ANGELA C

[Unlimited_Killer]

0K. Teď píšu skript na odstranění zbytků.

[Unlimited_Killer]

Super.
Dočistíme přes jiný prográmek.

~~~

Stáhněte OTM na Plochu. Spusťte ho dvojklikem na OTM.exe, pokud máte Vistu, pravým tlačítkem na soubor -> Run as Administrator [spustit jako administrátor].
Do levého okna 'Paste Instructions for Items to be Moved' vkopírujte následující skript:

Kód: Vybrat vše

:processes
C:\Windows\explorer.exe

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
"{0e6d7a5d-b560-4d1c-9713-18dd1ade6011}"=-
[-HKEY_CLASSES_ROOT\clsid\{0e6d7a5d-b560-4d1c-9713-18dd1ade6011}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0e6d7a5d-b560-4d1c-9713-18dd1ade6011}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D286E828-E6B9-484d-A058-D7323666DE33}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
"{0508F8F1-08E3-43EE-AAA8-09AD09803084}"=-
"{0e6d7a5d-b560-4d1c-9713-18dd1ade6011}"=-
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[-HKEY_CLASSES_ROOT\clsid\{0508f8f1-08e3-43ee-aaa8-09ad09803084}]
[-HKEY_CLASSES_ROOT\escorTlbr.DskBnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_CLASSES_ROOT\escorTlbr.DskBnd]
[-HKEY_CLASSES_ROOT\clsid\{0e6d7a5d-b560-4d1c-9713-18dd1ade6011}]
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0E6D7A5D-B560-4D1C-9713-18DD1ADE6011}"=-
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
[-HKEY_CLASSES_ROOT\clsid\{0e6d7a5d-b560-4d1c-9713-18dd1ade6011}]
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"QuickTime Task"=-
"Adobe Reader Speed Launcher"=-
"Malwarebytes Anti-Malware (reboot)"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-

:files
c:\windows\*.tmp /s
c:\program files\My-Tool
C:\Program Files\ICQ6Toolbar
C:\Program Files\AskBarDis
C:\Program Files\DAEMON Tools Toolbar
C:\Program Files\RecFree.com\RecFreeToolbar

:services
ASKUpgrade

:commands
[emptytemp]
[reboot]

Poté klikněte na červené tlačítko 'MoveIt!'.
V zeleném okně vpravo by se měl zobrazit log, ten vkopírujete sem do fóra. Pokud se zobrazí hláška k restartování, klikněte na Yes. Po restartu log najdete v C:\_OTM\MovedFiles

~~~

Stáhněte SystemLook.
Dvojklikem spusťte soubor SystemLook.exe
Do bílého textového pole vkopírujte tento skript:

Kód: Vybrat vše

:filefind
At*.job

Nyní klikněte na 'Look'.
Poté se Vám otevře Poznámkový blok, jehož obsah vkopírujte sem do tématu.

[Ivca66]

tak jsem 2x spustila ten program OTM a vždy zamrzl,přestal odpovídat

[Unlimited_Killer]

Poprosím o nový RSIT log.

[Ivca66]

