facebook vir (pres youtube)

[azamar]

Vyskocilo varovani, abych vypnul avast rezidentni stit, coz mi vsak nejde.
Kdyz zkusim avast zapnout, tak mi nad v pravem dolnim rohu vyskoci cervena tabulka

ENHANCED PROTECTION MODE
Attention!
Avast operates under enhanced protection mode.
This is temporary measure necessary for immediate response to
the threat from virus.
No action is required from you.

.... a nenabizi mi to zadne moznosti vypnuti. Mam presto spustit Combofix?

[Caroprd111]

Ano, spusťte.

[azamar]

tak porad to same, po 30 minutach se nic nedeje

[azamar]

restartoval jsem ... po restartu se mi podarilo spustit OTL s tim skriptem, ktery predtim nesel
skript probehl, pocitac se resetoval, po nabehnuti systemu se objevilo txt s timto obsahem

All processes killed
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 507904 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: x
->Temp folder emptied: 175776652 bytes
->Temporary Internet Files folder emptied: 93003234 bytes
->FireFox cache emptied: 64703820 bytes
->Flash cache emptied: 49744 bytes

User: Administrator
->Temp folder emptied: 507904 bytes
->Temporary Internet Files folder emptied: 43780 bytes
->FireFox cache emptied: 11129437 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2675656 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49203100 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 171308009 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 543,00 mb


[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: x
->Flash cache emptied: 0 bytes

User: Administrator
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
========== OTL ==========
Service McComponentHostService stopped successfully!
Service McComponentHostService deleted successfully!
Service HidServ stopped successfully!
Service HidServ deleted successfully!
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
Service srvsysdriver32 stopped successfully!
Service srvsysdriver32 deleted successfully!
C:\WINDOWS\sysdriver32.exe moved successfully.
Service srviecheck stopped successfully!
Service srviecheck deleted successfully!
C:\WINDOWS\update.2\svchost.exe moved successfully.
Service srvbtcclient stopped successfully!
Service srvbtcclient deleted successfully!
C:\WINDOWS\update.5.0\svchost.exe moved successfully.
Service wxpdrivers stopped successfully!
Service wxpdrivers deleted successfully!
C:\WINDOWS\update.1\svchost.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3650529804-3202510516-3052227852-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
HKU\S-1-5-21-3650529804-3202510516-3052227852-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-3650529804-3202510516-3052227852-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 62667 removed from network.proxy.http_port
Prefs.js: 1 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3650529804-3202510516-3052227852-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-3650529804-3202510516-3052227852-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\165873.exe not found.
File C:\Documents and Settings\x\Local Settings\Temp\165873.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\331949.exe not found.
File C:\WINDOWS\TEMP\331949.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\4340708.exe not found.
File C:\Documents and Settings\x\Local Settings\Temp\4340708.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\7393402.exe not found.
File C:\Documents and Settings\x\Local Settings\Temp\7393402.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\7441153.exe not found.
File C:\Documents and Settings\x\Local Settings\Temp\7441153.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avast5 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\conhost not found.
C:\Documents and Settings\x\Data aplikací\Microsoft\conhost.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysdriver32.exe not found.
File C:\WINDOWS\sysdriver32.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysdriver32_.exe not found.
C:\WINDOWS\sysdriver32_.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\systemup not found.
C:\WINDOWS\systemup.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico0 deleted successfully.
C:\WINDOWS\update.tray-7-0\svchost.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico1 deleted successfully.
C:\WINDOWS\update.tray-9-0\svchost.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wxpdrv not found.
Registry value HKEY_USERS\S-1-5-21-3650529804-3202510516-3052227852-1006\Software\Microsoft\Windows\CurrentVersion\Run\\WEBTRAN deleted successfully.
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk moved successfully.
File C:\Documents and Settings\x\Local Settings\Temp\csrss.exe not found.
Registry value HKEY_USERS\S-1-5-21-3650529804-3202510516-3052227852-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\AlternateShell deleted successfully.
C:\WINDOWS\ufa folder moved successfully.
C:\WINDOWS\rpcminer folder moved successfully.
C:\WINDOWS\phoenix\kernels\poclbm folder moved successfully.
C:\WINDOWS\phoenix\kernels\phatk folder moved successfully.
C:\WINDOWS\phoenix\kernels folder moved successfully.
C:\WINDOWS\phoenix folder moved successfully.
C:\WINDOWS\update.5.0 folder moved successfully.
C:\WINDOWS\update.2 folder moved successfully.
C:\WINDOWS\av_ico folder moved successfully.
C:\WINDOWS\update.1 folder moved successfully.
C:\WINDOWS\update.tray-9-0-lnk folder moved successfully.
C:\WINDOWS\update.tray-9-0 folder moved successfully.
C:\WINDOWS\update.tray-7-0-lnk folder moved successfully.
C:\WINDOWS\update.tray-7-0 folder moved successfully.
C:\FOUND.002 folder moved successfully.
C:\Temp folder moved successfully.
C:\FOUND.001 folder moved successfully.
File C:\Documents and Settings\x\Plocha\rkill.exe not found.
C:\Documents and Settings\x\Plocha\ComboFix.exe moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
File C:\WINDOWS\sysdriver32_.exe not found.
File C:\WINDOWS\sysdriver32.exe not found.
C:\WINDOWS\info1 moved successfully.
C:\WINDOWS\l1rezerv.exe moved successfully.
C:\Documents and Settings\x\Data aplikací\7817.97A moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\gbot111.exe moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\phoenix.rar moved successfully.
C:\WINDOWS\rpcminer.rar moved successfully.
C:\WINDOWS\unrar.exe moved successfully.
C:\WINDOWS\ufa.rar moved successfully.
File C:\WINDOWS\systemup.exe not found.
C:\WINDOWS\loader2.exe_ok moved successfully.
File C:\WINDOWS\gbot111.exe not found.
C:\Documents and Settings\x\Data aplikací\dwm.exe moved successfully.
File C:\WINDOWS\phoenix.rar not found.
File C:\WINDOWS\unrar.exe not found.
File C:\WINDOWS\ufa.rar not found.
File C:\WINDOWS\rpcminer.rar not found.
File C:\WINDOWS\systemup.exe not found.
File C:\WINDOWS\l1rezerv.exe not found.
File C:\WINDOWS\info1 not found.
File C:\WINDOWS\loader2.exe_ok not found.
File C:\WINDOWS\sysdriver32_.exe not found.
File C:\WINDOWS\sysdriver32.exe not found.
File C:\Documents and Settings\x\Data aplikací\7817.97A not found.
C:\WINDOWS\system32\cis-2.4.dll moved successfully.
C:\WINDOWS\system32\issacapi_bs-2.3.dll moved successfully.
C:\WINDOWS\system32\issacapi_pe-2.3.dll moved successfully.
C:\WINDOWS\system32\issacapi_se-2.3.dll moved successfully.
C:\WINDOWS\MusiccityDownload.exe moved successfully.
C:\WINDOWS\Tasks\At1.job moved successfully.
File C:\WINDOWS\Tasks\At2.job not found.
File C:\WINDOWS\Tasks\At3.job not found.
File C:\WINDOWS\Tasks\At4.job not found.
File C:\Documents and Settings\x\Data aplikací\dwm.exe not found.
C:\Documents and Settings\x\Data aplikací\Microsoft\conhostu.exe moved successfully.
File C:\Documents and Settings\x\Data aplikací\Microsoft\conhost.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\x\Dokumenty\Stažené soubory\Flash-Player.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.1\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.tray-9-0\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.tray-7-0\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.2\svchost.exe deleted successfully.

