fb virus?

[amaca]

Zdravím. Ode dneška se objevuje hláška Zabezpečení aplikace internet explorer o Adobe flash player při každém kliknutí na netu, takže předpokládám, že nové téma patří sem ... fb virus.
Vkládám log a prosím o kontrolu a radu jak se havěti zbavit. Díky

Logfile of random's system information tool 1.09 (written by random/random)
Run by Tomášek a Marcelka at 2011-08-30 20:25:58
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 614 GB (87%) free of 703 GB
Total RAM: 4095 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:26:07, on 30.8.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
C:\Program Files (x86)\BitTorrent\bittorrent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\Tomášek a Marcelka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
O4 - HKLM\..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
O4 - HKLM\..\Run: [RunMMD] "C:\Program Files (x86)\Mio\MMD2\RunMMD.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE /FU "C:\Windows\TEMP\E_S840F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ISUSPM Startup] c:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{92066AD2-A03F-4287-A1EC-6778245CDBDB}: NameServer = 10.255.255.10,10.255.255.20
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11126 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
taskeng.exe {19912D66-63B6-427E-8F63-FEB1EDA3355E}
"C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe"
"C:\Windows\PixArt\Pac207\Monitor.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Windows\System32\spool\drivers\x64\3\E_IATIEDE.EXE" /FU "C:\Windows\TEMP\E_S840F.tmp" /EF "HKCU"
"C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
"C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe"
"C:\Program Files (x86)\Mio\MMD2\RunMMD.exe"
"C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe"
"C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe"
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
"C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe"
WLIDSvcM.exe 2368
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-d37ef94a-bc46-41ea-b437-600bfb4d0978 -SystemEventPortName:HostProcess-1a2c0076-58b1-4c9b-9c2c-a2a4e3a5f456 -IoCancelEventPortName:HostProcess-8ca78e48-99a3-4116-9f0d-5a192b213348 -NonStateChangingEventPortName:HostProcess-6c81d925-3a9d-4078-80df-9d2113f705a3 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:fdf597f1-9d92-4385-95c0-ecc9e1f0f0d8
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
"C:\Program Files (x86)\Nero\Update\NASvc.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" "C:\Users\Tomášek a Marcelka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y7XFIE7D\[isoHunt] Awakening_3_The_Goblin_Kingdom_Collector__s_Edition.6630077.TPB.torrent"
"taskhost.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1160 CREDAT:203009
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1160 CREDAT:203015
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1160 CREDAT:203031
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe34_ Global\UsGthrCtrlFltPipeMssGthrPipe34 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Users\Tomášek a Marcelka\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2945860110-380718241-3252225162-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2945860110-380718241-3252225162-1000UA.job
C:\Windows\tasks\HPCeeScheduleForHORAKOVO$.job
C:\Windows\tasks\HPCeeScheduleForTomášek a Marcelka.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-02-11 1246600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Nero Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2010-05-21 1233288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-03-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Nero Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2010-05-21 1233288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [2008-11-20 62768]
"Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-01-12 2918656]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON SX100 Series"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE [2008-02-05 221696]
"ISUSPM Startup"=c:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-06-16 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files (x86)\ICQ7.4\ICQ.exe silent loginmode=4 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2009-12-08 774144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Tomášek a Marcelka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~2\MAGICD~1\MAGICD~1.EXE [2009-02-23 576000]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-09-08 98304]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2010-09-28 664600]
