Jak na vyléčení knihovny sshnas21.ddl

[Penetrator666]

V knihovne sshnas21.dll je trojan Favadd.CX

Log.txt z RSIT :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Upyrek at 2010-03-02 18:44:17
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 24 GB (21%) free of 114 GB
Total RAM: 2046 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:44:36, on 2.3.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\services.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Users\Upyrek\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Reimage\Reimage Repair\ReiFTPWatchDog.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\oodag.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\TotalCommander\TOTALCMD.EXE
C:\Users\Upyrek\Desktop\DOWNLOADS\RSIT.exe
C:\Program Files\trend micro\Upyrek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Kalendar] D:\DOKUMENTS\Kalendář.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DiskCheckerXP] C:\Program Files\DiskCheckerXP\DCheckXP.exe /i
O4 - HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas21.dll,AttachConsoleA
O8 - Extra context menu item: &Search - ?p=GRfox000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll,avgrsstx.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate1c9e076e15ed3ed) (gupdate1c9e076e15ed3ed) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14126 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{C6257CD0-1DBE-45D7-B5E1-38AC59E42BAC}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2008-03-09 824656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-12-18 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-07-16 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2010-03-02 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-04-25 151552]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-07-16 2403392]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-05-29 4472832]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-09-07 1021224]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-07 102400]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2007-10-17 858632]
"Kalendar"=D:\DOKUMENTS\Kalendář.EXE [2001-06-09 265728]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-04-25 457216]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2010-02-25 815184]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2008-07-21 87336]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2008-05-14 62760]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-01-05 2033432]
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2007-05-15 204800]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-12-18 40368]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-03-02 39408]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2009-05-14 1103216]
"DiskCheckerXP"=C:\Program Files\DiskCheckerXP\DCheckXP.exe [2007-04-23 1637888]
"LosAlamos"=C:\Windows\system32\sshnas21.dll [2010-03-02 186368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
C:\Acer\AcerTour\Reminder.exe [2007-05-22 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
C:\Program Files\AGEIA Technologies\TrayIcon.exe [2006-03-20 331776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo Core Tuner]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConMet]
C:\Program Files\ConMet\ConMet.exe [2008-10-14 3419136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftweak_RAMRush]
C:\Program Files\RAMRush\RAMRush.exe [2009-09-17 670720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\games\valve\steam\steam.exe [2009-11-04 1217808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
C:\Program Files\A4Tech\Mouse\Amoumain.exe [2007-05-15 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2007-01-19 711472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
C:\Acer\EMPOWE~1\EAPLAU~1.EXE [2007-04-14 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Upyrek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Upyrek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-10-04 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Upyrek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registry Repair Pro.lnk]
C:\PROGRA~1\3BSOFT~1\REGIST~1\REGIST~1.EXE [2008-07-15 2590040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Upyrek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Scheduler.lnk]
C:\PROGRA~1\3BSOFT~1\Common\SCHEDU~1\wcomschd.exe [2007-10-16 464240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\avgrsstx.dll,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-03-02 18:38:53 ----D---- C:\Program Files\trend micro
2010-03-02 18:38:52 ----D---- C:\rsit
2010-03-02 18:26:13 ----D---- C:\ProgramData\Google Updater
2010-03-02 17:41:33 ----A---- C:\Windows\PCTBDCore.dll.old
2010-03-02 17:41:33 ----A---- C:\Windows\BDTSupport.dll.old
2010-03-02 17:37:52 ----D---- C:\Program Files\Spyware Doctor
2010-03-02 17:37:52 ----D---- C:\Program Files\Common Files\PC Tools
2010-03-02 17:37:29 ----AD---- C:\ProgramData\TEMP
2010-03-02 16:26:23 ----D---- C:\Program Files\Autoruns
2010-03-02 15:40:25 ----D---- C:\_OTM
2010-03-02 12:47:25 ----A---- C:\Windows\reimage.ini
2010-03-02 12:46:46 ----D---- C:\rei
2010-03-02 12:46:44 ----D---- C:\Program Files\Reimage
2010-03-02 12:43:48 ----A---- C:\Windows\system32\sshnas21.dll
2010-03-02 11:39:25 ----A---- C:\Windows\uninst.exe
2010-03-02 11:32:11 ----AH---- C:\aaw7boot.cmd
2010-03-01 11:51:58 ----A---- C:\ProgramData\xml9A4E.tmp
2010-03-01 11:51:57 ----A---- C:\ProgramData\xml99A1.tmp
2010-03-01 11:51:56 ----A---- C:\ProgramData\xml954D.tmp
2010-03-01 11:47:12 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-03-01 11:47:12 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-03-01 11:47:12 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-03-01 11:47:11 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-03-01 11:47:11 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-03-01 11:47:10 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-03-01 11:47:10 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-03-01 11:47:10 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-03-01 11:47:10 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-03-01 11:47:09 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-03-01 11:47:09 ----A---- C:\Windows\system32\D3DX9_41.dll
2010-03-01 11:47:09 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-03-01 11:47:09 ----A---- C:\Windows\system32\d3dx10_41.dll
2010-03-01 11:47:09 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2010-03-01 11:47:08 ----A---- C:\Windows\system32\XAudio2_4.dll
2010-03-01 11:47:08 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-03-01 11:47:07 ----A---- C:\Windows\system32\xactengine3_4.dll
2010-03-01 11:47:07 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2010-03-01 11:47:07 ----A---- C:\Windows\system32\d3dx10_40.dll
2010-03-01 11:47:07 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2010-03-01 11:47:06 ----A---- C:\Windows\system32\XAudio2_3.dll
2010-03-01 11:47:06 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2010-03-01 11:47:06 ----A---- C:\Windows\system32\D3DX9_40.dll
2010-03-01 11:47:05 ----A---- C:\Windows\system32\XAudio2_2.dll
2010-03-01 11:47:05 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2010-03-01 11:47:05 ----A---- C:\Windows\system32\xactengine3_3.dll
2010-03-01 11:47:05 ----A---- C:\Windows\system32\xactengine3_2.dll
2010-03-01 11:47:05 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2010-03-01 11:47:04 ----A---- C:\Windows\system32\XAudio2_1.dll
2010-03-01 11:47:04 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2010-03-01 11:47:04 ----A---- C:\Windows\system32\D3DX9_39.dll
2010-03-01 11:47:04 ----A---- C:\Windows\system32\d3dx10_39.dll
2010-03-01 11:47:04 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2010-03-01 11:47:03 ----A---- C:\Windows\system32\xactengine3_1.dll
2010-03-01 11:47:03 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2010-03-01 11:47:03 ----A---- C:\Windows\system32\d3dx10_38.dll
2010-03-01 11:47:03 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2010-03-01 11:47:02 ----A---- C:\Windows\system32\XAudio2_0.dll
2010-03-01 11:47:02 ----A---- C:\Windows\system32\D3DX9_38.dll
2010-03-01 11:47:01 ----A---- C:\Windows\system32\xactengine3_0.dll
2010-03-01 11:47:01 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2010-03-01 11:47:00 ----A---- C:\Windows\system32\xactengine2_10.dll
2010-03-01 11:47:00 ----A---- C:\Windows\system32\D3DX9_37.dll
2010-03-01 11:47:00 ----A---- C:\Windows\system32\d3dx10_37.dll
2010-03-01 11:47:00 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2010-03-01 11:46:59 ----A---- C:\Windows\system32\d3dx10_36.dll
2010-03-01 11:46:59 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2010-03-01 11:46:58 ----A---- C:\Windows\system32\xactengine2_9.dll
2010-03-01 11:46:58 ----A---- C:\Windows\system32\d3dx9_36.dll
2010-03-01 11:46:58 ----A---- C:\Windows\system32\d3dx10_35.dll
2010-03-01 11:46:58 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2010-03-01 11:46:57 ----A---- C:\Windows\system32\d3dx9_35.dll
2010-03-01 11:46:56 ----A---- C:\Windows\system32\xactengine2_8.dll
2010-03-01 11:46:56 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2010-03-01 11:46:56 ----A---- C:\Windows\system32\d3dx10_34.dll
2010-03-01 11:46:56 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2010-03-01 11:46:55 ----A---- C:\Windows\system32\xinput1_3.dll
2010-03-01 11:46:55 ----A---- C:\Windows\system32\d3dx9_34.dll
2010-03-01 11:46:53 ----A---- C:\Windows\system32\xactengine2_7.dll
2010-03-01 11:46:52 ----A---- C:\Windows\system32\xactengine2_6.dll
2010-03-01 11:46:52 ----A---- C:\Windows\system32\d3dx9_33.dll
2010-03-01 11:46:52 ----A---- C:\Windows\system32\d3dx10_33.dll
2010-03-01 11:46:52 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2010-03-01 11:46:51 ----A---- C:\Windows\system32\xactengine2_5.dll
2010-03-01 11:46:50 ----A---- C:\Windows\system32\d3dx10.dll
2010-03-01 11:46:49 ----A---- C:\Windows\system32\xactengine2_4.dll
2010-03-01 11:46:49 ----A---- C:\Windows\system32\x3daudio1_1.dll
2010-03-01 11:46:49 ----A---- C:\Windows\system32\d3dx9_31.dll
2010-03-01 11:46:47 ----A---- C:\Windows\system32\xinput1_2.dll
2010-03-01 11:46:47 ----A---- C:\Windows\system32\xactengine2_3.dll
2010-03-01 11:46:46 ----A---- C:\Windows\system32\xinput1_1.dll
2010-03-01 11:46:46 ----A---- C:\Windows\system32\xactengine2_2.dll
2010-03-01 11:46:42 ----A---- C:\Windows\system32\xactengine2_1.dll
2010-03-01 11:46:33 ----A---- C:\Windows\system32\xactengine2_0.dll
2010-03-01 11:46:33 ----A---- C:\Windows\system32\x3daudio1_0.dll
2010-03-01 11:46:32 ----A---- C:\Windows\system32\d3dx9_29.dll
2010-03-01 11:44:16 ----D---- C:\Windows\system32\directx
2010-02-25 13:50:25 ----HDC---- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-24 09:56:22 ----A---- C:\Windows\system32\tzres.dll
2010-02-24 09:55:48 ----A---- C:\Windows\system32\jscript.dll
2010-02-24 09:55:45 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 09:55:45 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 09:55:41 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 09:55:39 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 09:55:39 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 09:55:39 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 09:55:39 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 09:55:39 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 09:55:39 ----A---- C:\Windows\system32\msdrm.dll
2010-02-24 09:55:06 ----A---- C:\Windows\system32\gameux.dll
2010-02-24 09:55:05 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-02-24 09:55:05 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-02-16 18:42:42 ----A---- C:\Windows\Esv44JBS5X2.dll
2010-02-16 18:42:42 ----A---- C:\Windows\Esv44JBS5X.dll
2010-02-16 17:01:25 ----A---- C:\Windows\IsUn0407.exe
2010-02-16 16:53:19 ----D---- C:\Program Files\Alawar
2010-02-16 12:51:03 ----A---- C:\Windows\system32\mshtml.dll
2010-02-16 12:51:03 ----A---- C:\Windows\system32\ieframe.dll
2010-02-16 12:51:02 ----A---- C:\Windows\system32\wininet.dll
2010-02-16 12:51:02 ----A---- C:\Windows\system32\urlmon.dll
2010-02-16 12:51:02 ----A---- C:\Windows\system32\occache.dll
2010-02-16 12:51:02 ----A---- C:\Windows\system32\msfeeds.dll
2010-02-16 12:51:02 ----A---- C:\Windows\system32\iertutil.dll
2010-02-16 12:51:02 ----A---- C:\Windows\system32\iedkcs32.dll
2010-02-16 12:51:01 ----A---- C:\Windows\system32\msfeedssync.exe
2010-02-16 12:51:01 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-02-16 12:51:01 ----A---- C:\Windows\system32\jsproxy.dll
2010-02-16 12:51:01 ----A---- C:\Windows\system32\ieUnatt.exe
2010-02-16 12:51:01 ----A---- C:\Windows\system32\ieui.dll
2010-02-16 12:51:01 ----A---- C:\Windows\system32\iesysprep.dll
2010-02-16 12:51:01 ----A---- C:\Windows\system32\iesetup.dll
2010-02-16 12:51:01 ----A---- C:\Windows\system32\iernonce.dll
2010-02-16 12:51:01 ----A---- C:\Windows\system32\iepeers.dll
2010-02-16 12:51:01 ----A---- C:\Windows\system32\ie4uinit.exe
2010-02-16 12:50:55 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-16 12:50:55 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-16 12:50:53 ----A---- C:\Windows\system32\t2embed.dll
2010-02-16 12:50:53 ----A---- C:\Windows\system32\fontsub.dll
2010-02-16 12:49:49 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-16 12:49:49 ----A---- C:\Windows\system32\quartz.dll
2010-02-16 12:49:49 ----A---- C:\Windows\system32\msyuv.dll
2010-02-16 12:49:49 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-16 12:49:49 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-16 12:49:49 ----A---- C:\Windows\system32\msrle32.dll
2010-02-16 12:49:49 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-16 12:49:49 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-16 12:49:49 ----A---- C:\Windows\system32\avifil32.dll

