013-04-14 21:54:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-04-14 19:54
ComboFix2.txt 2013-04-14 17:08
.
Před spuštěním: Volných bajtů: 160 096 845 824
Po spuštění: Volných bajtů: 160 091 443 200
.
- - End Of File - - CC873B50AD674212EBE1128E95C4036F
Nahr nˇ probŘhlo ŁspŘçnŘ

Log je již OK. Nastala nějaká změna?

PC šlape, jak má. Rudy moc děkuji za Váš čas.

Nemáte zač!