"HP KEYBOARDx"=C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [2010-02-11 710656]
"HP Remote Solution"=C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe []
"BATINDICATOR"=C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2009-05-09 2068992]
"LaunchHPOSIAPP"=C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [2009-04-04 385024]
"RunMMD"=C:\Program Files (x86)\Mio\MMD2\RunMMD.exe [2010-02-08 49152]
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2010-04-12 180224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-08-30 20:25:59 ----D---- C:\Program Files\trend micro
2011-08-30 20:25:58 ----D---- C:\rsit
2011-08-29 18:47:30 ----D---- C:\ProgramData\CropBusters
2011-08-29 18:47:06 ----D---- C:\Program Files (x86)\Crop Busters
2011-08-29 13:02:01 ----D---- C:\Users\Tomášek a Marcelka\AppData\Roaming\HdO Adventure
2011-08-29 12:00:47 ----D---- C:\Users\Tomášek a Marcelka\AppData\Roaming\Boomzap
2011-08-29 08:16:44 ----D---- C:\Users\Tomášek a Marcelka\AppData\Roaming\Twilight Games
2011-08-28 22:52:38 ----D---- C:\Program Files (x86)\Games
2011-08-28 22:49:38 ----SHD---- C:\Config.Msi
2011-08-28 09:40:21 ----D---- C:\ProgramData\ESET
2011-08-28 09:40:21 ----D---- C:\Program Files\ESET
2011-08-27 22:20:41 ----D---- C:\Users\Tomášek a Marcelka\AppData\Roaming\Artifex Mundi
2011-08-27 21:41:13 ----D---- C:\Users\Tomášek a Marcelka\AppData\Roaming\Casual Box
2011-08-27 16:22:31 ----D---- C:\Users\Tomášek a Marcelka\AppData\Roaming\Specialbit
2011-08-27 15:48:40 ----D---- C:\Users\Tomášek a Marcelka\AppData\Roaming\Vogat Interactive
2011-08-27 15:43:19 ----D---- C:\Program Files (x86)\Age of Enigma - The Secret of the Sixth Ghost
2011-08-27 14:44:24 ----A---- C:\Windows\SYSWOW64\tzres.dll
2011-08-27 14:44:24 ----A---- C:\Windows\system32\tzres.dll
2011-08-19 20:45:30 ----D---- C:\Users\Tomášek a Marcelka\AppData\Roaming\Alawar Stargaze
2011-08-19 20:45:30 ----D---- C:\ProgramData\Alawar Stargaze
2011-08-14 20:05:07 ----A---- C:\Windows\Tales From The Dragon Mountain - The Strix Uninstall Log.txt
2011-08-14 14:33:53 ----D---- C:\ProgramData\Cateia Games
2011-08-14 14:32:10 ----D---- C:\Program Files (x86)\Machinarium
2011-08-14 14:29:53 ----D---- C:\Windows\Tales From The Dragon Mountain - The Strix
2011-08-14 14:29:39 ----A---- C:\Windows\Tales From The Dragon Mountain - The Strix Setup Log.txt
2011-08-14 14:03:09 ----D---- C:\Users\Tomášek a Marcelka\AppData\Roaming\CattaleGames
2011-08-14 13:59:05 ----D---- C:\Users\Tomášek a Marcelka\AppData\Roaming\Vast Studios
2011-08-14 12:35:01 ----D---- C:\Users\Tomášek a Marcelka\AppData\Roaming\Orneon
2011-08-14 12:31:31 ----D---- C:\Users\Tomášek a Marcelka\AppData\Roaming\MA2
2011-08-14 10:46:41 ----D---- C:\Users\Tomášek a Marcelka\AppData\Roaming\Friday's games
2011-08-13 21:12:00 ----D---- C:\Users\Tomášek a Marcelka\AppData\Roaming\GameInvest
2011-08-13 20:53:44 ----D---- C:\Users\Tomášek a Marcelka\AppData\Roaming\EleFun Games
2011-08-12 22:11:28 ----D---- C:\Users\Tomášek a Marcelka\AppData\Roaming\ERS Game Studios
2011-08-12 20:50:25 ----D---- C:\Users\Tomášek a Marcelka\AppData\Roaming\Alawar Entertainment
2011-08-12 20:27:43 ----D---- C:\Users\Tomášek a Marcelka\AppData\Roaming\Elephant Games
2011-08-12 20:27:43 ----D---- C:\ProgramData\Elephant Games
2011-08-12 20:20:20 ----D---- C:\Program Files (x86)\bfgclient
2011-08-10 22:18:17 ----D---- C:\Users\Tomášek a Marcelka\AppData\Roaming\NevoSoft
2011-08-10 22:18:17 ----A---- C:\Users\Tomášek a Marcelka\AppData\Roaming\log.txt
2011-08-10 21:29:14 ----D---- C:\Users\Tomášek a Marcelka\AppData\Roaming\Blue Tea Games
2011-08-10 20:22:25 ----D---- C:\Users\Tomášek a Marcelka\AppData\Roaming\LestaStudio
2011-08-10 20:17:14 ----D---- C:\ProgramData\Big Fish Games
2011-08-10 20:15:21 ----D---- C:\BigFishGamesCache
2011-08-09 23:06:50 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-08-09 23:06:50 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-08-09 23:06:50 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-09 23:06:50 ----A---- C:\Windows\system32\iertutil.dll
2011-08-09 23:06:49 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-08-09 23:06:49 ----A---- C:\Windows\SYSWOW64\url.dll