======List of files/folders modified in the last 1 months======

2010-03-02 18:43:07 ----D---- C:\Users\Upyrek\AppData\Roaming\Skype
2010-03-02 18:42:23 ----D---- C:\Windows\Prefetch
2010-03-02 18:38:53 ----D---- C:\Program Files
2010-03-02 18:26:36 ----SHD---- C:\Windows\Installer
2010-03-02 18:26:34 ----D---- C:\Program Files\Google
2010-03-02 18:26:29 ----D---- C:\Windows\Temp
2010-03-02 18:26:23 ----D---- C:\Windows\Tasks
2010-03-02 18:26:13 ----D---- C:\Windows\system32\Tasks
2010-03-02 18:26:13 ----D---- C:\ProgramData
2010-03-02 18:23:48 ----AD---- C:\Windows\system32\drivers
2010-03-02 18:23:45 ----D---- C:\Windows
2010-03-02 17:38:21 ----D---- C:\Windows\winsxs
2010-03-02 17:37:52 ----D---- C:\Program Files\Common Files
2010-03-02 16:28:55 ----D---- C:\Users\Upyrek\AppData\Roaming\skypePM
2010-03-02 16:03:58 ----D---- C:\Program Files\Mozilla Firefox
2010-03-02 12:50:41 ----A---- C:\Windows\NeroDigital.ini
2010-03-02 12:46:47 ----D---- C:\Windows\System32
2010-03-02 12:01:12 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-03-02 10:26:36 ----D---- C:\Windows\system32\Msdtc
2010-03-02 10:26:31 ----D---- C:\Windows\system32\wbem
2010-03-02 10:25:26 ----D---- C:\Windows\system32\config
2010-03-02 10:25:10 ----D---- C:\Windows\system32\spool
2010-03-02 10:25:10 ----D---- C:\Windows\system32\catroot2
2010-03-02 10:25:09 ----D---- C:\Windows\inf
2010-03-02 10:25:08 ----D---- C:\Users\Upyrek\AppData\Roaming\GHISLER
2010-03-02 10:25:06 ----D---- C:\Windows\registration
2010-03-02 10:21:50 ----SHD---- C:\System Volume Information
2010-03-01 11:46:52 ----D---- C:\Windows\Logs
2010-03-01 11:46:42 ----RSD---- C:\Windows\assembly
2010-03-01 11:44:07 ----D---- C:\Program Files\SiSoftware
2010-02-27 01:02:12 ----A---- C:\Windows\win.ini
2010-02-26 07:51:24 ----D---- C:\Program Files\SpeedFan
2010-02-25 13:52:50 ----D---- C:\Windows\system32\catroot
2010-02-25 13:52:35 ----A---- C:\Windows\system32\lsdelete.exe
2010-02-25 13:50:32 ----D---- C:\Program Files\Lavasoft
2010-02-24 10:19:07 ----D---- C:\Windows\rescache
2010-02-24 10:00:40 ----D---- C:\Windows\system32\cs-CZ
2010-02-24 10:00:34 ----D---- C:\Windows\AppPatch
2010-02-24 10:00:33 ----RSD---- C:\Windows\Fonts
2010-02-24 09:57:35 ----D---- C:\ProgramData\ConMet
2010-02-24 09:54:38 ----D---- C:\Users\Upyrek\AppData\Roaming\ConMet
2010-02-19 13:48:44 ----D---- C:\Windows\system32\oodag
2010-02-18 21:06:46 ----D---- C:\Program Files\RAMRush
2010-02-17 17:32:45 ----D---- C:\NOVA HUDBA Z CD
2010-02-17 15:54:36 ----D---- C:\Program Files\Common Files\Adobe
2010-02-17 15:54:28 ----D---- C:\ProgramData\Adobe
2010-02-17 15:54:24 ----D---- C:\Program Files\Adobe
2010-02-17 02:45:31 ----D---- C:\Windows\Debug
2010-02-16 12:59:35 ----D---- C:\Program Files\Microsoft Silverlight
2010-02-16 12:58:10 ----D---- C:\Windows\system32\migration
2010-02-16 12:58:08 ----D---- C:\Program Files\Windows Mail
2010-02-16 12:58:08 ----D---- C:\Program Files\Internet Explorer
2010-02-16 12:54:22 ----D---- C:\ProgramData\Microsoft Help
2010-02-13 18:43:57 ----D---- C:\Windows\system32\CodeIntegrity
2010-02-13 18:43:57 ----D---- C:\Windows\pss
2010-02-13 18:43:57 ----D---- C:\Windows\Help
2010-02-13 18:43:57 ----D---- C:\Windows\Cursors
2010-02-13 18:43:56 ----D---- C:\Program Files\Sib Cursor Editor
2010-02-13 18:43:56 ----D---- C:\Program Files\QS
2010-02-13 18:43:55 ----D---- C:\Program Files\DiskCheckerXP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Amfilter;A4Tech Mouse Filter Driver; C:\Windows\system32\DRIVERS\Amfilter.sys [2007-05-14 9216]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-01-05 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2010-01-05 28424]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2010-01-05 360584]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2007-11-30 15392]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-19 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-29 8192]
R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\Windows\system32\DRIVERS\Amusbprt.sys [2007-05-14 14336]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-10-04 3155456]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
R3 Cam5607;Acer Crystal Eye webcam; C:\Windows\System32\Drivers\BisonC07.sys [2007-07-27 974248]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-22 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-22 207360]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-05-31 1780576]
R3 MouseCap;MouseCapture Driver; C:\Windows\System32\Drivers\MouseCap.sys [2005-08-08 6640]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-19 30720]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-07-17 6144]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-09-07 192816]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-05-02 290816]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-12-22 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]
S3 ay284xsq;ay284xsq; C:\Windows\system32\drivers\ay284xsq.sys []
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-01-08 78128]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-01-08 80688]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-08 16560]
S3 cpuz132;cpuz132; \??\C:\Windows\system32\drivers\cpuz132_x32.sys [2009-03-27 12672]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2008-09-17 27672]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 Moufiltr;Mouse Test Driver; C:\Windows\system32\DRIVERS\Moufiltr.sys [2005-08-06 9661]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\Windows\system32\DRIVERS\MSIRCOMM.sys [2008-01-19 24064]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 NETw4v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x86\Sandra.sys [2009-08-07 23112]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-10-04 610304]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-01-05 285392]
R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 eDataSecurity Service;eDSService.exe; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-04-25 457512]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-04-23 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 135168]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-10 24576]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-10-16 860160]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-25 1229232]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2007-02-15 707344]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-05-29 75064]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-10-16 466944]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-10-30 167936]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-29 386560]
S2 gupdate1c9e076e15ed3ed;Služba Google Update (gupdate1c9e076e15ed3ed); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-29 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-02 194032]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2008-09-10 69632]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [2009-08-24 93336]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-10-15 316664]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

-----------------EOF-----------------

[motji]

Dobrý večer
Vidím že máte v počítači OTM, spouštěl jste ho s nějakým skriptem?