OTL by OldTimer - Version 3.2.26.1 log created on 07242011_152322

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[Caroprd111]

Jak se chová PC? Poprosím Vás o nový log z OTL - klikněte na Prohledat.

[azamar]

chovani pc je takove, ze se chvili neda poznat, ze je s nim neco spatne, a pak zacne z nicehonic chroustat hdd
a neda se prakticky vubec nic delat ... to trva zhruba 3-5 min, pak zhruba 10 min klid, a pak znovu hdd atd.

nize prikladam log

OTL logfile created on: 24.7.2011 16:36:25 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\x\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

502,04 Mb Total Physical Memory | 112,01 Mb Available Physical Memory | 22,31% Memory free
1,20 Gb Paging File | 0,84 Gb Available in Paging File | 70,60% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25,25 Gb Total Space | 10,83 Gb Free Space | 42,89% Space Free | Partition Type: FAT32
Drive D: | 25,73 Gb Total Space | 8,52 Gb Free Space | 33,12% Space Free | Partition Type: FAT32

Computer Name: MITKO | User Name: x | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.07.24 15:25:18 | 000,507,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\x\Local Settings\Temp\RtkBtMnt.exe
PRC - [2011.07.23 14:17:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\x\Plocha\OTL.exe
PRC - [2011.06.09 18:52:54 | 000,020,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.06.09 18:52:44 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.05.28 09:39:52 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.08.10 19:29:14 | 000,352,256 | ---- | M] (Acer Incorporated) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2006.08.09 22:29:38 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2006.08.09 22:29:36 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2006.08.09 22:29:08 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\Acer Arcade\PCMService.exe
PRC - [2006.08.09 22:28:36 | 001,077,376 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
PRC - [2006.08.09 22:28:36 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2006.07.20 22:15:32 | 000,593,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2006.01.24 18:00:08 | 000,397,312 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe
PRC - [2005.12.27 15:50:28 | 000,069,632 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2005.10.24 16:45:32 | 002,462,208 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admtray.exe
PRC - [2005.10.24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe


========== Modules (SafeList) ==========

MOD - [2011.07.23 14:17:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\x\Plocha\OTL.exe
MOD - [2011.02.08 15:33:56 | 000,978,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2010.08.23 17:12:34 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006.01.20 15:56:00 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2005.12.27 16:57:30 | 000,053,248 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\sysenv.dll
MOD - [2005.12.27 15:50:26 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\MSNChatHook.dll
MOD - [2004.08.18 20:00:00 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42loc.dll
MOD - [2003.03.18 22:12:12 | 001,047,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MFC71u.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - [2006.08.09 22:29:38 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006.08.09 22:29:36 | 000,254,050 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006.08.09 22:28:36 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005.10.24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)