okej

[Ivca66]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Cigi at 2010-01-30 16:56:08
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 96 GB (40%) free of 239 GB
Total RAM: 3038 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:56:16, on 30.1.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Mouse Driver\StartAutorun.exe
C:\Program Files\EasySearch\SiteVacuumClient.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\TO2WCM\McciTrayApp.exe
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Mouse Driver\KMConfig.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mouse Driver\KMProcess.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Opera\opera.exe
C:\totalcmd\TOTALCMD.EXE
C:\INSTAL VISTA\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Cigi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [SiteVacuum] C:\Program Files\EasySearch\SiteVacuumClient.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [TO2WCM_McciTrayApp] C:\Program Files\TO2WCM\McciTrayApp.exe
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Nokia Ovi Suite.lnk = C:\Program Files\Nokia\Ovi\Suite\RunLauncher.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: TwonkyMedia - PacketVideo - C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13527 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-12-18 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2009-12-27 798771]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-01-02 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-01-02 2403392]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2009-12-27 798771]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-03-10 835584]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2008-04-04 317280]
"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"MarketingTools"=C:\Program Files\Sony\Marketing Tools\MarketingTools.exe [2008-01-02 24576]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-14 30192]
"KMCONFIG"=C:\Program Files\Mouse Driver\StartAutorun.exe [2008-05-30 212992]
"SiteVacuum"=C:\Program Files\EasySearch\SiteVacuumClient.exe [2009-04-08 454733]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-03-01 1443072]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-07-03 6295552]
"Skytel"=C:\Windows\Skytel.exe [2008-07-03 1826816]
"TO2WCM_McciTrayApp"=C:\Program Files\TO2WCM\McciTrayApp.exe [2008-01-30 1473536]
"TO2SSM_McciTrayApp"=C:\Program Files\TO2SSM\McciTrayApp.exe [2008-08-15 1473536]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles []
"Nokia FastStart"=C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe [2008-10-17 2323680]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-12-18 40368]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /runcleanupscript []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"=C:\Program Files\Sony\Network Utility\LANUtil.exe [2008-06-28 262144]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"uTorrent"=C:\Program Files\uTorrent\utorrent.exe [2009-12-13 289584]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Nokia Ovi Suite.lnk - C:\Program Files\Nokia\Ovi\Suite\RunLauncher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\Windows\system32\VESWinlogon.dll [2008-07-07 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-01-30 16:24:35 ----D---- C:\_OTM
2010-01-30 14:28:12 ----SHD---- C:\$RECYCLE.BIN
2010-01-30 14:20:22 ----D---- C:\Windows\temp
2010-01-30 14:20:20 ----A---- C:\ComboFix.txt
2010-01-30 13:45:42 ----A---- C:\Windows\NIRCMD.exe
2010-01-30 13:45:42 ----A---- C:\Windows\MBR.exe
2010-01-30 13:45:40 ----A---- C:\Windows\PEV.exe
2010-01-30 13:45:39 ----A---- C:\Windows\zip.exe
2010-01-30 13:45:39 ----A---- C:\Windows\SWREG.exe
2010-01-30 13:45:39 ----A---- C:\Windows\sed.exe
2010-01-30 13:45:39 ----A---- C:\Windows\grep.exe
2010-01-30 13:45:38 ----A---- C:\Windows\SWSC.exe
2010-01-30 13:45:15 ----D---- C:\Windows\ERDNT
2010-01-30 13:42:17 ----D---- C:\ComboFix
2010-01-30 13:41:59 ----D---- C:\Qoobox
2010-01-30 13:41:45 ----A---- C:\Windows\SWXCACLS.exe
2010-01-30 13:09:58 ----D---- C:\Users\Cigi\AppData\Roaming\Malwarebytes
2010-01-30 13:09:53 ----D---- C:\ProgramData\Malwarebytes
2010-01-30 12:29:11 ----D---- C:\rsit
2010-01-22 14:03:30 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 14:03:29 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 14:03:26 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 14:03:26 ----A---- C:\Windows\system32\iertutil.dll
2010-01-22 14:03:25 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 14:03:25 ----A---- C:\Windows\system32\occache.dll
2010-01-22 14:03:25 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-22 14:03:24 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-22 14:03:23 ----A---- C:\Windows\system32\ieui.dll
2010-01-22 14:03:22 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-22 14:03:22 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-22 14:03:22 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-22 14:03:22 ----A---- C:\Windows\system32\iepeers.dll
2010-01-22 14:03:21 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-22 14:03:21 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-22 14:03:21 ----A---- C:\Windows\system32\iesetup.dll
2010-01-22 14:03:21 ----A---- C:\Windows\system32\iernonce.dll
2010-01-22 14:03:21 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-21 22:12:30 ----D---- C:\Stahování Rapid
2010-01-21 18:06:25 ----D---- C:\Users\Cigi\AppData\Roaming\VitySoft
2010-01-18 11:31:41 ----D---- C:\Config.Msi
2010-01-15 14:36:28 ----D---- C:\Program Files\DVDFab 6
2010-01-13 11:18:25 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 11:18:25 ----A---- C:\Windows\system32\fontsub.dll