Vypněte Tea timer od Spybotu, at nevrací změny v registru


:arrow:Stáhněte OTM http://oldtimer.geekstogo.com/OTM.exe
Stáhněte na plochu Otm, 2krát klikněte na Otm,spustí se program,
Do levého okna "Paste Instructions for Items to be Moved" pod žlutou čáru zkopírujete skript

Kód: Vybrat vše

:processes
explorer.exe
 
:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\Windows\system32\sshnas21.dll
C:\ProgramData\xml9A4E.tmp
C:\ProgramData\xml954D.tmp
C:\ProgramData\xml99A1.tmp

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LosAlamos"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo Core Tuner]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Upyrek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-

:commands
[emptytemp]
[clearallrestorepoints]
[Reboot]

-klikněte na červené tlačítko Moveit!
-sem vložte obsah zeleného okénka
-Pokud se bude chtít restartovat pc, dejte YES,log pak najdete C:\_OTM\MovedFiles. Log vložte sem

[Penetrator666]

Jo spustil jsem nejdriv reimage.exe, ale ten to pouze nasel, ale pro opraveni bych si ho musel koupit. To same se Spyware Doctorem.
OTM jsem tez spustil a zadna zmena - stale infikovaná knihovna sshnas21.dll.
No a protoze se mi celé odpoledne bohužel nikdo nevěnoval, tak jsem v 21:34:03h. spustil ComboFix, a ten sshnas21.dll definitivne odstranil. Ikdyž jsem se pokoušel obnovit systém.
Upozorněni o nespouštěni ComboFixu jsem si přečetl až dnes ráno. Tomělo byt napsané v "Pred zalozenim temy precitajte! Dolezite upozornenie!!!"

[motji]

Počkejte, ted Vás moc nechápu. Spustil jste combofix a ten soubor odstranil. Počítač je v pořádku, nebo máte nějaký problém?
Můžete sem vložit log z combofixu?

A s OTM jste předtím dělal co? Vložil jste do něj nějaký skript? Otm sám nemaže, musí se do něj vložit příkaz - skript .

[Penetrator666]

Aha proto OTM nic nesmazal/neopravil.
Ale Combofix ho smazal. System běží(zatím). Jen to hlási při spuštění Windows, že Soubor sshnas21.dll nemohl být načten, protože nebyl nalezen.

[motji]

Vyčištěte pc ccleanerem, pak by to už neměl hlásit

Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


Můžu Vás poprosit o ten log z combofixu?

Start - Spustit
-do okénka napište
notepad "C:\ComboFix.txt"

Případně se podívejte sem C:\ComboFix.txt
Podívám se, zda je potřeba něco dočistit. Combofix maže jen to co má v databázi, ale ukáže toho víc než Rsit, takže případné další viry smažeme přes skript

Combofix se nedoporučuje používat bez dozoru, protože občas může způsobit nefunkčnost systému, a už by jste si s tím sám neporadil . Navíc jak už jsem psala, nemaže vše, ale může v logu ukázat další infekci a pak je potřeba ještě použít další příkazy na smazání, a ty si sám nenapíšete .

[Penetrator666]

CCleaner používám 7 let. A pro registry Registry Repair Pro.



ComboFix 09-10-11.01 - Upyrek 12.10.2009 0:49.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.990 [GMT 2:00]
Spuštěný z: c:\users\Upyrek\Desktop\DOWNLOADS\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Upyrek\AppData\Roaming\.#
c:\windows\Esv44JBS5X.dll
c:\windows\Esv44JBS5X2.dll
c:\windows\Installer\d3722c.msi

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-11 do 2009-10-11 )))))))))))))))))))))))))))))))
.