========== Driver Services (SafeList) ==========

DRV - [2011.02.18 06:47:42 | 000,180,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudserd.sys -- (ssudserd) SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.)
DRV - [2011.02.18 06:47:42 | 000,180,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011.02.18 06:47:42 | 000,066,112 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2006.06.28 16:25:24 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.06.16 19:17:38 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006.06.16 19:17:38 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006.06.16 19:17:36 | 000,061,056 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006.01.25 10:44:52 | 000,488,448 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005.11.27 07:36:08 | 001,427,968 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005.10.31 14:17:00 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005.10.31 14:16:00 | 000,046,080 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2005.10.24 10:20:52 | 000,218,496 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005.10.18 16:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005.10.18 16:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.10.15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005.09.13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005.06.30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005.05.02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005.01.14 15:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005.01.13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cs.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3650529804-3202510516-3052227852-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
IE - HKU\S-1-5-21-3650529804-3202510516-3052227852-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
IE - HKU\S-1-5-21-3650529804-3202510516-3052227852-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011.04.07 19:18:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.04.09 03:01:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.05.28 09:40:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.22 18:22:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.22 18:22:40 | 000,000,000 | ---D | M]

[2010.11.22 18:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\x\Data aplikací\Mozilla\Extensions
[2010.11.22 18:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\x\Data aplikací\Mozilla\Firefox\Profiles\hwodlmwd.default\extensions
[2011.02.21 21:05:14 | 000,000,000 | ---D | M] (WebTran) -- C:\Documents and Settings\x\Data aplikací\Mozilla\Firefox\Profiles\hwodlmwd.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
[2010.11.22 18:22:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.11.23 14:15:44 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\DATA APLIKACĂ­\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\X\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\HWODLMWD.DEFAULT\EXTENSIONS\{003D3EDC-99B9-4A34-9C20-60CB94F7E829}
[2011.03.17 20:57:30 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.10.27 06:19:36 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2010.10.27 06:19:36 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2010.10.27 06:19:36 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2010.10.27 06:19:36 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2010.10.27 06:19:36 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011.07.24 15:23:30 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3650529804-3202510516-3052227852-1006..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-3650529804-3202510516-3052227852-1006..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-3650529804-3202510516-3052227852-1006..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-3650529804-3202510516-3052227852-1006..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3650529804-3202510516-3052227852-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3650529804-3202510516-3052227852-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.08.28 20:31:42 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.07.24 15:59:54 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2011.07.24 15:51:04 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011.07.24 15:50:13 | 004,150,846 | R--- | C] (Swearware) -- C:\Documents and Settings\x\Plocha\ComboFix.exe
[2011.07.24 15:13:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.07.24 15:06:02 | 000,000,000 | -HSD | C] -- C:\FOUND.009
[2011.07.24 14:11:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.07.24 14:11:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.07.24 14:11:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.07.24 14:11:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.07.24 14:10:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.07.24 13:30:40 | 000,000,000 | -HSD | C] -- C:\FOUND.008
[2011.07.24 13:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Plocha\RK_Quarantine
[2011.07.24 13:17:12 | 000,000,000 | -HSD | C] -- C:\FOUND.007
[2011.07.24 11:57:40 | 000,000,000 | -HSD | C] -- C:\FOUND.006
[2011.07.24 11:23:24 | 000,000,000 | ---D | C] -- C:\cmdcons
[2011.07.24 11:21:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.07.24 11:21:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\x\Nabídka Start\Programy\Nástroje pro správu
[2011.07.24 11:21:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Filmy
[2011.07.23 20:09:54 | 000,000,000 | -HSD | C] -- C:\FOUND.005
[2011.07.23 17:17:42 | 000,000,000 | -HSD | C] -- C:\FOUND.004
[2011.07.23 17:02:56 | 000,000,000 | -HSD | C] -- C:\FOUND.003
[2011.07.23 14:17:08 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\x\Plocha\OTL.exe
[2011.07.22 20:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.07.22 20:47:37 | 000,000,000 | ---D | C] -- C:\rsit
[2011.07.22 20:27:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011.07.15 20:19:24 | 000,000,000 | ---D | C] -- C:\Microsoft
[2011.07.15 17:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Data aplikací\WinRAR
[2011.07.09 13:45:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011.07.09 13:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011.07.09 13:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011.07.09 13:43:32 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011.07.09 13:43:32 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011.07.09 13:43:31 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011.07.09 13:43:31 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011.07.09 13:43:30 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011.07.09 13:43:30 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011.07.06 22:26:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.07.06 19:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\OpenXML-ODF Translator
[2011.07.06 19:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\ODF Add-in for Microsoft Office
[2011.06.29 18:58:15 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011.06.25 14:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Dokumenty\SelfMV
[2011.06.25 14:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\MyFree Codec
[2011.06.25 14:10:23 | 000,000,000 | ---D | C] -- C:\Program Files\MyFree Codec
[2011.06.25 11:10:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Local Settings\Data aplikací\Samsung
[2011.06.25 11:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Dokumenty\samsung
[2011.06.25 10:52:35 | 000,180,672 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudserd.sys
[2011.06.25 10:52:33 | 000,180,672 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudmdm.sys
[2011.06.25 10:52:33 | 000,066,112 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudbus.sys
[2011.06.25 10:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Samsung
[2011.06.25 10:51:02 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll
[2011.06.25 10:49:43 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgderapi.dll
[2011.06.25 10:49:43 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DIFxAPI.dll
[2011.06.25 10:49:43 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\WINDOWS\System32\drivers\dgderdrv.sys
[2011.06.25 10:49:43 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2011.06.25 10:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Data aplikací\Samsung
[2011.06.25 10:48:22 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2011.06.25 10:48:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Samsung
[2011.06.25 10:47:40 | 000,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011.06.25 10:46:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\umdf
[2011.06.25 10:37:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011.06.25 10:33:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Local Settings\Data aplikací\Downloaded Installations

