Pomůže mi někdo prosím???

[L.e.x.u.s]

Dobrý den, mám pocit že s mým PC není něco v pořádku...prosím o radu...Windows defender mi hlásí chybu že soubor svchost.exe je podezřelý

ComboFix 10-03-15.04 - Notebook 16.03.2010 1:27.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.2813.2090 [GMT 1:00]
Spuštěný z: c:\users\Notebook\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Notebook\AppData\Roaming\logs.dat
c:\windows\system32\oem7.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-16 do 2010-03-16 )))))))))))))))))))))))))))))))
.

2010-03-16 00:36 . 2010-03-16 00:36 -------- d-----w- c:\users\Notebook\AppData\Local\temp
2010-03-16 00:36 . 2010-03-16 00:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-16 00:11 . 2010-03-16 00:11 -------- d-----w- c:\program files\trend micro
2010-03-16 00:11 . 2010-03-16 00:11 -------- d-----w- C:\rsit
2010-03-15 23:39 . 2010-03-15 23:39 -------- d-----w- c:\users\Notebook\AppData\Roaming\Ahead
2010-03-15 23:38 . 2010-03-15 23:38 -------- d-----w- c:\programdata\Ahead
2010-03-15 10:23 . 2010-03-15 10:23 -------- d-----w- c:\program files\uTorrent
2010-03-15 10:22 . 2010-03-15 23:40 -------- d-----w- c:\users\Notebook\AppData\Roaming\uTorrent
2010-03-13 16:35 . 2010-03-13 16:35 -------- d-----w- c:\users\Notebook\AppData\Roaming\DAEMON Tools Pro
2010-03-13 16:35 . 2010-03-13 16:35 -------- d-----w- c:\users\Notebook\AppData\Roaming\DAEMON Tools
2010-03-13 16:34 . 2010-03-13 16:34 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-03-13 16:33 . 2010-03-13 16:33 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-03-13 16:33 . 2010-03-13 16:33 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-03-13 16:32 . 2010-03-13 16:32 -------- d-----w- c:\users\Notebook\AppData\Roaming\DAEMON Tools Lite
2010-03-07 09:35 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-03 13:44 . 2010-03-03 13:44 -------- d-----w- c:\programdata\Blizzard
2010-03-01 19:12 . 2010-03-01 19:13 -------- d-----w- c:\users\Notebook\AppData\Roaming\Media Player Classic
2010-03-01 14:28 . 2010-03-01 14:28 -------- d-----w- c:\program files\Xilisoft
2010-02-26 06:48 . 2010-03-09 19:51 -------- d-----w- C:\Fraps
2010-02-25 13:35 . 2010-02-25 13:35 -------- d-----w- c:\program files\Windows Portable Devices
2010-02-25 07:43 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-02-25 07:43 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-02-25 07:43 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-02-25 07:40 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-02-25 07:40 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-02-25 07:40 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-02-25 07:40 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-02-25 07:40 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-02-25 07:40 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-02-25 07:40 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2010-02-25 07:40 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-02-25 07:40 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-02-25 07:40 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2010-02-25 07:40 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-02-25 07:40 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-02-25 07:38 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-02-25 07:38 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-02-25 07:38 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-02-24 09:57 . 2010-03-15 23:44 -------- d-----w- c:\users\Notebook\AppData\Local\Ahead
2010-02-24 09:45 . 2010-02-24 09:46 -------- d-----w- c:\windows\system32\ca-ES
2010-02-24 09:45 . 2010-02-24 09:46 -------- d-----w- c:\windows\system32\eu-ES
2010-02-24 09:45 . 2010-02-24 09:46 -------- d-----w- c:\windows\system32\vi-VN
2010-02-24 09:36 . 2009-12-12 14:15 178176 ----a-w- c:\windows\system32\unrar.dll
2010-02-24 09:36 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-02-24 09:36 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-02-24 09:36 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-02-24 09:36 . 2010-02-02 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-02-24 09:36 . 2010-02-24 09:37 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-24 09:26 . 2010-02-24 09:26 -------- d-----w- c:\windows\system32\EventProviders
2010-02-24 09:23 . 2010-03-15 23:36 -------- d-----w- c:\program files\Common Files\Ahead
2010-02-21 06:21 . 2010-02-21 06:21 -------- d-----w- c:\program files\MSXML 4.0
2010-02-20 19:16 . 2010-02-20 19:16 -------- d-----w- c:\programdata\WindowsSearch