2009-10-11 22:55 . 2009-10-11 22:55 -------- d-----w- c:\users\Upyrek\AppData\Local\temp
2009-10-11 22:55 . 2009-10-11 22:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-10 18:56 . 2009-10-10 18:57 -------- d-----w- c:\windows\system32\ca-ES
2009-10-10 18:56 . 2009-10-10 18:57 -------- d-----w- c:\windows\system32\eu-ES
2009-10-10 18:56 . 2009-10-10 18:57 -------- d-----w- c:\windows\system32\vi-VN
2009-10-10 16:52 . 2009-10-10 16:52 -------- d-----w- c:\windows\system32\EventProviders
2009-10-10 16:50 . 2009-04-11 06:28 321536 ----a-w- c:\windows\system32\WMPhoto.dll
2009-10-10 16:49 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-10-10 16:49 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-10-10 16:49 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-10-10 16:49 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-10-10 16:49 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-10-10 16:49 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-10-10 16:49 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-10-10 16:49 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-10-10 16:49 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-10-10 16:49 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-10-10 16:48 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-10-09 16:13 . 2009-08-05 20:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-10-06 10:48 . 2009-10-06 10:48 -------- d-----w- c:\program files\uTorrent
2009-10-05 18:18 . 2009-10-05 18:18 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-10-03 12:45 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-03 12:45 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-03 12:45 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-03 12:45 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-03 12:45 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-03 12:45 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-03 12:45 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-03 12:45 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-03 12:45 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-02 17:35 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-28 07:41 . 2009-09-28 07:41 -------- d--h--w- c:\windows\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-11 21:11 . 2008-07-16 00:26 -------- d-----w- c:\users\Upyrek\AppData\Roaming\Skype
2009-10-11 20:10 . 2008-10-25 20:04 0 ----a-w- c:\users\Upyrek\AppData\Local\prvlcl.dat
2009-10-11 19:30 . 2008-07-16 00:29 -------- d-----w- c:\users\Upyrek\AppData\Roaming\skypePM
2009-10-11 10:02 . 2007-07-17 17:51 661978 ----a-w- c:\windows\system32\perfh005.dat
2009-10-11 10:02 . 2007-07-17 17:51 138320 ----a-w- c:\windows\system32\perfc005.dat
2009-10-11 00:25 . 2008-07-14 18:28 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-10 18:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-10 18:58 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-10 18:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-10-10 18:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-10-10 18:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-10-10 18:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-10-10 18:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-10-09 16:13 . 2009-03-31 18:17 -------- d-----w- c:\program files\Windows Live
2009-10-07 04:22 . 2009-04-20 14:31 -------- d-----w- c:\users\Upyrek\AppData\Roaming\uTorrent
2009-09-30 17:10 . 2009-03-24 17:30 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-26 23:21 . 2008-07-16 00:46 118784 ----a-w- c:\windows\SeaMonkeyUninstall.exe
2009-09-26 23:21 . 2008-07-16 00:45 10615 ----a-w- c:\windows\mozver.dat
2009-09-26 23:20 . 2008-07-16 00:46 118784 ----a-w- c:\windows\GREUninstall.exe
2009-09-17 21:48 . 2008-12-20 22:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-09 19:48 . 2008-07-15 03:47 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 19:34 . 2007-07-17 08:47 -------- d-----w- c:\programdata\Microsoft Help
2009-09-04 08:28 . 2009-07-02 21:58 -------- d-----w- c:\program files\Extreme Racers
2009-09-01 00:24 . 2008-10-14 13:02 -------- d-----w- c:\programdata\ConMet
2009-08-31 19:08 . 2008-10-14 13:02 -------- d-----w- c:\users\Upyrek\AppData\Roaming\ConMet
2009-08-31 14:55 . 2008-07-16 01:26 -------- d-----w- c:\program files\Java
2009-08-29 09:11 . 2009-01-02 20:15 -------- d-----w- c:\users\Upyrek\AppData\Roaming\Ahead
2009-08-29 00:27 . 2009-09-02 18:20 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 18:20 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-26 12:06 . 2009-08-26 12:06 -------- d-----w- c:\programdata\WindowsSearch
2009-08-23 00:09 . 2009-08-15 15:38 -------- d-----w- c:\program files\Total Video Player
2009-08-20 16:30 . 2008-07-14 18:46 104432 ----a-w- c:\users\Upyrek\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-16 10:55 . 2008-10-23 16:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-16 10:55 . 2008-10-23 16:26 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-16 10:55 . 2008-10-23 16:26 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-15 11:34 . 2009-08-11 21:39 -------- d-----w- c:\program files\Ashampoo Core Tuner
2009-08-14 16:27 . 2009-09-09 19:33 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 19:33 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 19:33 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 19:33 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 19:33 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 19:33 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 19:33 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 19:33 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 19:33 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 19:33 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 19:33 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 03:23 . 2008-12-14 11:54 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-29 17:37 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 17:37 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 17:37 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 17:37 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-19 14:34 . 2009-07-19 14:34 15 ----a-w- c:\windows\popcinfo.dat
2009-07-17 13:54 . 2009-08-12 15:24 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 15:24 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 15:24 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 15:24 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 15:24 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-12 13:26 . 2009-07-12 13:26 339 ----a-w- c:\program files\adrms_log.txt
2007-08-20 12:43 . 2007-08-20 12:43 51 ------w- c:\program files\ALAWAR.URL
2006-01-26 06:41 . 2006-01-26 06:41 30214 ------w- c:\program files\alawar.ico
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-07-15 04:20 . 2008-07-15 04:12 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-16 171448]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-05-14 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-07 1021224]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 858632]
"Kalendar"="d:\dokuments\Kalendář.EXE" [2001-06-09 265728]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-06 2023704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-01-05 413696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-30 520024]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-07-21 87336]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2008-05-14 62760]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-29 4472832]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-1-19 711472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Upyrek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Upyrek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Upyrek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registry Repair Pro.lnk]
backup=c:\windows\pss\Registry Repair Pro.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Upyrek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Scheduler.lnk]
backup=c:\windows\pss\Scheduler.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):91,9c,dd,52,dc,49,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{94FE18CA-D6EA-439C-BCE9-999AD068189D}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{1B9C32CB-D766-4BC7-9980-27FF70DB89C1}c:\\games\\cs-1.6\\hl.exe"= UDP:c:\games\cs-1.6\hl.exe:Half-Life Launcher
"UDP Query User{F8F74B2D-3F9A-4501-86FE-878FCD5592AA}c:\\games\\cs-1.6\\hl.exe"= TCP:c:\games\cs-1.6\hl.exe:Half-Life Launcher
"TCP Query User{E4B3E7CF-8DC3-4173-9EA1-3C2A0B0EBB41}c:\\games\\cs-source\\counter-strike - source\\hl2.exe"= UDP:c:\games\cs-source\counter-strike - source\hl2.exe:hl2
"UDP Query User{AE62F933-2A2A-4987-A52B-F3F68FD0FEAE}c:\\games\\cs-source\\counter-strike - source\\hl2.exe"= TCP:c:\games\cs-source\counter-strike - source\hl2.exe:hl2
"TCP Query User{44EEE03A-FEB7-4F6F-BC00-637C789E5705}c:\\games\\mohaa\\mohaa.exe"= UDP:c:\games\mohaa\mohaa.exe:Medal of Honor Allied Assault
"UDP Query User{EE87378B-2E6D-4224-8F28-118DC5A0DE1A}c:\\games\\mohaa\\mohaa.exe"= TCP:c:\games\mohaa\mohaa.exe:Medal of Honor Allied Assault
"TCP Query User{98066826-8ADF-4A6A-B5A8-B9A628A1D8C3}c:\\games\\quake iii arena\\quake3.exe"= UDP:c:\games\quake iii arena\quake3.exe:quake3
"UDP Query User{E6B7D40E-7CFB-41AC-AD59-AB6E7903178E}c:\\games\\quake iii arena\\quake3.exe"= TCP:c:\games\quake iii arena\quake3.exe:quake3
"{E46A1A45-DE49-4821-8AC9-66E8F43000A2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{35B46C58-7675-4F07-BBFB-C4223F922A9E}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{2C831357-F828-4360-A99E-8E980118CB5F}c:\\games\\valve\\steam\\steamapps\\warpyre\\counter-strike\\hl.exe"= UDP:c:\games\valve\steam\steamapps\warpyre\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{4C63F37D-45FF-4343-A754-5570FB90390D}c:\\games\\valve\\steam\\steamapps\\warpyre\\counter-strike\\hl.exe"= TCP:c:\games\valve\steam\steamapps\warpyre\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{833FE3E0-8B82-49ED-BA2A-FC68EF8ED4D8}c:\\games\\valve\\steam\\steamapps\\warpyre\\condition zero\\hl.exe"= UDP:c:\games\valve\steam\steamapps\warpyre\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{E2C27C5F-6484-4698-A4AC-6A9FC34617DB}c:\\games\\valve\\steam\\steamapps\\warpyre\\condition zero\\hl.exe"= TCP:c:\games\valve\steam\steamapps\warpyre\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{9090BF9A-B839-4351-8611-2E4B1A99DB1D}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{CE4FEB03-68B8-4FC1-9563-1CB1BF10CD61}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{C40BF67F-37FB-4808-B853-D48CB8BC5B38}c:\\games\\valve\\steam\\steamapps\\warpyre\\day of defeat\\hl.exe"= UDP:c:\games\valve\steam\steamapps\warpyre\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{54A2C92D-0499-4908-A94D-6A2424516301}c:\\games\\valve\\steam\\steamapps\\warpyre\\day of defeat\\hl.exe"= TCP:c:\games\valve\steam\steamapps\warpyre\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{88BB6ABF-C64E-4F90-B61F-C064C44DFE01}c:\\games\\valve\\steam\\steamapps\\warpyre\\condition zero deleted scenes\\hl.exe"= UDP:c:\games\valve\steam\steamapps\warpyre\condition zero deleted scenes\hl.exe:Half-Life Launcher
"UDP Query User{5F5E7297-4488-4AF8-882B-FD3E651057F0}c:\\games\\valve\\steam\\steamapps\\warpyre\\condition zero deleted scenes\\hl.exe"= TCP:c:\games\valve\steam\steamapps\warpyre\condition zero deleted scenes\hl.exe:Half-Life Launcher
"TCP Query User{AB23F5E9-AE0A-456F-AAEC-54FC977C6829}c:\\windows\\temp\\occ.exe"= UDP:c:\windows\temp\occ.exe:occ.exe
"UDP Query User{17AC84E5-1360-4ECA-860C-DE7CB6A2FF53}c:\\windows\\temp\\occ.exe"= TCP:c:\windows\temp\occ.exe:occ.exe
"TCP Query User{E379BAD1-3618-406A-9EE2-5AECC5134F1B}c:\\program files\\alawar\\gmchess\\server.exe"= UDP:c:\program files\alawar\gmchess\server.exe:server
"UDP Query User{39C6597D-B2CB-4029-ADAB-7F1F58CB3729}c:\\program files\\alawar\\gmchess\\server.exe"= TCP:c:\program files\alawar\gmchess\server.exe:server
"TCP Query User{E9D2B8D2-83A0-49CF-975B-AD8FDD6F653B}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"UDP Query User{8710960E-960C-41D9-9A9A-99887DA4A3DC}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"TCP Query User{4844FD8E-3821-4B0E-AE67-16741D3B8098}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{C4DF39A7-0DE8-4D41-BCD1-C2CFC2D91EED}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{F8F0DB44-A914-479D-8201-B32A1D188DCD}c:\\games\\valve\\steam\\steamapps\\warpyre\\deathmatch classic\\hl.exe"= UDP:c:\games\valve\steam\steamapps\warpyre\deathmatch classic\hl.exe:Half-Life Launcher
"UDP Query User{32884B77-F7F6-49DD-9D52-73D1791A2C67}c:\\games\\valve\\steam\\steamapps\\warpyre\\deathmatch classic\\hl.exe"= TCP:c:\games\valve\steam\steamapps\warpyre\deathmatch classic\hl.exe:Half-Life Launcher
"{21E4C925-6808-4545-84EC-CFF65EB53147}"= UDP:c:\games\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{B871B784-F3E1-4C50-A51B-2117A36E5F9B}"= TCP:c:\games\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{F9FCEF42-223F-46DF-BC2D-AE4D510E72A4}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{BE467EFA-AE11-45C9-9246-7EAD347B4C48}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"TCP Query User{032526DD-3C0C-43C2-AD33-499981E93FFA}c:\\games\\mohaa\\moh_spearhead.exe"= UDP:c:\games\mohaa\moh_spearhead.exe:Medal of Honor Allied Assault(tm) Spearhead
"UDP Query User{905998C0-75E8-4AE6-B8B7-4FB1D9B032F9}c:\\games\\mohaa\\moh_spearhead.exe"= TCP:c:\games\mohaa\moh_spearhead.exe:Medal of Honor Allied Assault(tm) Spearhead
"TCP Query User{BDBE3316-91DF-4DC4-8195-39D1664B7ABD}c:\\program files\\popcap games\\bejeweled deluxe\\winbej.exe"= UDP:c:\program files\popcap games\bejeweled deluxe\winbej.exe:Bejeweled
"UDP Query User{412C1ECA-A9C1-40D4-B947-2C5D99B1E554}c:\\program files\\popcap games\\bejeweled deluxe\\winbej.exe"= TCP:c:\program files\popcap games\bejeweled deluxe\winbej.exe:Bejeweled
"TCP Query User{CECD6697-CCEA-4B6B-9230-635CD4B4CE46}c:\\games\\alawar\\gmchess\\server.exe"= UDP:c:\games\alawar\gmchess\server.exe:server
"UDP Query User{41C7159C-A7C8-42B6-B178-9CABF8642283}c:\\games\\alawar\\gmchess\\server.exe"= TCP:c:\games\alawar\gmchess\server.exe:server
"{F8F967CF-B18A-4360-A3A1-D9E240961D69}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8D1A26D6-F8D3-4681-BA25-3175F45C4B3C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4704AE81-11B1-4F33-9C31-26FBDE734478}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6EB2C0C7-0753-4CB8-BE87-03A593928680}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{CA217301-6434-471E-836F-BFC5F3283C01}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{F9DE809D-A846-48B2-880D-B785D135CE63}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{9BB76F1A-C452-424E-AF28-B68B99F92865}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"TCP Query User{F22F8B34-1A5F-490C-9C6C-D24A9F414AF4}c:\\users\\upyrek\\appdata\\local\\temp\\_tc0\\nexuiz\\nexuiz.exe"= UDP:c:\users\upyrek\appdata\local\temp\_tc0\nexuiz\nexuiz.exe:nexuiz.exe
"UDP Query User{1DEFAEF8-F561-4D79-A5DE-2B8E2FBE8D07}c:\\users\\upyrek\\appdata\\local\\temp\\_tc0\\nexuiz\\nexuiz.exe"= TCP:c:\users\upyrek\appdata\local\temp\_tc0\nexuiz\nexuiz.exe:nexuiz.exe
"TCP Query User{8D040A74-47FA-4CC5-9451-67416893669B}c:\\games\\star monkey\\monkey.exe"= UDP:c:\games\star monkey\monkey.exe:monkey
"UDP Query User{9F0EC773-D195-4995-9D80-9BA2E252E81A}c:\\games\\star monkey\\monkey.exe"= TCP:c:\games\star monkey\monkey.exe:monkey
"TCP Query User{A3D244E6-CCE7-4852-A236-774B33EF485A}c:\\games\\flightgear\\bin\\win32\\fgfs.exe"= UDP:c:\games\flightgear\bin\win32\fgfs.exe:fgfs
"UDP Query User{C48E1721-B7CA-4F01-B307-C94A76CA8CA4}c:\\games\\flightgear\\bin\\win32\\fgfs.exe"= TCP:c:\games\flightgear\bin\win32\fgfs.exe:fgfs
"{1E723030-DCC9-4BCA-9640-F592CB0498C7}"= UDP:e:\servis\uTorrent\utorrent.exe:µTorrent
"{73C1D15D-FF97-48C0-8453-6F8ACC761050}"= TCP:e:\servis\uTorrent\utorrent.exe:µTorrent
"TCP Query User{33B85FC0-66ED-4655-A85E-032A73098FAE}c:\\games\\ubisoft\\ghost recon advanced warfighter\\graw.exe"= UDP:c:\games\ubisoft\ghost recon advanced warfighter\graw.exe:GRAW
"UDP Query User{B219191A-8A26-4F0B-8B06-82626AD797C9}c:\\games\\ubisoft\\ghost recon advanced warfighter\\graw.exe"= TCP:c:\games\ubisoft\ghost recon advanced warfighter\graw.exe:GRAW
"{7C456F7F-AE67-4701-9290-54624A85939D}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"TCP Query User{D82E603A-CBA2-4E27-BA61-BC7C0809B289}c:\\users\\upyrek\\temp\\teamviewer\\version4\\teamviewer.exe"= UDP:c:\users\upyrek\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"UDP Query User{A7745A82-D41C-48A1-9119-99444E5191F2}c:\\users\\upyrek\\temp\\teamviewer\\version4\\teamviewer.exe"= TCP:c:\users\upyrek\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"TCP Query User{B2BEB87E-1CF2-4515-B27F-FB870CD7C1FB}c:\\program files\\extreme racers\\extreme racers.exe"= UDP:c:\program files\extreme racers\extreme racers.exe:Cipher Game Engine
"UDP Query User{CA4C3A5F-2F7D-4932-AD47-41F03799AEF3}c:\\program files\\extreme racers\\extreme racers.exe"= TCP:c:\program files\extreme racers\extreme racers.exe:Cipher Game Engine
"TCP Query User{0B6E3602-07BC-4F26-BD6B-6EFAA8DB79EA}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{6829BDC9-3D9A-4175-8750-9E8399126EFE}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"TCP Query User{AE8124C5-FA5E-411E-8089-2E81DB994A0B}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{714BA411-8199-4C46-85E9-BF0508553809}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"{C5DB4470-6497-4190-827A-0067052CBAF6}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{45205DE0-EFC0-402A-849B-91B36675F6F8}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{E3D280E5-270B-40C3-9ED6-EB3D5C022768}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{BD5E6CCF-A511-4FB8-9D43-8E5E5A040A46}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{862A27CE-49F5-49D9-A37D-C4D60F1D84B6}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{548E993B-DA3E-4B22-8448-B0302E32D3CA}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{1342C904-00A2-4E7F-A176-7375077AFDE4}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [22.4.2009 18:45 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [23.10.2008 18:26 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [24.3.2009 16:36 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [23.10.2008 18:26 297752]
R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [16.1.2008 10:26 30312]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [21.3.2009 18:49 222456]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 23:34 1028432]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [21.12.2008 0:59 1153368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [9.2.2007 0:03 179712]
R3 MouseCap;MouseCapture Driver;c:\windows\System32\drivers\MouseCap.sys [8.8.2005 15:44 6640]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17.11.2008 8:40 3668480]
S2 gupdate1c9e076e15ed3ed;Služba Google Update (gupdate1c9e076e15ed3ed);c:\program files\Google\Update\GoogleUpdate.exe [29.5.2009 18:02 133104]
S3 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [31.5.2009 18:22 12672]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [9.10.2009 18:13 54632]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [5.8.2009 22:48 704864]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24.11.2008 23:31 29263712]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe [26.10.2008 0:32 98488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2008-10-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 08:09]