========== Files - Modified Within 30 Days ==========

[2011.07.24 16:28:02 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.07.24 16:01:12 | 000,000,451 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2011.07.24 16:00:46 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3650529804-3202510516-3052227852-1006.job
[2011.07.24 16:00:38 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3650529804-3202510516-3052227852-1006.job
[2011.07.24 16:00:32 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.24 16:00:14 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3650529804-3202510516-3052227852-500.job
[2011.07.24 16:00:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.07.24 15:59:58 | 526,503,936 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.24 15:50:24 | 004,150,846 | R--- | M] (Swearware) -- C:\Documents and Settings\x\Plocha\ComboFix.exe
[2011.07.24 15:20:32 | 000,001,618 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\McAfee Security Scan Plus.lnk
[2011.07.24 15:20:32 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2011.07.24 15:06:54 | 000,000,343 | ---- | M] () -- C:\boot.ini
[2011.07.24 13:22:02 | 000,526,848 | ---- | M] () -- C:\Documents and Settings\x\Plocha\RogueKiller.exe
[2011.07.24 11:03:38 | 000,000,229 | ---- | M] () -- C:\Boot.bak
[2011.07.24 11:02:04 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2011.07.23 14:32:26 | 000,904,792 | ---- | M] () -- C:\WINDOWS\geoiplist.rar
[2011.07.23 14:23:28 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.07.23 14:17:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\x\Plocha\OTL.exe
[2011.07.23 13:34:20 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3650529804-3202510516-3052227852-500.job
[2011.07.22 20:01:32 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.07.17 03:24:22 | 004,636,907 | ---- | M] () -- C:\WINDOWS\geoiplist
[2011.07.14 11:18:12 | 000,220,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.07.13 23:11:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.07.10 22:47:04 | 000,482,676 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.07.10 22:47:04 | 000,477,988 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2011.07.10 22:47:04 | 000,092,822 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2011.07.10 22:47:04 | 000,080,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.07.06 22:28:30 | 000,002,517 | ---- | M] () -- C:\Documents and Settings\x\Plocha\Kopie - Microsoft Office Excel 2003.lnk
[2011.07.06 22:27:16 | 000,001,642 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader X.lnk
[2011.07.06 15:48:52 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\x\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.29 18:58:16 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011.06.26 08:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011.06.26 08:01:06 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011.06.25 11:06:34 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\umdf\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011.06.25 10:53:06 | 000,001,502 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Samsung Kies.lnk
[2011.06.25 10:47:50 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\umdf\MsftWdf_user_01_00_00.Wdf

========== Files Created - No Company Name ==========

[2011.07.24 15:07:27 | 526,503,936 | -HS- | C] () -- C:\hiberfil.sys
[2011.07.24 14:11:11 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.07.24 14:11:11 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.07.24 14:11:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.07.24 14:11:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.07.24 14:11:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.07.24 13:21:37 | 000,526,848 | ---- | C] () -- C:\Documents and Settings\x\Plocha\RogueKiller.exe
[2011.07.24 11:23:28 | 000,000,229 | ---- | C] () -- C:\Boot.bak
[2011.07.24 11:23:25 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2011.07.23 19:20:04 | 000,000,343 | ---- | C] () -- C:\boot.ini
[2011.07.23 14:32:25 | 004,636,907 | ---- | C] () -- C:\WINDOWS\geoiplist
[2011.07.23 14:32:24 | 000,904,792 | ---- | C] () -- C:\WINDOWS\geoiplist.rar
[2011.07.23 14:23:27 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.07.22 20:56:21 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3650529804-3202510516-3052227852-500.job
[2011.07.22 20:56:21 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3650529804-3202510516-3052227852-500.job
[2011.07.07 15:55:06 | 000,833,024 | ---- | C] () -- C:\Documents and Settings\x\Plocha\GS09.exe
[2011.07.06 22:27:14 | 000,001,642 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader X.lnk
[2011.07.06 22:27:13 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Adobe Reader X.lnk
[2011.06.26 00:41:34 | 000,199,578 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
[2011.06.25 11:23:58 | 000,939,122 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-3650529804-3202510516-3052227852-1006-0.dat
[2011.06.25 11:06:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\umdf\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011.06.25 10:53:05 | 000,001,502 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Samsung Kies.lnk
[2011.06.25 10:47:49 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\umdf\MsftWdf_user_01_00_00.Wdf
[2011.02.22 22:15:24 | 000,035,730 | ---- | C] () -- C:\Documents and Settings\x\Data aplikací\SLOVA.WAV
[2011.02.22 22:15:24 | 000,035,330 | ---- | C] () -- C:\Documents and Settings\x\Data aplikací\TMP.WAV
[2011.02.20 15:23:39 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2011.02.20 15:01:50 | 000,000,783 | ---- | C] () -- C:\WINDOWS\NTIWVEDT.INI
[2011.02.20 11:41:52 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2011.02.19 15:20:15 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo.dll
[2011.02.19 14:55:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.12.29 17:57:28 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\oledb.dll
[2010.12.16 09:19:18 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\eDataSecurity.dat
[2010.11.28 15:17:32 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.11.28 15:17:31 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.11.28 15:17:24 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.11.28 15:17:24 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.11.28 15:17:23 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.11.23 16:58:58 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\x\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.22 19:53:20 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.11.22 18:22:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.11.22 18:18:03 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2010.11.22 18:06:38 | 000,000,121 | ---- | C] () -- C:\Documents and Settings\x\Local Settings\Data aplikací\fusioncache.dat
[2010.11.22 17:55:48 | 001,154,584 | ---- | C] () -- C:\WINDOWS\YTB.EXE
[2010.11.22 17:55:48 | 000,261,627 | ---- | C] () -- C:\WINDOWS\EMEAWG.EXE
[2006.08.28 21:30:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006.08.28 21:29:58 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2006.08.28 21:29:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.08.28 21:10:24 | 000,482,676 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.08.28 21:10:24 | 000,477,988 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2006.08.28 21:10:24 | 000,092,822 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2006.08.28 21:10:24 | 000,080,080 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.08.28 21:05:40 | 000,220,040 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006.08.28 20:32:08 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2006.08.28 20:30:48 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2006.08.28 20:30:48 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2006.08.28 20:30:48 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2006.08.28 20:30:48 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2006.08.28 20:09:16 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006.08.28 20:07:26 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006.06.16 19:17:32 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2006.03.10 14:15:44 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005.12.27 15:50:32 | 000,067,072 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin
[2005.12.27 15:50:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2005.12.27 15:50:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll
[2005.12.27 15:50:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll
[2005.12.27 15:50:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll
[2005.12.27 15:50:26 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll
[2005.12.14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005.10.31 18:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005.07.15 16:48:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005.05.02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
[2005.03.28 15:45:26 | 000,000,081 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2004.12.17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004.08.18 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.18 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.18 20:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2004.08.18 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.18 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.18 20:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2004.08.18 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.18 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.18 20:00:00 | 000,003,568 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.08.18 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004.08.18 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003.12.29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.05.24 16:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001.08.26 17:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.26 17:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2006.08.28 20:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Data aplikací\Acer
[2006.08.28 20:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Acer
[2011.02.21 20:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LangSoft
[2011.06.25 10:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Samsung
[2006.08.28 20:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\Acer
[2011.01.29 14:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\Tracker Software
[2011.02.20 13:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\GHISLER
[2011.02.21 20:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\LangSoft
[2011.03.20 13:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\Mp3 Editor for Free
[2011.06.25 10:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Data aplikací\Samsung
[2006.08.28 20:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Acer