======List of files/folders modified in the last 1 months======

2010-01-30 16:54:57 ----D---- C:\Windows\System32
2010-01-30 16:54:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-30 16:54:56 ----D---- C:\Windows\inf
2010-01-30 16:49:19 ----D---- C:\Users\Cigi\AppData\Roaming\uTorrent
2010-01-30 16:48:43 ----D---- C:\Windows\system32\Tasks
2010-01-30 16:18:23 ----RD---- C:\Program Files
2010-01-30 16:18:22 ----D---- C:\Windows\system32\drivers
2010-01-30 16:02:06 ----D---- C:\Windows\Prefetch
2010-01-30 15:57:54 ----D---- C:\INSTAL VISTA
2010-01-30 14:36:10 ----D---- C:\Program Files\Mozilla Firefox
2010-01-30 14:20:22 ----D---- C:\Windows
2010-01-30 14:17:54 ----A---- C:\Windows\system.ini
2010-01-30 14:17:07 ----RSD---- C:\Windows\Fonts
2010-01-30 14:06:14 ----D---- C:\Windows\AppPatch
2010-01-30 14:06:13 ----D---- C:\Program Files\Common Files
2010-01-30 13:44:26 ----D---- C:\Windows\Debug
2010-01-30 13:32:40 ----D---- C:\DVD SHRINK
2010-01-30 13:09:53 ----D---- C:\ProgramData
2010-01-29 14:58:59 ----SHD---- C:\System Volume Information
2010-01-27 06:48:06 ----D---- C:\Windows\winsxs
2010-01-27 06:48:06 ----D---- C:\Program Files\Internet Explorer
2010-01-27 06:44:36 ----D---- C:\Windows\system32\catroot
2010-01-27 06:39:55 ----D---- C:\Windows\system32\catroot2
2010-01-26 15:31:34 ----D---- C:\Strong-Stahování
2010-01-22 20:16:13 ----D---- C:\Windows\system32\migration
2010-01-21 18:40:56 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-21 18:03:55 ----D---- C:\Users\Cigi\AppData\Roaming\Skype
2010-01-21 18:03:49 ----D---- C:\Users\Cigi\AppData\Roaming\skypePM
2010-01-20 20:00:40 ----SHD---- C:\Windows\Installer
2010-01-18 11:32:34 ----D---- C:\Program Files\Common Files\Adobe
2010-01-18 11:32:28 ----D---- C:\ProgramData\Adobe
2010-01-18 11:32:20 ----D---- C:\Program Files\Adobe
2010-01-16 17:45:27 ----D---- C:\Program Files\ICQ6.5
2010-01-15 14:36:54 ----D---- C:\Users\Cigi\AppData\Roaming\Vso
2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-01-13 20:05:24 ----D---- C:\ProgramData\Microsoft Help
2010-01-13 20:04:34 ----D---- C:\Program Files\Windows Mail
2010-01-07 12:09:05 ----D---- C:\Program Files\Opera
2010-01-05 01:17:46 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DMICall;Sony DMI Call service; C:\Windows\system32\DRIVERS\DMICall.sys [2008-06-28 10216]
R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2008-03-01 29704]
R1 epfwtdi;epfwtdi; C:\Windows\system32\DRIVERS\epfwtdi.sys [2008-03-01 54280]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys [2008-05-24 73728]
R1 PQNTDrv;PQNTDrv; C:\Windows\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2009-03-31 73312]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-08-26 279712]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2008-03-01 39944]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2008-03-01 71176]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-08-26 25888]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2008-01-25 12672]
R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-18 11032]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2008-06-28 68608]
R2 risdptsk;risdptsk; C:\Windows\system32\DRIVERS\risdptsk.sys [2008-06-21 46592]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-07-09 3548672]
R3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2007-03-05 34576]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792]
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2008-03-01 30728]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-01-25 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-01-25 207360]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-03 2149912]
R3 KMWDFilter;KMWDFilter; \??\C:\Windows\System32\Drivers\KMWDFilter.SYS [2008-03-22 17024]
R3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-03-29 20096]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2009-05-28 4233728]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-05-24 47360]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
R3 SFEP;Sony Firmware Extension Parser; C:\Windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-03-10 181560]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-01-25 659968]
S1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-06-10 909824]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-03-05 39184]
S3 catchme;catchme; \??\C:\Users\Cigi\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 dtscsi;dtscsi; C:\Windows\System32\Drivers\dtscsi.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-03-29 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 toshidpt;Bluetooth HID Port; C:\Windows\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2006-11-30 113792]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2006-10-05 73600]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2006-11-02 53504]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2006-10-27 40960]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-06-07 131000]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-07-09 671744]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-05-21 874768]
R2 IviRegMgr;IviRegMgr; c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service; C:\Program Files\Mouse Driver\KMWDSrv.exe [2008-05-30 208896]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 NSUService;NSUService; C:\Program Files\Sony\Network Utility\NSUService.exe [2008-06-28 299008]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-04-19 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2008-06-09 107832]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-05-21 473360]
R2 RtkAudioService;Realtek Audio Service; C:\Windows\RtkAudioService.exe [2008-07-03 104992]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-12-01 603904]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2008-07-07 182112]
R2 VAIO Power Management;VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2008-06-20 411488]
R2 VCFw;VAIO Content Folder Watcher; C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]
R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2008-05-22 192512]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2008-06-19 279848]
S2 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
S2 TwonkyMedia;TwonkyMedia; C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe [2008-10-20 102400]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-03-01 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-31 655624]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-14 30192]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-02 138168]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2008-05-20 53248]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2008-05-20 53248]
S3 SOHCImp;VAIO Media plus Content Importer; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-21 103712]
S3 SOHDms;VAIO Media plus Digital Media Server; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [2008-05-21 353568]
S3 SOHDs;VAIO Media plus Device Searcher; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [2008-05-21 62752]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2008-05-20 77824]
S3 Start BT in service;Start BT in service; C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-21 52080]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-12-01 360192]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [2008-05-22 73728]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-12 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface; C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-12 83232]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

-----------------EOF-----------------

[Unlimited_Killer]

Prosím SystemLook.
Poté ComboFix.

[Ivca66]

a jaký skript system look

[Unlimited_Killer]