2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 16:02]

2009-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 16:02]

2009-05-07 c:\windows\Tasks\User_Feed_Synchronization-{C6257CD0-1DBE-45D7-B5E1-38AC59E42BAC}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://cs.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: &Search - ?p=GRfox000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Upyrek\AppData\Roaming\Mozilla\Firefox\Profiles\op2bhjr9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\users\Upyrek\AppData\Roaming\Mozilla\Firefox\Profiles\op2bhjr9.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 00:55
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="1572B8BE7546C7A474FDB96E0610E4A0C5F9A6EC007055ABD83655EEABD2028AF2AE6848C55D779DCD972503FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933BA7FD869164D6794BA7FD869164D6794577F53726BC7D98701B1FE192DD3DF92451D83FEEA1D31F6D55E64FC4F5BF17ACD6A6F2DA9F57F48E2777E8B5E96BC8926B64D7BF98B74C35A58E40DC578429553680F2272D494316876DAD1D8BB3CBCF88A38AABA1186EC7CF498BF2569727DA75D2B00D85668F41C349F6643EA0B3BAE657E780BA6197C35638B0DA69CD55B6C7DC3EB0E7C0EF8E90C5D3EEBDB20491D666141F1DB9F34E3A8CF5E2A17820E2A53DAFDE961DBD8A12DA6BA44DC325DFD8026581A53D4084A9EFC14B3EDD0A64DBC774269B0EDE3F89A14B65F4D3D23EDFC9581D0C234A18FF02902E7CD6169A3EA2439AB2A241A862BC0FE78A382F9EEF67BF808F380DB3DA0F56C14F514D160636F5476A3203448874CD3E9E9857666DD286CD6C5BE48C2038111A5B8908B9C02ECFEAE83C99C1EB15B6A37BC0E5F9DF4727CF4ABB6AA72C0F31D2EFD407AD2F1B114E2474B70CCF9936D834C28AF42D531C0422AF5FC8155F5B5E7C2D131623658E1C07E9583FA88A1F8985FA518E4EA4143BEDACE6A8A14B4EFAB93B77B8DA481AE9ECEDA5B3757369CE2CE99FB7CF3830092EED5D30E1FE357781427D57DE54E32F1ED1234F0B4045FF207DA7160065C6B8626634E6B7036EB71FC9AF23EF9E696D82AF5797C4442397D8B8746CF87B56B08D816A1EB54E61E5D9850B6BCB0F27E91E486D1147E2D18DDEE7EF76AB5F9D7A8EECECA37EC34D827C7CABBCD3024FB018F0790D02B055B0E5CE4BA371E9B809F67317ADD2D5F735E7B4F4EA873AB98AE33FDC135698C5A301023F69FA68E27C6D5279451DFAC3FB43CE8F168C5404F466D3723252E8BDB095CE347EF06CB021B605EB16820E77E0224E4DA8D4C1D10186D4127E9BD4D1E8126987BD8C7CF39BEBF489E5D5E5DE7C1E45672F9F980BE97776F752EB5A2522765741772CB9B6EF7C2195C4EE15F27113F9357751A2DB4DCE4D9E78482DD1CA929705034473330B1CCCA9EBD40C25BB40C355A2DC9E9BC24A0D90CDE66D796DE91C816FB401F86775319CE12E9E09611361B00AE7B8118CC2C10A697FAEA4DBED47C040C136DEAFBDF0709161C1AE034BC6604ECF34278DB9ADE2CE9A9F741E73C507008EFACCA9612591D776D4D354AB27DD2C04EFD887795ED4877AFE2E89923CC617A5AF3893F1C9710C8C56081A8C00B0D65F68CE3EDD72759C322122CB8FD3E9250A9D87C95C3101B02633E2AC4207B0AF93049182CB2BB713766F167CF4FB374DB8A7BECD9E1542A7B55548539A183D0818F902C"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2009-10-11 0:57
ComboFix-quarantined-files.txt 2009-10-11 22:57

Před spuštěním: Volných bajtů: 10 558 787 584
Po spuštění: Volných bajtů: 11 433 897 984

359 --- E O F --- 2009-10-10 17:00

JEŠTĚ DOTAZ : TAK KNIHOVNA sshnas.dll JE DŮLEŽITÁ PRO CHOD WVista? NEBUDE MI CHYBĚT, KDYŽ JI ComoFix SMAZAL?

[motji]

To jste mi našel nějaký starý log 2009-10-11
Podívejte se jestli tam není ten ze včerejška, asi to tedy bude combofix1.txt

[Penetrator666]

Jiný nemam, protože jsem obnovoval systém a Combofix a vše s ním spojene se smazalo a ani nevim kde by se mi tam vzal starší log z combofixu, když jsem ho použil poprvé včera ?!?

[motji]