========== Purity Check ==========



< End of report >

[Caroprd111]

Pokračujte podle návodu: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

[azamar]

zasilam log z AVPTool

Status: Deleted (events: 21)
24.7.2011 17:29:57 Deleted Trojan program Trojan.Win32.Menti.hisf C:\Documents and Settings\x\Dokumenty\Stažené soubory\Flash-Player.exe High
24.7.2011 17:55:17 Deleted Trojan program Trojan.Win32.Scar.ejgo C:\Documents and Settings\x\Plocha\RK_Quarantine\sysdriver32.exe.vir High
24.7.2011 17:55:18 Deleted Trojan program Trojan.Win32.Scar.ejgo C:\Documents and Settings\x\Plocha\RK_Quarantine\sysdriver32_.exe.vir High
24.7.2011 17:55:19 Deleted Trojan program Trojan.Win32.Scar.ejfa C:\Documents and Settings\x\Plocha\RK_Quarantine\L1REZERV.EXE.vir High
24.7.2011 17:55:19 Deleted Trojan program Trojan.Win32.Scar.ejfa C:\Documents and Settings\x\Plocha\RK_Quarantine\L1REZERV.EXE.vir//UPX High
24.7.2011 17:55:20 Deleted Trojan program Trojan.Win32.Scar.eajx C:\Documents and Settings\x\Plocha\RK_Quarantine\331949.exe.vir High
24.7.2011 17:55:22 Deleted Trojan program Trojan.Win32.Scar.eajx C:\Documents and Settings\x\Plocha\RK_Quarantine\7393402.exe.vir High
24.7.2011 17:55:21 Deleted Trojan program Trojan.Win32.Scar.eajx C:\Documents and Settings\x\Plocha\RK_Quarantine\165873.exe.vir High
24.7.2011 17:55:23 Deleted Trojan program Trojan.Win32.Scar.ejgo C:\Documents and Settings\x\Plocha\RK_Quarantine\7589005.exe.vir High
24.7.2011 17:58:10 Deleted Trojan program Backdoor.Win32.Gbot.mgs C:\Program Files\Internet Explorer\conhost.exe High
24.7.2011 18:04:53 Deleted Trojan program Trojan.Win32.Scar.ejgo C:\_OTL\MovedFiles\07242011_152322\C_WINDOWS\sysdriver32.exe High
24.7.2011 18:04:54 Deleted Trojan program Trojan.Win32.Scar.ejgo C:\_OTL\MovedFiles\07242011_152322\C_WINDOWS\sysdriver32_.exe High
24.7.2011 18:04:54 Deleted Trojan program Trojan.Win32.Scar.ejfa C:\_OTL\MovedFiles\07242011_152322\C_WINDOWS\l1rezerv.exe High
24.7.2011 18:04:54 Deleted Trojan program Trojan.Win32.Scar.ejfa C:\_OTL\MovedFiles\07242011_152322\C_WINDOWS\l1rezerv.exe//UPX High
24.7.2011 18:04:56 Deleted Trojan program Backdoor.Win32.Gbot.mgs C:\_OTL\MovedFiles\07242011_152322\C_WINDOWS\gbot111.exe High
24.7.2011 18:04:59 Deleted Trojan program Trojan.Win32.Swisyn.bqkd C:\_OTL\MovedFiles\07242011_152322\C_WINDOWS\update.5.0\svchost.exe High
24.7.2011 18:04:59 Deleted Trojan program Trojan.Win32.Menti.hisf C:\_OTL\MovedFiles\07242011_152322\C_WINDOWS\update.1\svchost.exe High
24.7.2011 18:05:07 Deleted Trojan program Trojan.Win32.Menti.hisf C:\_OTL\MovedFiles\07242011_152322\C_WINDOWS\update.tray-7-0\svchost.exe High
24.7.2011 18:05:06 Deleted Trojan program Trojan.Win32.Menti.hisf C:\_OTL\MovedFiles\07242011_152322\C_WINDOWS\update.tray-9-0\svchost.exe High
24.7.2011 18:05:08 Deleted Trojan program Trojan.Win32.Menti.hisf C:\_OTL\MovedFiles\07242011_152322\C_WINDOWS\update.tray-9-0-lnk\svchost.exe High
24.7.2011 18:05:13 Deleted Trojan program Trojan.Win32.Menti.hisf C:\_OTL\MovedFiles\07242011_152322\C_WINDOWS\update.tray-7-0-lnk\svchost.exe High
Status: Quarantined (events: 19)
24.7.2011 17:55:16 Quarantined virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\x\Plocha\RK_Quarantine\dwm.exe.vir High
24.7.2011 17:55:16 Quarantined virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\x\Plocha\RK_Quarantine\dwm.exe.vir High