Předpředminulý příspěvek.

~~~

Stáhněte SystemLook.
Dvojklikem spusťte soubor SystemLook.exe
Do bílého textového pole vkopírujte tento skript:

Kód: Vybrat vše

:filefind
At*.job

Nyní klikněte na 'Look'.
Poté se Vám otevře Poznámkový blok, jehož obsah vkopírujte sem do tématu.

[Ivca66]

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 17:02 on 30/01/2010 by Cigi (Administrator - Elevation successful)

========== filefind ==========

Searching for "At*.job"
No files found.

-=End Of File=-

[Unlimited_Killer]

Super, teď CF.

[Ivca66]

CF mám hotové,ale nemohu to najít kde to je uložené

[Ivca66]

ComboFix 10-01-29.08 - Cigi 30.01.2010 17:18:14.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3038.2154 [GMT 1:00]
Spuštěný z: c:\instal vista\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: ESET Smart Security 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6.5\ICQLRun.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-28 do 2010-01-30 )))))))))))))))))))))))))))))))
.

2010-01-30 16:41 . 2010-01-30 16:41 -------- d-----w- c:\users\Cigi\AppData\Local\temp
2010-01-30 16:41 . 2010-01-30 16:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-30 16:41 . 2010-01-30 16:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-30 15:24 . 2010-01-30 15:24 -------- d-----w- C:\_OTM
2010-01-30 13:52 . 2010-01-30 12:40 99942 ----a-w- C:\hal.zip
2010-01-30 12:09 . 2010-01-30 12:09 -------- d-----w- c:\users\Cigi\AppData\Roaming\Malwarebytes
2010-01-30 12:09 . 2010-01-30 12:09 -------- d-----w- c:\programdata\Malwarebytes
2010-01-30 11:29 . 2010-01-30 11:29 -------- d-----w- C:\rsit
2010-01-21 21:12 . 2010-01-29 21:10 -------- d-----w- C:\Stahování Rapid
2010-01-21 17:06 . 2010-01-21 17:06 -------- d-----w- c:\users\Cigi\AppData\Roaming\VitySoft
2010-01-15 13:36 . 2010-01-15 13:36 -------- d-----w- c:\program files\DVDFab 6
2010-01-13 10:18 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 10:18 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-30 16:40 . 2009-03-29 13:11 -------- d-----w- c:\program files\ICQ6.5
2010-01-30 16:14 . 2008-07-11 18:51 694120 ----a-w- c:\windows\system32\perfh005.dat
2010-01-30 16:14 . 2008-07-11 18:51 156794 ----a-w- c:\windows\system32\perfc005.dat
2010-01-30 15:49 . 2009-03-19 16:53 -------- d-----w- c:\users\Cigi\AppData\Roaming\uTorrent
2010-01-21 17:40 . 2009-07-09 10:18 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-21 17:03 . 2009-03-18 15:35 -------- d-----w- c:\users\Cigi\AppData\Roaming\Skype
2010-01-21 17:03 . 2009-03-19 16:03 -------- d-----w- c:\users\Cigi\AppData\Roaming\skypePM
2010-01-18 10:32 . 2008-07-11 22:29 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-15 13:36 . 2009-05-24 05:59 -------- d-----w- c:\users\Cigi\AppData\Roaming\Vso
2010-01-15 13:36 . 2009-05-24 05:59 47360 ----a-w- c:\users\Cigi\AppData\Roaming\pcouffin.sys
2010-01-15 13:36 . 2009-05-24 05:59 47360 ----a-w- c:\users\Cigi\AppData\Roaming\pcouffin.sys
2010-01-14 10:12 . 2009-10-03 00:13 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 19:05 . 2008-01-02 04:36 -------- d-----w- c:\programdata\Microsoft Help
2010-01-13 19:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-07 11:09 . 2009-12-02 16:39 -------- d-----w- c:\program files\Opera
2010-01-02 06:38 . 2010-01-22 13:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 13:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 13:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 13:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-29 12:24 . 2009-12-29 12:23 -------- d-----w- c:\program files\QuickTime
2009-12-29 12:23 . 2009-12-29 12:23 -------- d-----w- c:\programdata\Apple Computer
2009-12-27 21:32 . 2009-07-12 16:55 -------- d-----w- c:\users\Cigi\AppData\Roaming\LangSoft
2009-12-27 21:28 . 2009-07-12 16:58 798771 ----a-w- c:\programdata\LangSoft\WebIE.dll
2009-12-27 21:28 . 2009-07-12 16:56 -------- d-----w- c:\programdata\LangSoft
2009-12-27 21:28 . 2009-07-12 16:58 356352 ----a-w- c:\programdata\LangSoft\TrnOutl.dll
2009-12-27 21:28 . 2009-07-12 16:58 299008 ----a-w- c:\programdata\LangSoft\TrnWord.dll
2009-12-17 20:28 . 2009-12-17 20:28 -------- d-----w- c:\program files\Common Files\Apple
2009-12-17 20:27 . 2009-12-17 20:27 -------- d-----w- c:\program files\Apple Software Update
2009-12-17 20:27 . 2009-12-17 20:27 -------- d-----w- c:\programdata\Apple
2009-12-17 19:32 . 2009-12-17 19:32 -------- d-----w- c:\program files\WinAVI Video Converter
2009-12-17 18:15 . 2009-12-17 18:03 81920 ----a-w- c:\users\Cigi\AppData\Roaming\ezpinst.exe
2009-12-17 18:15 . 2009-12-17 18:03 81920 ----a-w- c:\users\Cigi\AppData\Roaming\ezpinst.exe
2009-12-17 17:52 . 2009-12-17 12:48 -------- d-----w- c:\users\Cigi\AppData\Roaming\Broad Intelligence
2009-12-17 11:03 . 2009-12-17 10:58 -------- d-----w- c:\program files\Dzuso
2009-12-13 19:36 . 2009-03-27 14:23 -------- d-----w- c:\users\Cigi\AppData\Roaming\PC Suite
2009-12-13 19:34 . 2009-12-13 19:15 -------- d-----w- c:\users\Cigi\AppData\Roaming\Nseries
2009-12-13 19:11 . 2009-01-03 21:40 113056 ----a-w- c:\users\Cigi\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-13 19:11 . 2009-12-13 19:11 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-12-13 19:11 . 2009-12-13 19:11 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-12-13 19:06 . 2009-03-27 14:23 -------- d-----w- c:\users\Cigi\AppData\Roaming\Nokia
2009-12-13 19:04 . 2009-12-13 18:50 -------- d-----w- c:\program files\Nokia
2009-12-13 19:04 . 2009-12-13 18:55 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-13 19:00 . 2009-12-13 19:00 51534 ----a-w- c:\windows\inf\Nokia Music\0009\tmpC28F.tmp
2009-12-13 19:00 . 2009-12-13 19:00 51534 ----a-w- c:\windows\inf\Nokia Music\0005\tmpC28F.tmp
2009-12-13 19:00 . 2009-12-13 19:00 51534 ----a-w- c:\windows\inf\Nokia Music\0000\tmpC28F.tmp
2009-12-13 19:00 . 2009-12-13 19:00 1593 ----a-w- c:\windows\inf\Nokia Music\tmpC290.tmp
2009-12-13 18:58 . 2009-12-13 18:58 -------- d-----w- c:\programdata\NokiaMusic
2009-12-13 18:57 . 2009-12-13 18:56 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-12-12 15:03 . 2009-03-16 16:05 -------- d-----w- c:\users\Cigi\AppData\Roaming\Zoner
2009-12-12 15:01 . 2009-03-16 16:05 -------- d-----w- c:\program files\Zoner
2009-12-10 18:06 . 2009-05-24 16:27 -------- d-----w- c:\programdata\vsosdk
2009-12-10 17:58 . 2009-03-16 16:01 -------- d-----w- c:\users\Cigi\AppData\Roaming\GHISLER
2009-12-10 17:58 . 2009-12-10 14:40 -------- d-----w- c:\programdata\Nero
2009-12-10 17:57 . 2009-12-10 14:40 -------- d-----w- c:\program files\Common Files\Ahead
2009-12-10 17:29 . 2009-12-10 17:29 -------- d-----w- c:\users\Cigi\AppData\Roaming\Nero
2009-12-10 17:27 . 2009-12-10 14:40 -------- d-----w- c:\program files\Nero
2009-12-10 17:26 . 2009-12-10 17:26 -------- d-----w- c:\program files\Common Files\Nero
2009-12-10 14:50 . 2009-04-02 16:17 -------- d-----w- c:\programdata\DVD Shrink
2009-12-10 13:33 . 2009-12-10 13:33 -------- d-----w- c:\program files\Trend Micro
2009-12-05 11:49 . 2008-07-11 20:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-01 17:06 . 2009-12-01 17:06 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-12-01 17:06 . 2009-12-01 17:06 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-12-01 17:06 . 2009-12-01 17:05 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-12-01 17:05 . 2009-12-01 17:05 -------- d-----w- c:\programdata\TuneUp Software