2010-02-20 00:32 . 2010-02-20 00:32 -------- d-----w- c:\users\Notebook\AppData\Local\Nero
2010-02-20 00:32 . 2010-02-20 00:48 -------- d-----w- c:\users\Notebook\AppData\Roaming\Nero
2010-02-19 19:18 . 2007-03-26 06:25 38784 ----a-w- c:\windows\system32\drivers\Axtmvprt.sys
2010-02-19 19:18 . 2007-03-26 06:25 40064 ----a-w- c:\windows\system32\drivers\Axtmvmdm.sys
2010-02-19 19:18 . 2007-03-22 08:36 3456 ----a-w- c:\windows\system32\drivers\Axtmvflt.sys
2010-02-19 19:18 . 2010-02-19 19:18 -------- d-----w- c:\program files\Axesstel
2010-02-19 07:45 . 2010-03-15 23:33 -------- d-----w- c:\program files\Nero
2010-02-19 07:44 . 2010-03-15 23:33 -------- d-----w- c:\programdata\Nero
2010-02-19 07:44 . 2010-02-24 09:02 -------- d-----w- c:\program files\Common Files\Nero
2010-02-18 18:51 . 2010-02-18 18:51 -------- d-----w- c:\users\Notebook\AppData\Roaming\TS3Client
2010-02-15 06:21 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-02-15 06:21 . 2009-11-03 19:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-15 06:21 . 2009-11-03 21:43 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-15 06:21 . 2009-11-03 21:42 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-14 06:23 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-02-14 06:23 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-16 00:32 . 2008-01-21 06:13 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-03-16 00:32 . 2008-01-21 06:13 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-03-16 00:22 . 2010-02-07 07:56 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-14 21:45 . 2010-02-06 15:08 -------- d-----w- c:\users\Notebook\AppData\Roaming\ICQ
2010-03-12 15:15 . 2010-02-11 14:06 -------- d-----w- c:\program files\World of Warcraft
2010-03-12 10:35 . 2010-02-06 15:08 -------- d-----w- c:\program files\ICQ7.0
2010-03-11 23:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-08 17:58 . 2010-02-06 15:07 -------- d-----w- c:\users\Notebook\AppData\Roaming\Skype
2010-03-08 15:08 . 2010-02-07 09:41 -------- d-----w- c:\users\Notebook\AppData\Roaming\skypePM
2010-03-01 19:06 . 2010-02-06 09:21 -------- d-----w- c:\users\Notebook\AppData\Roaming\BSplayer PRO
2010-02-25 23:02 . 2010-02-05 10:15 54312 ----a-w- c:\users\Notebook\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-25 13:35 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-25 13:34 . 2010-02-25 13:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-02-24 09:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2010-02-24 09:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2010-02-24 09:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2010-02-24 09:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2010-02-24 09:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2010-02-24 08:16 . 2010-02-05 13:07 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 10:15 . 2010-02-06 12:59 -------- d-----w- c:\users\Notebook\AppData\Roaming\LangSoft
2010-02-12 18:40 . 2010-02-12 18:39 -------- d-----w- c:\users\Notebook\AppData\Roaming\Ventrilo
2010-02-12 18:38 . 2010-02-12 18:38 -------- d-----w- c:\program files\Ventrilo
2010-02-12 18:38 . 2010-02-12 18:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-07 14:48 . 2010-02-07 14:49 737280 ----a-w- c:\windows\iun6002.exe
2010-02-07 14:17 . 2010-02-07 14:17 -------- d-----w- c:\program files\Katalog DVD
2010-02-07 13:35 . 2010-02-05 11:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-07 13:29 . 2010-02-05 11:46 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-07 13:27 . 2010-02-07 13:27 -------- d-----w- c:\programdata\UDL
2010-02-07 13:26 . 2010-02-07 13:02 -------- d-----w- c:\program files\epson
2010-02-07 13:23 . 2010-02-07 13:23 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2010-02-07 13:09 . 2010-02-07 12:59 -------- d-----w- c:\programdata\EPSON
2010-02-07 12:58 . 2010-02-07 12:58 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-02-07 09:50 . 2010-02-07 09:48 -------- d-----w- c:\program files\CesarFTP
2010-02-07 09:41 . 2010-02-07 09:41 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-02-07 07:59 . 2010-02-07 07:59 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2010-02-07 06:23 . 2010-02-07 06:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2010-02-06 17:31 . 2010-02-06 17:28 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-02-06 15:07 . 2010-02-06 15:06 -------- d-----r- c:\program files\Skype
2010-02-06 15:07 . 2010-02-06 15:07 -------- d-----w- c:\program files\Common Files\Skype