2011-08-09 23:06:49 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2011-08-09 23:06:49 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-08-09 23:06:49 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-08-09 23:06:49 ----A---- C:\Windows\system32\urlmon.dll
2011-08-09 23:06:49 ----A---- C:\Windows\system32\url.dll
2011-08-09 23:06:49 ----A---- C:\Windows\system32\jscript9.dll
2011-08-09 23:06:49 ----A---- C:\Windows\system32\jscript.dll
2011-08-09 23:06:49 ----A---- C:\Windows\system32\ieui.dll
2011-08-09 23:06:48 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-08-09 23:06:48 ----A---- C:\Windows\system32\jsproxy.dll
2011-08-09 23:06:47 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-08-09 23:06:47 ----A---- C:\Windows\system32\wininet.dll
2011-08-09 23:06:46 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-08-09 23:06:44 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-08-09 23:06:44 ----A---- C:\Windows\system32\mshtml.dll
2011-08-09 23:06:44 ----A---- C:\Windows\system32\ieframe.dll
2011-08-09 21:33:01 ----A---- C:\Windows\system32\xmllite.dll
2011-08-09 21:33:00 ----A---- C:\Windows\SYSWOW64\xmllite.dll
2011-08-09 21:32:59 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2011-08-09 21:32:59 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2011-08-09 21:32:59 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2011-08-09 21:32:59 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2011-08-09 21:32:59 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2011-08-09 21:32:59 ----A---- C:\Windows\system32\odbctrac.dll
2011-08-09 21:32:59 ----A---- C:\Windows\system32\odbccu32.dll
2011-08-09 21:32:59 ----A---- C:\Windows\system32\odbccr32.dll
2011-08-09 21:32:59 ----A---- C:\Windows\system32\odbccp32.dll
2011-08-09 21:32:58 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-09 21:32:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-09 21:32:53 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-09 21:32:53 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-08-09 21:32:53 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-08-09 21:32:53 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-08-09 21:32:53 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-08-09 21:32:53 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-08-09 21:32:53 ----A---- C:\Windows\system32\wow64win.dll
2011-08-09 21:32:53 ----A---- C:\Windows\system32\wow64cpu.dll
2011-08-09 21:32:53 ----A---- C:\Windows\system32\wow64.dll
2011-08-09 21:32:53 ----A---- C:\Windows\system32\winsrv.dll
2011-08-09 21:32:53 ----A---- C:\Windows\system32\ntvdm64.dll
2011-08-09 21:32:53 ----A---- C:\Windows\system32\KernelBase.dll
2011-08-09 21:32:53 ----A---- C:\Windows\system32\kernel32.dll
2011-08-09 21:32:53 ----A---- C:\Windows\system32\conhost.exe
2011-08-09 21:32:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-09 21:32:52 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-08-09 21:32:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-09 21:32:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-09 21:32:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-09 21:32:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-09 21:32:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-09 21:32:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-09 21:32:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-09 21:32:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-09 21:32:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-09 21:32:51 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-08-09 21:32:51 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-08-09 21:32:51 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-08-09 21:32:51 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-08-09 21:32:51 ----A---- C:\Windows\SYSWOW64\user.exe
2011-08-09 21:32:51 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-08-09 21:32:49 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-08-09 21:32:47 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2011-08-09 21:32:46 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-09 21:32:45 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2011-08-06 22:50:04 ----D---- C:\Program Files (x86)\PowerISO
2011-08-06 22:50:04 ----A---- C:\Windows\system32\drivers\scdemu.sys