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-24 16:39 . 2009-11-30 19:51 1093064 ----a-w- c:\users\Cigi\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxwods.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2009-11-17 05:36 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-09 12:31 . 2009-12-10 08:21 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-10 08:21 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-10 08:21 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-14 19:00 . 2009-11-14 19:00 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-04-07 18:52 . 2009-04-07 18:52 28672 ----a-w- c:\program files\mozilla firefox\components\GooglePlusVideosXPCOM.dll
2008-10-19 09:58 . 2008-10-19 09:58 49152 ----a-w- c:\program files\mozilla firefox\components\SiteVacuumXPCOM.dll
2009-05-05 18:42 . 2009-05-05 18:37 24 --sha-w- c:\windows\SFEAF2E3D.tmp
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-06-28 262144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2009-12-13 289584]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-01-02 24576]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-14 30192]
"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2008-05-29 212992]
"SiteVacuum"="c:\program files\EasySearch\SiteVacuumClient.exe" [2009-04-08 454733]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]
"Skytel"="Skytel.exe" [2008-07-03 1826816]
"TO2WCM_McciTrayApp"="c:\program files\TO2WCM\McciTrayApp.exe" [2008-01-30 1473536]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2008-10-17 2323680]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Nokia Ovi Suite.lnk - c:\program files\Nokia\Ovi\Suite\RunLauncher.exe [2008-11-11 946176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-07 19:28 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"uTorrent"="c:\program files\uTorrent\uTorrent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"RtHDVCpl"=RtHDVCpl.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):d8,b9,15,34,d2,fa,c9,01

R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 7:21 468224]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [30.5.2008 0:22 208896]
R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2.1.2008 6:15 299008]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [18.4.2007 5:09 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [11.7.2008 21:21 104992]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [11.7.2008 23:32 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [20.6.2008 17:56 415744]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [28.5.2009 21:41 4233728]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [11.7.2008 19:41 9344]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [19.4.2009 6:45 717296]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [15.6.2009 14:43 234888]
S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21.1.2008 3:23 21504]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2.1.2008 5:57 30192]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2.1.2008 6:12 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2.1.2008 6:12 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2.1.2008 6:12 62752]
S3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [21.4.2007 13:54 52080]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2.1.2008 6:08 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2.1.2008 6:08 83232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-01-30 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

2010-01-30 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
FF - ProfilePath - c:\users\Cigi\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxwods.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\GooglePlusVideosXPCOM.dll
FF - component: c:\program files\Mozilla Firefox\components\SiteVacuumXPCOM.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{0E6D7A5D-B560-4D1C-9713-18DD1ADE6011} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-30 17:41
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.arw"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.bmp"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.cr2"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.crw"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcx"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.dib"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.dng"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.emf"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.erf"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.fff"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.gif"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iff"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.j2k"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.jp2"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.jpc"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.jpe"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.jpeg"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.jpg"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.kdc"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.mef"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.mrw"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.nef"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.orf"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.pbm"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.pcd"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.pcx"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.pef"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.pgm"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.png"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.ppm"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.psd"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.psp"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.pspimage"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.raf"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.raw"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.rle"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.rw2"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.sr2"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.srf"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.tga"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.thm"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.tif"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.tiff"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.wbm"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.wbmp"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.wmf"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FBA074ED-E571-4764-1FF6-2E3DFA2F2708}*]
@Allowed: (Read) (RestrictedCode)
"oageeeokhlffnnhdncbmopkmmiecnk"=hex:61,69,61,6e,61,69,70,62,69,64,65,67,66,6b,
62,6b,68,64,65,64,6f,62,65,6e,6c,6d,65,70,63,65,6e,63,62,63,67,62,67,68,6d,\
"iabeocdbfcficggnml"=hex:6a,61,66,63,6e,6a,65,6d,6b,70,65,65,66,6d,70,65,61,67,
6c,67,00,03
"hadeaidlffdmnbam"=hex:6a,61,66,63,6e,6a,65,6d,6b,70,65,65,66,6d,70,65,61,67,
6c,67,00,00

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\SecuROM\License information*]
"datasecu"=hex:ed,3b,e1,0e,76,16,1b,08,c3,6f,5f,5c,6d,5d,5f,88,22,8a,05,70,21,
a9,d1,5e,ec,bc,95,3f,48,55,bb,23,c8,a8,2f,5c,3f,aa,24,1a,d1,13,c2,4a,dd,20,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-01-30 17:43:32
ComboFix-quarantined-files.txt 2010-01-30 16:43
ComboFix2.txt 2010-01-30 13:20

Před spuštěním: Volných bajtů: 100 422 402 048
Po spuštění: Volných bajtů: 100 390 891 520

- - End Of File - - AADA65CD7D61EB4FAF453091A1C8D004

[Unlimited_Killer]

Omluva za zpoždění.