2010-02-06 15:06 . 2010-02-06 15:06 -------- d-----w- c:\programdata\Skype
2010-02-06 13:01 . 2010-02-06 13:01 798771 ----a-w- c:\programdata\LangSoft\WebIE.dll
2010-02-06 13:01 . 2010-02-06 13:01 299008 ----a-w- c:\programdata\LangSoft\TrnWord.dll
2010-02-06 13:01 . 2010-02-06 13:00 -------- d-----w- c:\programdata\LangSoft
2010-02-06 13:01 . 2010-02-06 13:01 356352 ----a-w- c:\programdata\LangSoft\TrnOutl.dll
2010-02-06 09:35 . 2010-02-06 09:35 -------- d-----w- c:\program files\Alcohol Soft
2010-02-06 09:33 . 2010-02-06 09:33 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-06 09:23 . 2010-02-06 09:23 -------- d-----w- c:\users\Notebook\AppData\Roaming\IObit
2010-02-06 09:23 . 2010-02-06 09:23 -------- d-----w- c:\program files\IObit
2010-02-06 09:21 . 2010-02-06 09:21 -------- d-----w- c:\program files\Webteh
2010-02-06 09:17 . 2010-02-06 09:17 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-06 09:07 . 2010-02-06 09:07 -------- d-----w- c:\program files\RocketDock
2010-02-06 09:06 . 2010-02-06 09:06 -------- d-----w- c:\program files\Alwil Software
2010-02-05 11:53 . 2010-02-05 11:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-02-05 11:53 . 2010-02-05 11:53 -------- d-----w- c:\program files\Synaptics
2010-02-05 11:50 . 2010-02-05 11:46 -------- d-----w- c:\program files\Realtek
2010-02-05 11:50 . 2010-02-05 11:50 -------- d-----w- c:\users\Notebook\AppData\Roaming\InstallShield
2010-02-05 11:46 . 2010-02-05 11:46 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-02-05 11:46 . 2010-02-05 11:46 315392 ----a-w- c:\windows\HideWin.exe
2010-02-05 11:43 . 2010-02-05 11:43 -------- d-----w- c:\users\Notebook\AppData\Roaming\ATI
2010-02-05 11:43 . 2010-02-05 11:43 -------- d-----w- c:\programdata\ATI
2010-02-05 11:42 . 2010-02-05 11:42 0 ----a-w- c:\windows\ativpsrm.bin
2010-02-05 11:40 . 2010-02-05 11:38 -------- d-----w- c:\program files\ATI Technologies
2010-02-05 11:38 . 2010-02-05 11:38 10134 ----a-r- c:\users\Notebook\AppData\Roaming\Microsoft\Installer\{58FF8C7E-F431-7069-DA9A-A61411208DF3}\ARPPRODUCTICON.exe
2010-02-05 11:38 . 2010-02-05 11:38 -------- d-----w- c:\program files\ATI
2010-02-05 11:36 . 2010-02-05 11:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-02-05 10:21 . 2010-02-05 10:15 680 ----a-w- c:\users\Notebook\AppData\Local\d3d9caps.dat
2010-02-05 10:12 . 2010-02-05 10:12 -------- d-sh--we c:\programdata\Plocha
2010-02-05 10:12 . 2010-02-05 10:12 -------- d-sh--we c:\programdata\Oblíbené položky
2010-02-05 10:12 . 2010-02-05 10:12 -------- d-sh--we c:\programdata\Šablony
2010-02-05 10:12 . 2010-02-05 10:12 -------- d-sh--we c:\programdata\Nabídka Start
2010-02-05 10:12 . 2010-02-05 10:12 -------- d-sh--we c:\programdata\Dokumenty
2010-02-05 10:12 . 2010-02-05 10:12 -------- d-sh--we c:\programdata\Data aplikací
2010-01-25 12:00 . 2010-02-24 21:31 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 21:31 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 21:31 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 21:31 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 21:31 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 21:31 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 21:31 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 21:31 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:21 . 2010-02-24 21:31 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-23 09:26 . 2010-02-24 21:31 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-06 15:39 . 2010-02-24 21:31 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-24 21:31 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-24 21:31 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 21:31 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 21:31 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 21:31 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 13:30 . 2010-02-24 21:31 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-02 06:38 . 2010-02-05 13:35 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-02-05 13:35 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-02-05 13:35 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-02-05 13:35 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-20 09:53 . 2009-12-20 09:53 234016 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"FileUploader"="c:\users\Notebook\Downloads\SRDownloader.exe" [2010-03-13 475136]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"Skytel"="Skytel.exe" [2008-06-25 1826816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):b1,c1,97,31,37,b5,ca,01