======List of files/folders modified in the last 1 month======

2011-08-30 20:26:07 ----D---- C:\Windows\Prefetch
2011-08-30 20:26:00 ----D---- C:\Windows\Temp
2011-08-30 20:25:59 ----RD---- C:\Program Files
2011-08-30 20:20:49 ----D---- C:\Users\Tomášek a Marcelka\AppData\Roaming\BitTorrent
2011-08-30 19:59:14 ----AD---- C:\ProgramData\Temp
2011-08-30 16:25:51 ----D---- C:\Program Files (x86)
2011-08-30 15:52:26 ----D---- C:\Windows\system32\config
2011-08-30 14:51:12 ----D---- C:\Windows\System32
2011-08-30 14:51:11 ----D---- C:\Windows\inf
2011-08-30 14:51:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-30 14:47:01 ----D---- C:\Windows\system32\drivers
2011-08-29 18:47:30 ----HD---- C:\ProgramData
2011-08-28 22:50:05 ----SHD---- C:\Windows\Installer
2011-08-28 22:50:05 ----D---- C:\ProgramData\TuneUp Software
2011-08-28 22:49:55 ----SHD---- C:\System Volume Information
2011-08-28 22:49:41 ----D---- C:\Windows\system32\Tasks
2011-08-28 22:49:39 ----AD---- C:\Windows\SysWOW64
2011-08-28 09:40:42 ----D---- C:\Windows\system32\DriverStore
2011-08-28 09:40:42 ----D---- C:\Windows\system32\catroot
2011-08-28 09:29:47 ----SD---- C:\Users\Tomášek a Marcelka\AppData\Roaming\Microsoft
2011-08-28 00:04:48 ----D---- C:\Windows\rescache
2011-08-27 20:45:06 ----AD---- C:\Windows
2011-08-27 20:44:21 ----D---- C:\Windows\winsxs
2011-08-27 20:44:16 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-08-27 20:44:16 ----D---- C:\Windows\system32\cs-CZ
2011-08-27 15:38:25 ----D---- C:\ProgramData\PDFC
2011-08-27 15:17:45 ----D---- C:\Windows\Tasks
2011-08-27 14:43:20 ----D---- C:\Windows\system32\catroot2
2011-08-11 19:32:30 ----D---- C:\Program Files (x86)\Alawar
2011-08-10 09:51:02 ----RSD---- C:\Windows\assembly
2011-08-10 09:51:02 ----D---- C:\Windows\Microsoft.NET
2011-08-10 07:35:54 ----D---- C:\Windows\SYSWOW64\migration
2011-08-10 07:35:54 ----D---- C:\Windows\system32\migration
2011-08-10 07:35:54 ----D---- C:\Windows\AppPatch
2011-08-10 07:35:54 ----D---- C:\Program Files\Internet Explorer
2011-08-10 07:35:54 ----D---- C:\Program Files (x86)\Internet Explorer
2011-08-09 23:12:01 ----A---- C:\Windows\system32\MRT.exe
2011-08-09 23:11:38 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2011-08-01 21:43:48 ----D---- C:\Windows\system32\wdi

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 91568]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 125296]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-09-08 7767552]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-09-08 279040]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2010-08-16 116240]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-09-07 2484072]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 255552]
R3 PAC207;SoC PC-Camera; C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-09-20 349800]
R4 ps7ajbeb;L Ile Noyee Synchronization Driver (ps7ajbeb); C:\Windows\system32\drivers\ps7ajbeb.sys []
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2011-08-07 303616]
S2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2011-08-07 35328]
S3 OxPPort;OxPPort; C:\Windows\system32\DRIVERS\OxPPort.sys [2008-07-31 98304]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\Windows\system32\DRIVERS\s1018bus.sys [2009-03-25 113704]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 19496]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 153128]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 133160]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\Windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 34856]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s1018obex.sys [2009-03-25 128552]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\Windows\system32\DRIVERS\s1018unic.sys [2009-03-25 146472]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-09-08 203264]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-09-18 126008]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-08-21 92216]
R2 IviRegMgr;IviRegMgr; C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-12 193824]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 136176]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-19 44376]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2011-01-12 42360]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 136176]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-08 136120]
S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-08-21 707128]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-03-12 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Rudy]

Z logu není FB virus patrný. Nicméně dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[amaca]