~~~

Otevřete si Poznámkový blok a vkopírujte do něj

Kód: Vybrat vše

KillAll::

File::
c:\windows\SFEAF2E3D.tmp

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"QuickTime Task"=-
"Adobe Reader Speed Launcher"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"uTorrent"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"=-

Extra::
DDS::
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
FireFox::
FF - ProfilePath - c:\users\Cigi\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxwods.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=

Reboot::

uložte to na Plochu jako CFScript.txt Pak jej myší přetáhněte nad ComboFix (musí být na Ploše) a pusťte (vizte obrázek).



ComboFix vykoná příkazy ze skriptu, PC může být opět restartován.
Po skončení mi sem vložte log, který na Vás po dočistění vybafne.

[Ivca66]

ComboFix 10-01-29.08 - Cigi 30.01.2010 18:52:45.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3038.2147 [GMT 1:00]
Spuštěný z: c:\instal vista\ComboFix.exe
Použité ovládací přepínače :: c:\users\Cigi\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: ESET Smart Security 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý


FILE ::
"c:\windows\SFEAF2E3D.tmp"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\SFEAF2E3D.tmp

----- BITS: Možné infikované stránky -----

hxxp://armmf.adobe.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-28 do 2010-01-30 )))))))))))))))))))))))))))))))
.