No tak to tedy nevím, kde se tam vzal.
Poprosím o nový log ze Rsitu


Ta knihovna je šmejd, chybět Vám nebude

[Penetrator666]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Upyrek at 2010-03-03 12:43:23
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 21 GB (18%) free of 114 GB
Total RAM: 2046 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:35, on 3.3.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Users\Upyrek\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\TotalCommander\TOTALCMD.EXE
C:\Users\Upyrek\Desktop\DOWNLOADS\Utility\RSIT.exe
C:\Program Files\trend micro\Upyrek.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Kalendar] D:\DOKUMENTS\Kalendář.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DiskCheckerXP] C:\Program Files\DiskCheckerXP\DCheckXP.exe /i
O8 - Extra context menu item: &Search - ?p=GRfox000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll,avgrsstx.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate1c9e076e15ed3ed) (gupdate1c9e076e15ed3ed) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11265 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{C6257CD0-1DBE-45D7-B5E1-38AC59E42BAC}.job
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2008-03-09 824656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-12-18 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-07-16 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-04-25 151552]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-07-16 2403392]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-05-29 4472832]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-09-07 1021224]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-07 102400]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2007-10-17 858632]
"Kalendar"=D:\DOKUMENTS\Kalendář.EXE [2001-06-09 265728]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-04-25 457216]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2010-02-25 815184]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2008-07-21 87336]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2008-05-14 62760]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-01-05 2033432]
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2007-05-15 204800]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-12-18 40368]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-07-16 171448]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2009-05-14 1103216]
"DiskCheckerXP"=C:\Program Files\DiskCheckerXP\DCheckXP.exe [2007-04-23 1637888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
C:\Acer\AcerTour\Reminder.exe [2007-05-22 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
C:\Program Files\AGEIA Technologies\TrayIcon.exe [2006-03-20 331776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo Core Tuner]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConMet]
C:\Program Files\ConMet\ConMet.exe [2008-10-14 3419136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftweak_RAMRush]
C:\Program Files\RAMRush\RAMRush.exe [2009-09-17 670720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\games\valve\steam\steam.exe [2009-11-04 1217808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
C:\Program Files\A4Tech\Mouse\Amoumain.exe [2007-05-15 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2007-01-19 711472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
C:\Acer\EMPOWE~1\EAPLAU~1.EXE [2007-04-14 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Upyrek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Upyrek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-10-04 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Upyrek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registry Repair Pro.lnk]
C:\PROGRA~1\3BSOFT~1\REGIST~1\REGIST~1.EXE [2008-07-15 2590040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Upyrek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Scheduler.lnk]
C:\PROGRA~1\3BSOFT~1\Common\SCHEDU~1\wcomschd.exe [2007-10-16 464240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\avgrsstx.dll,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-03-02 21:34:21 ----D---- C:\ProgramData\Alwil Software
2010-03-02 21:34:21 ----D---- C:\Program Files\Alwil Software
2010-03-02 19:38:16 ----D---- C:\Program Files\Common Files\Adobe(5)
2010-03-02 18:38:53 ----D---- C:\Program Files\trend micro
2010-03-02 18:38:52 ----D---- C:\rsit
2010-03-02 18:26:13 ----D---- C:\ProgramData\Google Updater
2010-03-02 17:37:29 ----AD---- C:\ProgramData\TEMP
2010-03-02 16:26:23 ----D---- C:\Program Files\Autoruns
2010-03-02 15:40:25 ----D---- C:\_OTM
2010-03-02 12:46:44 ----D---- C:\Program Files\Reimage
2010-03-01 11:51:58 ----A---- C:\ProgramData\xml9A4E.tmp
2010-03-01 11:51:57 ----A---- C:\ProgramData\xml99A1.tmp
2010-03-01 11:51:56 ----A---- C:\ProgramData\xml954D.tmp
2010-03-01 11:44:16 ----D---- C:\Windows\system32\directx
2010-02-26 08:53:04 ----A---- C:\Windows\msa.exe
2010-02-25 13:50:25 ----HDC---- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-24 09:56:22 ----A---- C:\Windows\system32\tzres.dll
2010-02-24 09:55:48 ----A---- C:\Windows\system32\jscript.dll
2010-02-24 09:55:45 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 09:55:45 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 09:55:41 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 09:55:39 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 09:55:39 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 09:55:39 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 09:55:39 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 09:55:39 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 09:55:39 ----A---- C:\Windows\system32\msdrm.dll
2010-02-24 09:55:06 ----A---- C:\Windows\system32\gameux.dll
2010-02-24 09:55:05 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-02-24 09:55:05 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-02-16 18:42:42 ----A---- C:\Windows\Esv44JBS5X2.dll
2010-02-16 18:42:42 ----A---- C:\Windows\Esv44JBS5X.dll
2010-02-16 17:01:25 ----A---- C:\Windows\IsUn0407.exe
2010-02-16 16:53:19 ----D---- C:\Program Files\Alawar
2010-02-16 12:51:03 ----A---- C:\Windows\system32\mshtml.dll
2010-02-16 12:51:03 ----A---- C:\Windows\system32\ieframe.dll
2010-02-16 12:51:02 ----A---- C:\Windows\system32\wininet.dll
2010-02-16 12:51:02 ----A---- C:\Windows\system32\urlmon.dll
2010-02-16 12:51:02 ----A---- C:\Windows\system32\occache.dll
2010-02-16 12:51:02 ----A---- C:\Windows\system32\msfeeds.dll
2010-02-16 12:51:02 ----A---- C:\Windows\system32\iertutil.dll
2010-02-16 12:51:02 ----A---- C:\Windows\system32\iedkcs32.dll
2010-02-16 12:51:01 ----A---- C:\Windows\system32\msfeedssync.exe
2010-02-16 12:51:01 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-02-16 12:51:01 ----A---- C:\Windows\system32\jsproxy.dll
2010-02-16 12:51:01 ----A---- C:\Windows\system32\ieUnatt.exe
2010-02-16 12:51:01 ----A---- C:\Windows\system32\ieui.dll
2010-02-16 12:51:01 ----A---- C:\Windows\system32\iesysprep.dll
2010-02-16 12:51:01 ----A---- C:\Windows\system32\iesetup.dll
2010-02-16 12:51:01 ----A---- C:\Windows\system32\iernonce.dll
2010-02-16 12:51:01 ----A---- C:\Windows\system32\iepeers.dll
2010-02-16 12:51:01 ----A---- C:\Windows\system32\ie4uinit.exe
2010-02-16 12:50:55 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-16 12:50:55 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-16 12:50:53 ----A---- C:\Windows\system32\t2embed.dll
2010-02-16 12:50:53 ----A---- C:\Windows\system32\fontsub.dll
2010-02-16 12:49:49 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-16 12:49:49 ----A---- C:\Windows\system32\quartz.dll
2010-02-16 12:49:49 ----A---- C:\Windows\system32\msyuv.dll
2010-02-16 12:49:49 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-16 12:49:49 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-16 12:49:49 ----A---- C:\Windows\system32\msrle32.dll
2010-02-16 12:49:49 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-16 12:49:49 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-16 12:49:49 ----A---- C:\Windows\system32\avifil32.dll

======List of files/folders modified in the last 1 months======

2010-03-03 12:45:21 ----D---- C:\Windows\Prefetch
2010-03-03 12:43:43 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-03-03 12:11:45 ----D---- C:\Windows
2010-03-03 12:11:01 ----D---- C:\Windows\Temp
2010-03-03 11:32:57 ----D---- C:\Program Files\Mozilla Firefox
2010-03-03 11:32:20 ----SHD---- C:\Windows\Installer
2010-03-03 11:31:58 ----D---- C:\Windows\system32\Tasks
2010-03-03 11:31:53 ----D---- C:\Windows\system32\oodag
2010-03-03 11:29:21 ----D---- C:\Windows\system32\Msdtc
2010-03-03 11:29:16 ----D---- C:\Windows\system32\wbem
2010-03-03 11:28:16 ----D---- C:\Windows\system32\config
2010-03-03 11:27:48 ----D---- C:\Windows\Tasks
2010-03-03 11:27:48 ----D---- C:\Windows\system32\spool
2010-03-03 11:27:48 ----D---- C:\Windows\System32
2010-03-03 11:27:46 ----D---- C:\Windows\system32\cs-CZ
2010-03-03 11:27:46 ----D---- C:\Windows\system32\CodeIntegrity
2010-03-03 11:27:46 ----D---- C:\Windows\system32\catroot2
2010-03-03 11:27:45 ----D---- C:\Windows\inf
2010-03-03 11:27:44 ----D---- C:\Windows\5888428E699C4E71BF7194EE06B497DA.TMP
2010-03-03 11:27:44 ----D---- C:\Users\Upyrek\AppData\Roaming\GHISLER
2010-03-03 11:27:39 ----D---- C:\Program Files\Common Files\Skype
2010-03-03 11:27:39 ----D---- C:\Program Files\Common Files\PX Storage Engine
2010-03-03 11:27:39 ----D---- C:\Program Files\Common Files\Adobe
2010-03-03 11:27:39 ----D---- C:\Program Files\Common Files
2010-03-03 11:27:38 ----D---- C:\Program Files\Adobe
2010-03-03 11:27:36 ----D---- C:\Windows\registration
2010-03-03 11:23:02 ----SHD---- C:\System Volume Information
2010-03-02 23:29:02 ----D---- C:\Qoobox
2010-03-02 23:26:26 ----D---- C:\Users\Upyrek\AppData\Roaming\Skype
2010-03-02 21:35:53 ----AD---- C:\Windows\system32\drivers
2010-03-02 21:35:41 ----D---- C:\Windows\winsxs
2010-03-02 21:34:21 ----D---- C:\ProgramData
2010-03-02 21:34:21 ----D---- C:\Program Files
2010-03-02 21:32:58 ----D---- C:\Program Files\Google
2010-03-02 19:38:49 ----D---- C:\ProgramData\Adobe
2010-03-02 19:31:55 ----D---- C:\ProgramData\Skype
2010-03-02 16:28:55 ----D---- C:\Users\Upyrek\AppData\Roaming\skypePM
2010-03-01 11:46:52 ----D---- C:\Windows\Logs
2010-03-01 11:46:42 ----RSD---- C:\Windows\assembly
2010-03-01 11:44:07 ----D---- C:\Program Files\SiSoftware
2010-02-27 01:03:34 ----A---- C:\Windows\NeroDigital.ini
2010-02-27 01:02:12 ----A---- C:\Windows\win.ini
2010-02-26 07:51:24 ----D---- C:\Program Files\SpeedFan
2010-02-25 13:52:50 ----D---- C:\Windows\system32\catroot
2010-02-25 13:52:35 ----A---- C:\Windows\system32\lsdelete.exe
2010-02-25 13:50:32 ----D---- C:\Program Files\Lavasoft
2010-02-24 10:19:07 ----D---- C:\Windows\rescache
2010-02-24 10:00:34 ----D---- C:\Windows\AppPatch
2010-02-24 10:00:33 ----RSD---- C:\Windows\Fonts
2010-02-24 09:57:35 ----D---- C:\ProgramData\ConMet
2010-02-24 09:54:38 ----D---- C:\Users\Upyrek\AppData\Roaming\ConMet
2010-02-18 21:06:46 ----D---- C:\Program Files\RAMRush
2010-02-17 17:32:45 ----D---- C:\NOVA HUDBA Z CD
2010-02-17 02:45:31 ----D---- C:\Windows\Debug
2010-02-16 12:59:35 ----D---- C:\Program Files\Microsoft Silverlight
2010-02-16 12:58:10 ----D---- C:\Windows\system32\migration
2010-02-16 12:58:08 ----D---- C:\Program Files\Windows Mail
2010-02-16 12:58:08 ----D---- C:\Program Files\Internet Explorer
2010-02-16 12:54:22 ----D---- C:\ProgramData\Microsoft Help
2010-02-13 18:43:57 ----D---- C:\Windows\pss
2010-02-13 18:43:57 ----D---- C:\Windows\Help
2010-02-13 18:43:57 ----D---- C:\Windows\Cursors
2010-02-13 18:43:56 ----D---- C:\Program Files\Sib Cursor Editor
2010-02-13 18:43:56 ----D---- C:\Program Files\QS
2010-02-13 18:43:55 ----D---- C:\Program Files\DiskCheckerXP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Amfilter;A4Tech Mouse Filter Driver; C:\Windows\system32\DRIVERS\Amfilter.sys [2007-05-14 9216]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-01-05 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2010-01-05 28424]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2010-01-05 360584]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2007-11-30 15392]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-19 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-29 8192]
R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\Windows\system32\DRIVERS\Amusbprt.sys [2007-05-14 14336]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-10-04 3155456]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
R3 Cam5607;Acer Crystal Eye webcam; C:\Windows\System32\Drivers\BisonC07.sys [2007-07-27 974248]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-22 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-22 207360]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-05-31 1780576]
R3 MouseCap;MouseCapture Driver; C:\Windows\System32\Drivers\MouseCap.sys [2005-08-08 6640]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-19 30720]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-07-17 6144]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-09-07 192816]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-05-02 290816]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-12-22 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 abit7nu1;abit7nu1; C:\Windows\system32\drivers\abit7nu1.sys []
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-01-08 78128]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-01-08 80688]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-08 16560]
S3 cpuz132;cpuz132; \??\C:\Windows\system32\drivers\cpuz132_x32.sys [2009-03-27 12672]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2008-09-17 27672]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 Moufiltr;Mouse Test Driver; C:\Windows\system32\DRIVERS\Moufiltr.sys [2005-08-06 9661]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\Windows\system32\DRIVERS\MSIRCOMM.sys [2008-01-19 24064]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 NETw4v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\WNt500x86\Sandra.sys [2008-07-29 21920]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-10-04 610304]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-01-05 285392]
R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 eDataSecurity Service;eDSService.exe; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-04-25 457512]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-04-23 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 135168]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-10 24576]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-10-16 860160]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-25 1229232]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2007-02-15 707344]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-05-29 75064]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-10-16 466944]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-10-30 167936]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-29 386560]
S2 gupdate1c9e076e15ed3ed;Služba Google Update (gupdate1c9e076e15ed3ed); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-29 133104]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-16 138168]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2008-09-10 69632]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe [2008-09-08 98488]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-10-15 316664]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