ComboFix 11-08-30.02 - Tomášek a Marcelka 30.08.2011 23:45:48.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4095.2722 [GMT 2:00]
Spuštěný z: c:\users\TomßÜek a Marcelka\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\hpe30C0.dll
C:\Thumbs.db
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-28 do 2011-08-30 )))))))))))))))))))))))))))))))
.
.
2011-08-30 21:49 . 2011-08-30 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-30 18:25 . 2011-08-30 18:26 -------- d-----w- c:\program files\trend micro
2011-08-30 18:25 . 2011-08-30 18:26 -------- d-----w- C:\rsit
2011-08-30 09:42 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{038B18CD-DFA4-4949-A4E4-F58D5D3C6970}\mpengine.dll
2011-08-29 16:47 . 2011-08-29 17:14 -------- d-----w- c:\programdata\CropBusters
2011-08-29 16:47 . 2011-08-29 16:47 -------- d-----w- c:\program files (x86)\Crop Busters
2011-08-29 11:02 . 2011-08-29 11:02 -------- d-----w- c:\users\Tomášek a Marcelka\AppData\Roaming\HdO Adventure
2011-08-29 10:00 . 2011-08-29 10:00 -------- d-----w- c:\users\Tomášek a Marcelka\AppData\Roaming\Boomzap
2011-08-29 06:16 . 2011-08-29 06:16 -------- d-----w- c:\users\Tomášek a Marcelka\AppData\Roaming\Twilight Games
2011-08-28 20:52 . 2011-08-28 20:52 -------- d-----w- c:\program files (x86)\Games
2011-08-28 07:40 . 2011-08-28 07:40 -------- d-----w- c:\program files\ESET
2011-08-27 20:20 . 2011-08-27 20:20 -------- d-----w- c:\users\Tomášek a Marcelka\AppData\Roaming\Artifex Mundi
2011-08-27 19:41 . 2011-08-27 19:41 -------- d-----w- c:\users\Tomášek a Marcelka\AppData\Roaming\Casual Box
2011-08-27 14:22 . 2011-08-27 14:22 -------- d-----w- c:\users\Tomášek a Marcelka\AppData\Roaming\Specialbit
2011-08-27 13:48 . 2011-08-27 13:48 -------- d-----w- c:\users\Tomášek a Marcelka\AppData\Roaming\Vogat Interactive
2011-08-27 13:43 . 2011-08-27 13:43 -------- d-----w- c:\program files (x86)\Age of Enigma - The Secret of the Sixth Ghost
2011-08-27 12:44 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-27 12:44 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-19 18:45 . 2011-08-19 18:45 -------- d-----w- c:\users\Tomášek a Marcelka\AppData\Roaming\Alawar Stargaze
2011-08-19 18:45 . 2011-08-19 18:45 -------- d-----w- c:\programdata\Alawar Stargaze
2011-08-17 15:38 . 2011-08-17 21:49 -------- d-----w- c:\users\Tomášek a Marcelka\AppData\Local\MediaGet2
2011-08-14 12:33 . 2011-08-14 12:33 -------- d-----w- c:\programdata\Cateia Games
2011-08-14 12:32 . 2011-08-14 12:32 -------- d-----w- c:\program files (x86)\Machinarium
2011-08-14 12:29 . 2011-08-14 12:29 -------- d-----w- c:\windows\Tales From The Dragon Mountain - The Strix
2011-08-14 12:03 . 2011-08-14 12:03 -------- d-----w- c:\users\Tomášek a Marcelka\AppData\Roaming\CattaleGames
2011-08-14 11:59 . 2011-08-14 11:59 -------- d-----w- c:\users\Tomášek a Marcelka\AppData\Roaming\Vast Studios
2011-08-14 10:35 . 2011-08-14 10:35 -------- d-----w- c:\users\Tomášek a Marcelka\AppData\Roaming\Orneon
2011-08-14 10:31 . 2011-08-14 10:31 -------- d-----w- c:\users\Tomášek a Marcelka\AppData\Roaming\MA2
2011-08-14 08:46 . 2011-08-14 08:46 -------- d-----w- c:\users\Tomášek a Marcelka\AppData\Roaming\Friday's games
2011-08-13 19:12 . 2011-08-29 16:40 -------- d-----w- c:\users\Tomášek a Marcelka\AppData\Roaming\GameInvest
2011-08-13 18:53 . 2011-08-13 18:53 -------- d-----w- c:\users\Tomášek a Marcelka\AppData\Roaming\EleFun Games
2011-08-12 20:11 . 2011-08-13 20:35 -------- d-----w- c:\users\Tomášek a Marcelka\AppData\Roaming\ERS Game Studios
2011-08-12 18:50 . 2011-08-12 18:50 -------- d-----w- c:\users\Tomášek a Marcelka\AppData\Roaming\Alawar Entertainment
2011-08-12 18:27 . 2011-08-12 18:27 -------- d-----w- c:\users\Tomášek a Marcelka\AppData\Roaming\Elephant Games