2010-01-30 18:00 . 2010-01-30 18:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-30 18:00 . 2010-01-30 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-30 16:43 . 2010-01-30 18:02 -------- d-----w- c:\users\Cigi\AppData\Local\temp
2010-01-30 15:24 . 2010-01-30 15:24 -------- d-----w- C:\_OTM
2010-01-30 13:52 . 2010-01-30 12:40 99942 ----a-w- C:\hal.zip
2010-01-30 12:09 . 2010-01-30 12:09 -------- d-----w- c:\users\Cigi\AppData\Roaming\Malwarebytes
2010-01-30 12:09 . 2010-01-30 12:09 -------- d-----w- c:\programdata\Malwarebytes
2010-01-30 11:29 . 2010-01-30 11:29 -------- d-----w- C:\rsit
2010-01-21 21:12 . 2010-01-29 21:10 -------- d-----w- C:\Stahování Rapid
2010-01-21 17:06 . 2010-01-21 17:06 -------- d-----w- c:\users\Cigi\AppData\Roaming\VitySoft
2010-01-15 13:36 . 2010-01-15 13:36 -------- d-----w- c:\program files\DVDFab 6
2010-01-13 10:18 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 10:18 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-30 18:00 . 2009-03-19 16:53 -------- d-----w- c:\users\Cigi\AppData\Roaming\uTorrent
2010-01-30 17:49 . 2008-07-11 18:51 694120 ----a-w- c:\windows\system32\perfh005.dat
2010-01-30 17:49 . 2008-07-11 18:51 156794 ----a-w- c:\windows\system32\perfc005.dat
2010-01-30 16:40 . 2009-03-29 13:11 -------- d-----w- c:\program files\ICQ6.5
2010-01-21 17:40 . 2009-07-09 10:18 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-21 17:03 . 2009-03-18 15:35 -------- d-----w- c:\users\Cigi\AppData\Roaming\Skype
2010-01-21 17:03 . 2009-03-19 16:03 -------- d-----w- c:\users\Cigi\AppData\Roaming\skypePM
2010-01-18 10:32 . 2008-07-11 22:29 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-15 13:36 . 2009-05-24 05:59 -------- d-----w- c:\users\Cigi\AppData\Roaming\Vso
2010-01-15 13:36 . 2009-05-24 05:59 47360 ----a-w- c:\users\Cigi\AppData\Roaming\pcouffin.sys
2010-01-15 13:36 . 2009-05-24 05:59 47360 ----a-w- c:\users\Cigi\AppData\Roaming\pcouffin.sys
2010-01-14 10:12 . 2009-10-03 00:13 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 19:05 . 2008-01-02 04:36 -------- d-----w- c:\programdata\Microsoft Help
2010-01-13 19:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-07 11:09 . 2009-12-02 16:39 -------- d-----w- c:\program files\Opera
2010-01-02 06:38 . 2010-01-22 13:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 13:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 13:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 13:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-29 12:24 . 2009-12-29 12:23 -------- d-----w- c:\program files\QuickTime
2009-12-29 12:23 . 2009-12-29 12:23 -------- d-----w- c:\programdata\Apple Computer
2009-12-27 21:32 . 2009-07-12 16:55 -------- d-----w- c:\users\Cigi\AppData\Roaming\LangSoft
2009-12-27 21:28 . 2009-07-12 16:58 798771 ----a-w- c:\programdata\LangSoft\WebIE.dll
2009-12-27 21:28 . 2009-07-12 16:56 -------- d-----w- c:\programdata\LangSoft
2009-12-27 21:28 . 2009-07-12 16:58 356352 ----a-w- c:\programdata\LangSoft\TrnOutl.dll
2009-12-27 21:28 . 2009-07-12 16:58 299008 ----a-w- c:\programdata\LangSoft\TrnWord.dll
2009-12-17 20:28 . 2009-12-17 20:28 -------- d-----w- c:\program files\Common Files\Apple
2009-12-17 20:27 . 2009-12-17 20:27 -------- d-----w- c:\program files\Apple Software Update
2009-12-17 20:27 . 2009-12-17 20:27 -------- d-----w- c:\programdata\Apple
2009-12-17 19:32 . 2009-12-17 19:32 -------- d-----w- c:\program files\WinAVI Video Converter
2009-12-17 18:15 . 2009-12-17 18:03 81920 ----a-w- c:\users\Cigi\AppData\Roaming\ezpinst.exe
2009-12-17 18:15 . 2009-12-17 18:03 81920 ----a-w- c:\users\Cigi\AppData\Roaming\ezpinst.exe
2009-12-17 17:52 . 2009-12-17 12:48 -------- d-----w- c:\users\Cigi\AppData\Roaming\Broad Intelligence
2009-12-17 11:03 . 2009-12-17 10:58 -------- d-----w- c:\program files\Dzuso
2009-12-13 19:36 . 2009-03-27 14:23 -------- d-----w- c:\users\Cigi\AppData\Roaming\PC Suite
2009-12-13 19:34 . 2009-12-13 19:15 -------- d-----w- c:\users\Cigi\AppData\Roaming\Nseries
2009-12-13 19:11 . 2009-01-03 21:40 113056 ----a-w- c:\users\Cigi\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-13 19:11 . 2009-12-13 19:11 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-12-13 19:11 . 2009-12-13 19:11 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-12-13 19:06 . 2009-03-27 14:23 -------- d-----w- c:\users\Cigi\AppData\Roaming\Nokia
2009-12-13 19:04 . 2009-12-13 18:50 -------- d-----w- c:\program files\Nokia
2009-12-13 19:04 . 2009-12-13 18:55 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-13 18:58 . 2009-12-13 18:58 -------- d-----w- c:\programdata\NokiaMusic
2009-12-13 18:57 . 2009-12-13 18:56 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-12-12 15:03 . 2009-03-16 16:05 -------- d-----w- c:\users\Cigi\AppData\Roaming\Zoner
2009-12-12 15:01 . 2009-03-16 16:05 -------- d-----w- c:\program files\Zoner
2009-12-10 18:06 . 2009-05-24 16:27 -------- d-----w- c:\programdata\vsosdk
2009-12-10 17:58 . 2009-03-16 16:01 -------- d-----w- c:\users\Cigi\AppData\Roaming\GHISLER
2009-12-10 17:58 . 2009-12-10 14:40 -------- d-----w- c:\programdata\Nero
2009-12-10 17:57 . 2009-12-10 14:40 -------- d-----w- c:\program files\Common Files\Ahead
2009-12-10 17:29 . 2009-12-10 17:29 -------- d-----w- c:\users\Cigi\AppData\Roaming\Nero
2009-12-10 17:27 . 2009-12-10 14:40 -------- d-----w- c:\program files\Nero
2009-12-10 17:26 . 2009-12-10 17:26 -------- d-----w- c:\program files\Common Files\Nero
2009-12-10 14:50 . 2009-04-02 16:17 -------- d-----w- c:\programdata\DVD Shrink
2009-12-10 13:33 . 2009-12-10 13:33 -------- d-----w- c:\program files\Trend Micro
2009-12-05 11:49 . 2008-07-11 20:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-01 17:06 . 2009-12-01 17:06 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-12-01 17:06 . 2009-12-01 17:06 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-24 16:39 . 2009-11-30 19:51 1093064 ----a-w- c:\users\Cigi\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxwods.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2009-11-09 12:31 . 2009-12-10 08:21 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-10 08:21 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-10 08:21 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-14 19:00 . 2009-11-14 19:00 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-04-07 18:52 . 2009-04-07 18:52 28672 ----a-w- c:\program files\mozilla firefox\components\GooglePlusVideosXPCOM.dll
2008-10-19 09:58 . 2008-10-19 09:58 49152 ----a-w- c:\program files\mozilla firefox\components\SiteVacuumXPCOM.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-06-28 262144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2009-12-13 289584]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-01-02 24576]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-14 30192]
"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2008-05-29 212992]
"SiteVacuum"="c:\program files\EasySearch\SiteVacuumClient.exe" [2009-04-08 454733]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]
"Skytel"="Skytel.exe" [2008-07-03 1826816]
"TO2WCM_McciTrayApp"="c:\program files\TO2WCM\McciTrayApp.exe" [2008-01-30 1473536]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2008-10-17 2323680]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Nokia Ovi Suite.lnk - c:\program files\Nokia\Ovi\Suite\RunLauncher.exe [2008-11-11 946176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-07 19:28 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RtHDVCpl"=RtHDVCpl.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):d8,b9,15,34,d2,fa,c9,01