24.7.2011 17:55:16 Quarantined virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\x\Plocha\RK_Quarantine\conhost.exe.vir High
24.7.2011 17:55:16 Quarantined virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\x\Plocha\RK_Quarantine\conhost.exe.vir High
24.7.2011 17:55:17 Quarantined virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\x\Plocha\RK_Quarantine\CSRSS.EXE.vir High
24.7.2011 17:55:17 Quarantined virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\x\Plocha\RK_Quarantine\CSRSS.EXE.vir High
24.7.2011 17:55:18 Quarantined virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\x\Plocha\RK_Quarantine\SYSTEMUP.EXE.vir High
24.7.2011 17:55:18 Quarantined virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\x\Plocha\RK_Quarantine\SYSTEMUP.EXE.vir//UPX High
24.7.2011 17:55:26 Quarantined virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\x\Plocha\RK_Quarantine\4873180.exe.vir High
24.7.2011 17:55:26 Quarantined virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\x\Plocha\RK_Quarantine\4873180.exe.vir//UPX High
24.7.2011 18:04:54 Quarantined virus HEUR:Trojan.Win32.Generic C:\_OTL\MovedFiles\07242011_152322\C_WINDOWS\systemup.exe High
24.7.2011 18:04:54 Quarantined virus HEUR:Trojan.Win32.Generic C:\_OTL\MovedFiles\07242011_152322\C_WINDOWS\systemup.exe//UPX High
24.7.2011 18:05:02 Quarantined virus HEUR:Trojan.Win32.Generic C:\_OTL\MovedFiles\07242011_152322\C_WINDOWS\update.2\svchost.exe High
24.7.2011 18:05:02 Quarantined virus HEUR:Trojan.Win32.Generic C:\_OTL\MovedFiles\07242011_152322\C_WINDOWS\update.2\svchost.exe//UPX High
24.7.2011 18:05:09 Quarantined virus HEUR:Trojan.Win32.Generic C:\_OTL\MovedFiles\07242011_152322\C_Documents and Settings\x\Data aplikací\dwm.exe High
24.7.2011 18:05:09 Quarantined virus HEUR:Trojan.Win32.Generic C:\_OTL\MovedFiles\07242011_152322\C_Documents and Settings\x\Data aplikací\dwm.exe High
24.7.2011 18:05:14 Quarantined virus HEUR:Trojan.Win32.Generic C:\_OTL\MovedFiles\07242011_152322\C_Documents and Settings\x\Data aplikací\Microsoft\conhost.exe High
24.7.2011 18:05:14 Quarantined virus HEUR:Trojan.Win32.Generic C:\_OTL\MovedFiles\07242011_152322\C_Documents and Settings\x\Data aplikací\Microsoft\conhost.exe High
24.7.2011 18:05:13 Quarantined virus HEUR:Trojan.Win32.Generic C:\_OTL\MovedFiles\07242011_152322\C_Documents and Settings\x\Data aplikací\Microsoft\conhostu.exe High

[Caroprd111]

Stáhněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

• Podle návodu v odkazu nainstalujte, poté dejte úplný sken.
• Nic nemažte MBAM má občas falešné detekce a mohl by smazat např. systémové soubory.
• Log vložte sem.

[azamar]

Log z MBAM ...

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 7263

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

24.7.2011 19:22:49
mbam-log-2011-07-24 (19-22-42).txt

Typ kontroly: Úplný test (C:\|)
Testované objekty: 210206
Uplynulý čas: 15 minut, 46 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 2
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[Caroprd111]

Vše smažte a napište, jak se chová PC.

[azamar]

smazano, pc uz se chova tak jak ma alespon nevykazuje pro me zadny viditelny problem.
Dekuji moc za pomoc. Mohu si stahnout jiz avast, protoze to vypada, ze je smazany?