-----------------EOF-----------------

[motji]

Koukám že jste si při té obnově nejspíš přitáhl nějaký vir ze zálohy. Víte co, spustte ten combofix

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir


Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem



Já ted musím od počítače, budu tu asi večer

[Penetrator666]

ComboFix 10-03-02.08 - Upyrek 03.03.2010 13:29:45.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.774 [GMT 1:00]
Spuštěný z: c:\users\Upyrek\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Esv44JBS5X.dll
c:\windows\Esv44JBS5X2.dll
c:\windows\msa.exe
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-03 do 2010-03-03 )))))))))))))))))))))))))))))))
.

2010-03-03 13:03 . 2010-03-03 13:03 -------- d-----w- c:\users\Upyrek\AppData\Local\temp
2010-03-02 20:34 . 2010-03-02 20:34 -------- d-----w- c:\programdata\Alwil Software
2010-03-02 20:34 . 2010-03-02 20:34 -------- d-----w- c:\program files\Alwil Software
2010-03-02 18:38 . 2010-03-02 18:38 -------- d-----w- c:\program files\Common Files\Adobe(5)
2010-03-02 18:37 . 2010-03-02 18:38 -------- d-----w- c:\users\Default\AppData\Local\Adobe
2010-03-02 17:26 . 2010-03-02 20:32 -------- d-----w- c:\programdata\Google Updater
2010-03-02 17:16 . 2010-03-02 17:16 -------- d-----w- c:\users\Upyrek\AppData\Local\Threat Expert
2010-03-02 15:26 . 2010-03-02 15:26 -------- d-----w- c:\program files\Autoruns
2010-03-02 11:46 . 2010-03-02 18:30 -------- d-----w- c:\program files\Reimage
2010-02-26 12:02 . 2010-02-26 12:02 680 ----a-w- c:\users\Upyrek\AppData\Local\d3d9caps.dat
2010-02-25 12:52 . 2010-02-25 12:52 598368 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-02-25 12:52 . 2010-02-25 12:52 17480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-02-25 12:50 . 2010-02-25 12:50 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-25 12:50 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-24 08:56 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-17 10:27 . 2009-09-18 08:28 421888 ----a-w- c:\users\Upyrek\AppData\Roaming\Mozilla\Firefox\Profiles\op2bhjr9.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2010-02-16 16:01 . 1998-11-17 12:44 328704 ----a-w- c:\windows\IsUn0407.exe
2010-02-16 15:53 . 2010-02-16 17:42 -------- d-----w- c:\program files\Alawar
2010-02-16 11:50 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 11:50 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 11:50 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-02-16 11:50 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-02-16 11:50 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-16 11:50 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-16 11:50 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-16 11:50 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-16 11:49 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-16 11:49 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-16 11:49 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-16 11:49 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-16 11:49 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-16 11:49 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-16 11:49 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-16 11:49 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-16 11:49 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-16 11:49 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-16 11:49 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 09:22 . 2010-02-16 17:03 36 ----a-w- c:\windows\system32\reflexion.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-03 12:18 . 2008-07-14 18:28 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-03 12:10 . 2008-10-25 20:04 0 ----a-w- c:\users\Upyrek\AppData\Local\prvlcl.dat
2010-03-03 11:43 . 2008-12-20 22:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-03 10:27 . 2008-07-15 04:04 -------- d-----w- c:\users\Upyrek\AppData\Roaming\GHISLER
2010-03-03 10:27 . 2009-03-17 22:20 -------- d-----w- c:\program files\Common Files\Skype
2010-03-03 10:27 . 2008-08-16 20:02 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-03-03 10:27 . 2008-08-09 12:58 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-02 22:26 . 2008-07-16 00:26 -------- d-----w- c:\users\Upyrek\AppData\Roaming\Skype
2010-03-02 20:32 . 2008-07-16 00:24 -------- d-----w- c:\program files\Google
2010-03-02 18:31 . 2008-07-16 00:24 -------- d-----w- c:\programdata\Skype
2010-03-02 15:28 . 2008-07-16 00:29 -------- d-----w- c:\users\Upyrek\AppData\Roaming\skypePM
2010-03-01 10:51 . 2010-03-01 10:51 2316 ----a-w- c:\programdata\xml9A4E.tmp
2010-03-01 10:51 . 2010-03-01 10:51 13770 ----a-w- c:\programdata\xml99A1.tmp
2010-03-01 10:51 . 2010-03-01 10:51 9017 ----a-w- c:\programdata\xml954D.tmp
2010-03-01 10:44 . 2008-10-25 22:32 -------- d-----w- c:\program files\SiSoftware
2010-02-26 06:51 . 2009-02-23 11:13 -------- d-----w- c:\program files\SpeedFan
2010-02-25 14:59 . 2009-07-15 00:33 6330848 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2010-02-25 14:59 . 2009-07-15 00:32 842992 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-25 12:50 . 2008-12-08 08:15 -------- d-----w- c:\program files\Lavasoft
2010-02-24 09:04 . 2008-07-14 18:46 105000 ----a-w- c:\users\Upyrek\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:57 . 2008-10-14 13:02 22752 ----a-w- c:\users\Upyrek\AppData\Roaming\ConMet\Konta\Upyrek.cmd
2010-02-24 08:57 . 2008-10-14 13:02 -------- d-----w- c:\programdata\ConMet
2010-02-24 08:54 . 2008-10-14 13:02 -------- d-----w- c:\users\Upyrek\AppData\Roaming\ConMet
2010-02-18 20:06 . 2009-12-26 22:12 -------- d-----w- c:\program files\RAMRush
2010-02-16 23:08 . 2009-01-18 21:27 1 ----a-w- c:\users\Upyrek\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-16 11:59 . 2008-07-15 03:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-16 11:58 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-16 11:54 . 2007-07-17 08:47 -------- d-----w- c:\programdata\Microsoft Help
2010-02-16 11:39 . 2009-09-30 17:09 3803208 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-13 17:43 . 2009-07-11 13:23 -------- d-----w- c:\program files\Sib Cursor Editor
2010-02-13 17:43 . 2009-06-27 13:19 -------- d-----w- c:\program files\QS
2010-02-13 17:43 . 2009-10-16 11:00 -------- d-----w- c:\program files\DiskCheckerXP
2010-02-04 15:53 . 2009-11-10 20:59 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-25 12:00 . 2010-02-24 08:55 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 08:55 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 08:55 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 08:55 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 08:55 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 08:55 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 08:55 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 08:55 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 08:55 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-12 12:14 . 2008-07-20 18:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-11 18:12 . 2009-10-20 19:04 -------- d-----w- c:\program files\GameTop.com
2010-01-08 23:41 . 2009-04-20 14:31 -------- d-----w- c:\users\Upyrek\AppData\Roaming\uTorrent
2010-01-06 15:39 . 2010-02-24 08:55 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-24 08:55 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-24 08:55 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 08:55 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 08:55 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-24 08:55 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 13:30 . 2010-02-24 08:55 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-06 13:15 . 2009-07-11 13:18 -------- d-----w- c:\program files\IrfanView
2010-01-05 14:52 . 2009-06-07 20:36 -------- d-----w- c:\program files\DivX7.2.0.19
2010-01-05 07:40 . 2009-03-24 14:36 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-05 07:40 . 2008-10-23 16:26 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-05 07:40 . 2008-10-23 16:26 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-05 07:40 . 2008-10-23 16:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-05 07:40 . 2010-01-05 07:40 -------- d-----w- c:\programdata\avg9
2010-01-05 07:40 . 2008-10-23 16:26 -------- d-----w- c:\program files\AVG
2010-01-04 18:09 . 2007-07-17 08:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-04 05:50 . 2010-01-04 05:45 -------- d-----w- c:\program files\UberSoldier
2010-01-02 16:50 . 2009-07-18 16:18 -------- d-----w- c:\program files\ICQ6.5
2010-01-02 06:38 . 2010-02-16 11:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-02-16 11:51 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-02-16 11:51 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-02-16 11:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-20 14:19 . 2009-07-15 00:33 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-17 14:39 . 2009-12-24 17:18 90112 ----a-w- c:\users\Upyrek\AppData\Roaming\Mozilla\Firefox\Profiles\op2bhjr9.default\extensions\xmlfiller@software602.cz\platform\WINNT_x86-msvc\plugins\npfiller.dll
2009-12-14 17:05 . 2007-07-17 17:51 661978 ----a-w- c:\windows\system32\perfh005.dat
2009-12-14 17:05 . 2007-07-17 17:51 138320 ----a-w- c:\windows\system32\perfc005.dat
2009-12-08 01:46 . 2009-11-23 00:08 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-12 13:26 . 2009-07-12 13:26 339 ----a-w- c:\program files\adrms_log.txt
2006-01-26 06:41 . 2006-01-26 06:41 30214 ------w- c:\program files\alawar.ico
2008-07-15 04:20 . 2008-07-15 04:12 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-16 171448]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-05-14 1103216]
"DiskCheckerXP"="c:\program files\DiskCheckerXP\DCheckXP.exe" [2007-04-23 1637888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-07 1021224]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 858632]
"Kalendar"="d:\dokuments\Kalendář.EXE" [2001-06-09 265728]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-02-25 815184]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-07-21 87336]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2008-05-14 62760]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Upyrek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Upyrek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Upyrek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registry Repair Pro.lnk]
backup=c:\windows\pss\Registry Repair Pro.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Upyrek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Scheduler.lnk]
backup=c:\windows\pss\Scheduler.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo Core Tuner
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
2007-05-22 13:49 151552 ----a-w- c:\acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
2006-03-20 19:43 331776 ----a-w- c:\program files\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-03-12 12:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConMet]
2008-10-14 13:02 3419136 ----a-w- c:\program files\ConMet\ConMet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftweak_RAMRush]
2009-09-17 16:47 670720 ----a-w- c:\program files\RAMRush\RAMRush.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-11-16 15:36 172792 ----a-w- c:\program files\ICQ6.5\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-11-07 13:31 21633320 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-11-04 08:33 1217808 ----a-w- c:\games\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2008-01-29 15:38 583048 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 19:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
2007-05-15 09:33 204800 ----a-w- c:\program files\A4Tech\Mouse\Amoumain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):91,9c,dd,52,dc,49,ca,01