R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 7:21 468224]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [30.5.2008 0:22 208896]
R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2.1.2008 6:15 299008]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [18.4.2007 5:09 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [11.7.2008 21:21 104992]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [11.7.2008 23:32 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [20.6.2008 17:56 415744]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [28.5.2009 21:41 4233728]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [11.7.2008 19:41 9344]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [15.6.2009 14:43 234888]
S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21.1.2008 3:23 21504]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2.1.2008 5:57 30192]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2.1.2008 6:12 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2.1.2008 6:12 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2.1.2008 6:12 62752]
S3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [21.4.2007 13:54 52080]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2.1.2008 6:08 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2.1.2008 6:08 83232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-01-30 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

2010-01-30 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
FF - ProfilePath - c:\users\Cigi\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxwods.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\GooglePlusVideosXPCOM.dll
FF - component: c:\program files\Mozilla Firefox\components\SiteVacuumXPCOM.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-30 19:04
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys spcu.sys >>UNKNOWN [0x854A8938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8a7a9d24
\Driver\ACPI -> acpi.sys @ 0x805c1d68
\Driver\iaStor -> iaStor.sys @ 0x826b8eb0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.arw"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.bmp"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.cr2"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.crw"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcx"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.dib"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.dng"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.emf"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.erf"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.fff"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.gif"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iff"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.j2k"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.jp2"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.jpc"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.jpe"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.jpeg"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.jpg"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.kdc"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.mef"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.mrw"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.nef"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.orf"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.pbm"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.pcd"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.pcx"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.pef"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.pgm"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.png"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.ppm"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.psd"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.psp"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.pspimage"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.raf"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.raw"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.rle"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.rw2"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.sr2"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.srf"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.tga"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.thm"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.tif"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.tiff"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.wbm"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.wbmp"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (S-1-5-21-1813677218-14873745-675912311-1003)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.wmf"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FBA074ED-E571-4764-1FF6-2E3DFA2F2708}*]
@Allowed: (Read) (RestrictedCode)
"oageeeokhlffnnhdncbmopkmmiecnk"=hex:61,69,61,6e,61,69,70,62,69,64,65,67,66,6b,
62,6b,68,64,65,64,6f,62,65,6e,6c,6d,65,70,63,65,6e,63,62,63,67,62,67,68,6d,\
"iabeocdbfcficggnml"=hex:6a,61,66,63,6e,6a,65,6d,6b,70,65,65,66,6d,70,65,61,67,
6c,67,00,03
"hadeaidlffdmnbam"=hex:6a,61,66,63,6e,6a,65,6d,6b,70,65,65,66,6d,70,65,61,67,
6c,67,00,00

[HKEY_USERS\S-1-5-21-1813677218-14873745-675912311-1003\Software\SecuROM\License information*]
"datasecu"=hex:ed,3b,e1,0e,76,16,1b,08,c3,6f,5f,5c,6d,5d,5f,88,22,8a,05,70,21,
a9,d1,5e,ec,bc,95,3f,48,55,bb,23,c8,a8,2f,5c,3f,aa,24,1a,d1,13,c2,4a,dd,20,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\TUProgSt.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DllHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
c:\windows\system32\conime.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2010-01-30 19:10:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-30 18:10
ComboFix2.txt 2010-01-30 16:43
ComboFix3.txt 2010-01-30 13:20

Před spuštěním: Volných bajtů: 100 389 052 416
Po spuštění: Volných bajtů: 100 341 379 072

- - End Of File - - 46BEF297FB98DDF8DD4F8E2AEE217FB9