[azamar]

pro jistotu jeste zasilam rsit log

Logfile of random's system information tool 1.09 (written by random/random)
Run by x at 2011-07-24 22:48:55
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 11 GB (43%) free of 26 GB
Total RAM: 502 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:49:06, on 24.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\totalcmd\TOTALCMD.EXE
c:\Documents and Settings\Administrator\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\x.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cs.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 9512 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3650529804-3202510516-3052227852-1006.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3650529804-3202510516-3052227852-1006.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3650529804-3202510516-3052227852-500.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3650529804-3202510516-3052227852-500.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\x\Data aplikací\Mozilla\Firefox\Profiles\hwodlmwd.default

"msntoolbar@msn.com"=C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox
"{27182e60-b5f3-411c-b545-b44205977502}"=C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0]
"Description"=Bing Bar
"Path"=C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647]
"Description"=12.0.1.647
"Path"=c:\program files\real\realplayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}

C:\Program Files\Mozilla Firefox\components\
nsSessionStartup.js
FeedProcessor.js
brwsrcmp.dll
xpti.dat
fuelApplication.js
GPSDGeolocationProvider.js
nsSessionStore.js
NetworkGeolocationProvider.js
browserdirprovider.dll
nsBadCertHandler.js
nsjsrealplayerplugin.xpt
compreg.dat
browser.xpt
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsContentDispatchChooser.js
nsContentPrefService.js
nsURLFormatter.js
nsDownloadManagerUI.js
nsUpdateService.js
nsFormAutoComplete.js
nsHandlerService.js
nsUpdateServiceStub.js
nsINIProcessor.js
nsUpdateTimerManager.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsUrlClassifierLib.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsProxyAutoConfig.js
nsExtensionManager.js
nsSearchSuggestions.js
nsSetDefaultBrowser.js
nsTaggingService.js
nsTryToClose.js
nsUrlClassifierListManager.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
components.list
FeedConverter.js
FeedWriter.js
WebContentConverter.js
jsconsole-clhandler.js
nsAddonRepository.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsDefaultCLH.js
nsHelperAppDlg.js
nsLivemarkService.js
nsMicrosummaryService.js
nsPrivateBrowsingService.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSidebar.js

C:\Program Files\Mozilla Firefox\plugins\
NPOFFICE.DLL
npwachk.dll
nprpjplug.dll
nppl3260.dll
nprjplug.dll
QuickTimePlugin.class
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
npnul32.dll
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\x\Data aplikací\Mozilla\Firefox\Profiles\hwodlmwd.default\extensions\
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-05-28 386776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll [2010-04-27 550744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\WINDOWS\system32\eDStoolbar.dll [2006-02-22 106496]
{8dcb7100-df86-4384-8842-8fa844297b3f} - @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll [2010-04-27 550744]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"LaunchApp"=Alaunch []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-28 16248320]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-12-21 53248]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761946]
"ntiMUI"=C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2006-05-15 45056]
"ADMTray.exe"=C:\Acer\Empowering Technology\admtray.exe [2005-10-24 2462208]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2005-12-27 69632]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-18 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-18 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PCMService"=C:\Program Files\Acer\Acer Arcade\PCMService.exe [2006-08-09 151552]
"ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-08-10 352256]
"Acer ePower Management"=C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe [2006-05-22 3080704]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-07-20 593920]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\Monitor.exe [2006-01-24 397312]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [2009-11-25 54672]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2010-03-12 49208]
"Bing Bar"=C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe [2010-04-27 243544]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-11-11 288088]
"TkBellExe"=C:\program files\real\realplayer\update\realsched.exe [2011-05-28 273544]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2009-11-25 95632]
"KiesHelper"=C:\Program Files\Samsung\Kies\KiesHelper.exe [2011-06-09 940944]
"KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2011-06-09 3373968]
"KiesPDLR"=C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2011-06-09 20880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Acer\Acer Arcade\PCMService.exe"="C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe"="C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe:LocalSubNet:Enabled:Instalace zařízení HP"
"C:\WINDOWS\System32\muzapp.exe"="C:\WINDOWS\System32\muzapp.exe:*:Enabled:MUZ AOD APP player"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll
"msacm.l3codecp"=