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [10.11.2009 21:59 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [23.10.2008 17:26 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [24.3.2009 15:36 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [5.1.2010 8:40 285392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4.2.2010 16:52 1229232]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [20.12.2008 23:59 1153368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [8.2.2007 23:03 179712]
R3 MouseCap;MouseCapture Driver;c:\windows\System32\drivers\MouseCap.sys [8.8.2005 14:44 6640]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17.11.2008 7:40 3668480]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [21.7.2008 0:12 646392]
S2 gupdate1c9e076e15ed3ed;Služba Google Update (gupdate1c9e076e15ed3ed);c:\program files\Google\Update\GoogleUpdate.exe [29.5.2009 17:02 133104]
S3 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [31.5.2009 17:22 12672]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [9.10.2009 17:13 54632]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [5.8.2009 21:48 704864]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe [25.10.2008 23:32 98488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-03-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 14:59]

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 16:02]

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 16:02]

2009-05-07 c:\windows\Tasks\User_Feed_Synchronization-{C6257CD0-1DBE-45D7-B5E1-38AC59E42BAC}.job
- c:\windows\system32\msfeedssync.exe [2010-02-16 04:56]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://cs.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Upyrek\AppData\Roaming\Mozilla\Firefox\Profiles\op2bhjr9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\users\Upyrek\AppData\Roaming\Mozilla\Firefox\Profiles\op2bhjr9.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Upyrek\AppData\Roaming\Mozilla\Firefox\Profiles\op2bhjr9.default\extensions\xmlfiller@software602.cz\platform\WINNT_x86-msvc\plugins\npfiller.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-HijackThis - c:\program files\trend micro\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-03 14:03
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="1572B8BE7546C7A474FDB96E0610E4A0C5F9A6EC007055ABD83655EEABD2028AF2AE6848C55D779DCD972503FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933BA7FD869164D6794BA7FD869164D6794577F53726BC7D98701B1FE192DD3DF92451D83FEEA1D31F6D55E64FC4F5BF17ACD6A6F2DA9F57F48E2777E8B5E96BC8926B64D7BF98B74C35A58E40DC578429553680F2272D494316876DAD1D8BB3CBCF88A38AABA1186EC7CF498BF2569727DA75D2B00D85668F41C349F6643EA0B3BAE657E780BA6197C35638B0DA69CD55B6C7DC3EB0E7C0EF8E90C5D3EEBDB20491D666141F1DB9F34E3A8CF5E2A17820E2A53DAFDE961DBD8A12DA6BA44DC325DFD8026581A53D4084A9EFC14B3EDD0A64DBC774269B0EDE3F89A14B65F4D3D23EDFC9581D0C234A18FF02902E7CD6169A3EA2439AB2A241A862BC0FE78A382F9EEF67BF808F380DB3DA0F56C14F514D160636F5476A3203448874CD3E9E9857666DD286CD6C5BE48C2038111A5B8908B9C02ECFEAE83C99C1EB15B6A37BC0E5F9DF4727CF4ABB6AA72C0F31D2EFD407AD2F1B114E2474B70CCF9936D834C28AF42D531C0422AF5FC8155F5B5E7C2D131623658E1C07E9583FA88A1F8985FA518E4EA4143BEDACE6A8A14B4EFAB93B77B8DA481AE9ECEDA5B3757369CE2CE99FB7CF3830092EED5D30E1FE357781427D57DE54E32F1ED1234F0B4045FF207DA7160065C6B8626634E6B7036EB71FC9AF23EF9E696D82AF5797C4442397D8B8746CF87B56B08D816A1EB54E61E5D9850B6BCB0F27E91E486D1147E2D18DDEE7EF76AB5F9D7A8EECECA37EC34D827C7CABBCD3024FB018F0790D02B055B0E5CE4BA371E9B809F67317ADD2D5F735E7B4F4EA873AB98AE33FDC135698C5A301023F69FA68E27C6D5279451DFAC3FB43CE8F168C5404F466D3723252E8BDB095CE347EF06CB021B605EB16820E77E0224E4DA8D4C1D10186D4127E9BD4D1E8126987BD8C7CF39BEBF489E5D5E5DE7C1E45672F9F980BE97776F752EB5A2522765741772CB9B6EF7C2195C4EE15F27113F9357751A2DB4DCE4D9E78482DD1CA929705034473330B1CCCA9EBD40C25BB40C355A2DC9E9BC24A0D90CDE66D796DE91C816FB401F86775319CE12E9E09611361B00AE7B8118CC2C10A697FAEA4DBED47C040C136DEAFBDF0709161C1AE034BC6604ECF34278DB9ADE2CE9A9F741E73C507008EFACCA9612591D776D4D354AB27DD2C04EFD887795ED4877AFE2E89923CC617A5AF3893F1C9710C8C56081A8C00B0D65F68CE3EDD72759C322122CB8FD3E9250A9D87C95C3101B02633E2AC4207B0AF93049182CB2BB713766F167CF4FB374DB8A7BECD9E1542A7B55548539A183D0818F902C"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-03-03 14:07:16
ComboFix-quarantined-files.txt 2010-03-03 13:07

Před spuštěním: Volných bajtů: 21 811 273 728
Po spuštění: Volných bajtů: 21 735 432 192

- - End Of File - - 1C090712F69A318E7DED3E10C9DB32B4

No teda ..... scan trval 33 minut a celkem od spuštění ComboFixu do zobrazeni logu 35 minut.
Tak jsem moc zvedavý jestli jsem měl tak těžce nakažený systém????????????

[motji]

Tak těžce ne, nevím co se dělo , ale stát se to může

:arrow:Stáhněte OTM http://oldtimer.geekstogo.com/OTM.exe
Stáhněte na plochu Otm, 2krát klikněte na Otm,spustí se program,
Do levého okna "Paste Instructions for Items to be Moved" pod žlutou čáru zkopírujete skript

Kód: Vybrat vše

:processes
explorer.exe
 
:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\ProgramData\xml9A4E.tmp
C:\ProgramData\xml954D.tmp
C:\ProgramData\xml99A1.tmp

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo Core Tuner]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Upyrek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-

:commands
[emptytemp]
[Reboot]

-klikněte na červené tlačítko Moveit!
-sem vložte obsah zeleného okénka
-Pokud se bude chtít restartovat pc, dejte YES,log pak najdete C:\_OTM\MovedFiles. Log vložte sem

Máte 3 antispy s rezidentním štítem - ponechejte pouze jeden.
SP: Lavasoft Ad-Watch Live!
SP: Spybot - Search and Destroy
SP: Windows Defender


Stahněte SAS http://portable.superantispyware.com/sassaferun.php
-proveďte aktualizaci a dejte uplný sken.
-Co najde, smažte,a napište co našel.
(tato verze se neinstaluje, je v angličtině. Pokud potřebujete uplný návod, klikněte mi v podpisu na SAS)

pak poprosím o nový log ze Rsitu a napište co počítač. Pokud bude v pořádku, už bychom jen uklidili po combofixu

[Penetrator666]

Hele, tak to ze zeleného okna jsem nestihl, protože jsem nejdřív YES pro reboot

15 min se mi vypínal comp a apk jsem hoodpojil a znovu zapnul a objevil se 03032010_155050.log

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\5888428E699C4E71BF7194EE06B497DA.TMP folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC560.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD41.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp folder moved successfully.
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\cspE075.tmp scheduled to be moved on reboot.
C:\ProgramData\xml9A4E.tmp moved successfully.
C:\ProgramData\xml954D.tmp moved successfully.
C:\ProgramData\xml99A1.tmp moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo Core Tuner\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Upyrek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Upyrek
->Temp folder emptied: 33323 bytes
->Temporary Internet Files folder emptied: 66340 bytes
->Java cache emptied: 11040256 bytes
->FireFox cache emptied: 109059141 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 513 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 2412878 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 117,00 mb


OTM by OldTimer - Version 3.1.10.0 log created on 03032010_155050

Files moved on Reboot...
File move failed. C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\cspE075.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...


WHAT ELSE, GENIUS WOMAN