2011-08-12 18:27 . 2011-08-12 18:27 -------- d-----w- c:\programdata\Elephant Games
2011-08-12 18:20 . 2011-08-19 18:41 -------- d-----w- c:\program files (x86)\bfgclient
2011-08-10 20:18 . 2011-08-10 20:18 -------- d-----w- c:\users\Tomášek a Marcelka\AppData\Roaming\NevoSoft
2011-08-10 19:29 . 2011-08-10 19:29 -------- d-----w- c:\users\Tomášek a Marcelka\AppData\Roaming\Blue Tea Games
2011-08-10 18:22 . 2011-08-10 18:22 -------- d-----w- c:\users\Tomášek a Marcelka\AppData\Roaming\LestaStudio
2011-08-10 18:17 . 2011-08-19 18:41 -------- d-----w- c:\programdata\Big Fish Games
2011-08-10 18:15 . 2011-08-30 14:24 -------- d-----w- C:\BigFishGamesCache
2011-08-06 20:50 . 2011-08-06 21:13 -------- d-----w- c:\program files (x86)\PowerISO
2011-08-06 20:50 . 2010-04-12 08:55 91568 ----a-w- c:\windows\system32\drivers\scdemu.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-30 11:03 . 2011-03-19 20:03 2516 --sha-w- c:\programdata\KGyGaAvL.sys
2011-08-07 16:52 . 2011-04-01 16:21 303616 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-08-07 16:52 . 2011-04-01 16:21 35328 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-07-19 13:43 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-07-19 13:43 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-16 04:26 . 2011-08-09 19:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-06-12 13:19 . 2011-05-26 15:11 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2011-06-12 13:19 . 2011-05-26 15:11 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2011-06-12 13:19 . 2011-05-26 15:11 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-06-12 13:19 . 2011-05-26 15:11 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-06-11 03:07 . 2011-07-13 05:10 3137536 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-21 11:17 1233288 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-08 98304]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-09 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"RunMMD"="c:\program files (x86)\Mio\MMD2\RunMMD.exe" [2010-02-08 49152]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe"
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 136176]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 136176]
R3 OxPPort;OxPPort;c:\windows\system32\DRIVERS\OxPPort.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-08-21 92216]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 20:09]
.
2011-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 20:09]
.
2011-08-01 c:\windows\Tasks\HPCeeScheduleForHORAKOVO$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2011-08-27 c:\windows\Tasks\HPCeeScheduleForTomášek a Marcelka.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com?pc=CMDTDF
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: Interfaces\{92066AD2-A03F-4287-A1EC-6778245CDBDB}: NameServer = 10.255.255.10,10.255.255.20
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8} - c:\program files (x86)\InstallShield Installation Information\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
.
**************************************************************************
.
Celkový čas: 2011-08-30 23:53:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-30 21:53
.
Před spuštěním: Volných bajtů: 644 045 348 864
Po spuštění: Volných bajtů: 643 914 129 408
.
- - End Of File - - 1A0A9B81CC2AF268E6D614245354E1F1

[Rudy]

CF smazal 2 soubory a několik neplatných položek. Nic z toho nepatří FB viru. ještě odinstalujte AskToolbar a budete mít čisto.

[amaca]

Díky moc. Nedostala jsem kvůli rekonstrukci bytu dřív k PC. Po ukončení CF se tabulka přestala objevovat. SUPER. Díky, díky Přeji hodně zdaru M.

[Rudy]

Já děkuji za přání a vy nemáte zač!