======List of files/folders created in the last 1 month======

2011-07-24 22:44:48 ----D---- C:\WINDOWS\LastGood
2011-07-24 19:00:00 ----D---- C:\Documents and Settings\x\Data aplikací\Malwarebytes
2011-07-24 18:59:47 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-07-24 18:59:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-07-24 18:59:43 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-07-24 18:59:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-24 15:59:54 ----SHD---- C:\FOUND.001
2011-07-24 15:13:23 ----D---- C:\_OTL
2011-07-24 15:07:27 ----ASH---- C:\hiberfil.sys
2011-07-24 15:06:02 ----SHD---- C:\FOUND.009
2011-07-24 13:30:40 ----SHD---- C:\FOUND.008
2011-07-24 13:17:12 ----SHD---- C:\FOUND.007
2011-07-24 11:57:40 ----SHD---- C:\FOUND.006
2011-07-24 11:23:28 ----A---- C:\Boot.bak
2011-07-24 11:23:24 ----D---- C:\cmdcons
2011-07-24 11:21:52 ----D---- C:\WINDOWS\ERDNT
2011-07-23 20:09:54 ----SHD---- C:\FOUND.005
2011-07-23 19:23:18 ----ASH---- C:\pagefile.sys
2011-07-23 19:20:04 ----A---- C:\boot.ini
2011-07-23 17:22:39 ----A---- C:\WINDOWS\iplist.txt
2011-07-23 17:17:42 ----SHD---- C:\FOUND.004
2011-07-23 17:02:56 ----SHD---- C:\FOUND.003
2011-07-22 20:47:37 ----D---- C:\rsit
2011-07-22 20:47:37 ----D---- C:\Program Files\trend micro
2011-07-22 20:27:46 ----D---- C:\WINDOWS\pss
2011-07-15 20:19:24 ----D---- C:\Microsoft
2011-07-15 17:44:26 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-07-15 17:44:15 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-15 17:44:01 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-15 17:41:52 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-15 17:26:26 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-15 17:26:26 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-13 23:14:33 ----HD---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-13 23:11:46 ----HD---- C:\WINDOWS\$NtUninstallKB2555917$
2011-07-10 14:15:39 ----HD---- C:\WINDOWS\$NtUninstallKB961118$
2011-07-09 13:45:06 ----D---- C:\WINDOWS\system32\XPSViewer
2011-07-09 13:45:01 ----D---- C:\Program Files\MSBuild
2011-07-09 13:44:49 ----D---- C:\Program Files\Reference Assemblies
2011-07-09 13:43:32 ----N---- C:\WINDOWS\system32\prntvpt.dll
2011-07-09 13:43:31 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2011-07-09 13:43:30 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2011-07-06 22:26:56 ----D---- C:\Program Files\Common Files\Adobe
2011-07-06 19:19:20 ----D---- C:\Program Files\OpenXML-ODF Translator
2011-06-29 19:15:53 ----HD---- C:\WINDOWS\$NtUninstallKB2541763$
2011-06-29 18:58:15 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-06-26 00:31:18 ----HD---- C:\WINDOWS\$NtUninstallKB929399$
2011-06-25 14:10:23 ----D---- C:\Program Files\MyFree Codec
2011-06-25 10:52:35 ----A---- C:\WINDOWS\system32\drivers\ssudserd.sys
2011-06-25 10:52:33 ----A---- C:\WINDOWS\system32\drivers\ssudmdm.sys
2011-06-25 10:52:33 ----A---- C:\WINDOWS\system32\drivers\ssudbus.sys
2011-06-25 10:51:02 ----A---- C:\WINDOWS\system32\Redemption.dll
2011-06-25 10:49:43 ----D---- C:\Program Files\MarkAny
2011-06-25 10:49:43 ----A---- C:\WINDOWS\system32\drivers\dgderdrv.sys
2011-06-25 10:49:43 ----A---- C:\WINDOWS\system32\DIFxAPI.dll
2011-06-25 10:49:43 ----A---- C:\WINDOWS\system32\dgderapi.dll
2011-06-25 10:48:28 ----D---- C:\Documents and Settings\x\Data aplikací\Samsung
2011-06-25 10:48:22 ----D---- C:\Program Files\Samsung
2011-06-25 10:48:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Samsung
2011-06-25 10:47:40 ----N---- C:\WINDOWS\system32\spmsg.dll
2011-06-25 10:47:29 ----HD---- C:\WINDOWS\$NtUninstallWudf01000$
2011-06-25 10:46:38 ----D---- C:\WINDOWS\system32\drivers\umdf
2011-06-25 10:46:22 ----HD---- C:\WINDOWS\$NtUninstallWMFDist11$
2011-06-25 10:37:47 ----D---- C:\WINDOWS\system32\en-US

======List of files/folders modified in the last 1 month======

2011-07-24 22:36:28 ----A---- C:\WINDOWS\system32\eRLog.ini
2011-07-24 22:36:18 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2011-07-24 22:34:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-13 23:12:36 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-10 22:47:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-07-06 22:35:02 ----A---- C:\LOGFILE.TXT

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 OsaFsLoc;OsaFsLoc; \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 osanbm;osanbm; \??\C:\WINDOWS\system32\drivers\osanbm.sys []
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-10-31 45312]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2006-06-16 61056]
R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2006-06-16 40064]
R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2006-06-16 74752]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-24 218496]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NdisFilt;OSA NdisFilter Protocol; C:\WINDOWS\System32\Drivers\NdisFilt.sys [2005-09-13 4392]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-08-28 6144]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-03 192672]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
S0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S0 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S0 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S0 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S0 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2004-08-18 13952]
S0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
S0 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S0 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-01-25 488448]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2011-02-18 66112]
S3 NETMNT;Acer NetMonitor Protocol; C:\WINDOWS\system32\DRIVERS\NETMNT.sys [2005-05-02 9600]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2005-10-31 46080]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2011-02-18 180672]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudserd.sys [2011-02-18 180672]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20050901.036\symidsco.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-18 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-18 26496]
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-11-27 1427968]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AWService;AdminWorks Agent X6; C:\Acer\Empowering Technology\admServ.exe [2005-10-24 1314816]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2006-08-09 254050]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [2006-08-09 114784]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2006-08-09 61440]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-05-18 49152]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-01-21 143360]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-04 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-04 136176]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Caroprd111]

Avast a nějaký firewall můžete nainstalovat.

Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter



Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

• Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
• Po použití program vymažte. Pozor, antiviry ho mohou falešně označit za vir.

Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe

• Spusťte.
• Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

• Spusťte.
• Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
Záložka Čistič

• Dejte analyzovat, po dokončení dejte Spustit Ccleaner.
  
  Záložka Registry
• Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.

OK Zavřít

[azamar]

hotovo
jen T-Cleaner ma nefunkcni link, tak jsem ho stahl jinde.
Dekuji moc za pomoc.