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-06 691696]
R3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\DRIVERS\Axtmvflt.sys [2007-03-22 3456]
R3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 40064]
R3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\Drivers\Axtmvprt.sys [2007-03-26 38784]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-03-16 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-02-06 14:35]

2010-03-16 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-02-06 13:45]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
FF - ProfilePath - c:\users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\e8v7k9dd.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\e8v7k9dd.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF15.dll
FF - component: c:\users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\e8v7k9dd.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-16 01:36
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\users\Notebook\AppData\Local\Temp\catchme.dll 53248 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-03-16 01:40:49
ComboFix-quarantined-files.txt 2010-03-16 00:40

Před spuštěním: Volných bajtů: 37 221 314 560
Po spuštění: Volných bajtů: 38 845 100 032

- - End Of File - - B345689C8418ABC717DABF5059BD3926

[L.e.x.u.s]

Ještě výpis z RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Notebook at 2010-03-16 01:11:02
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 36 GB (23%) free of 153 GB
Total RAM: 2813 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:11:15, on 16.3.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Users\Notebook\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Notebook\Downloads\RSIT.exe
C:\Program Files\trend micro\Notebook.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [HKLM] C:\Windows\system32\drivers\svchost.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [EPSON Stylus SX400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "C:\Windows\TEMP\E_SE367.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [FileUploader] C:\Users\Notebook\Downloads\SRDownloader.exe /min
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8134 bytes

======Scheduled tasks folder======

C:\Windows\tasks\AWC AutoSweep.job
C:\Windows\tasks\AWC Startup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2010-02-06 798771]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2010-02-06 798771]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-07-03 6266880]
"Skytel"=C:\Windows\Skytel.exe [2008-06-25 1826816]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-02-22 1037608]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2008-01-21 215552]
"HKLM"=C:\Windows\system32\drivers\svchost.exe [2005-06-11 622592]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-05-28 570664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies"=C:\Windows\system32\drivers\svchost.exe [2005-06-11 622592]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"EPSON Stylus SX400 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE [2007-12-17 188928]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
"FileUploader"=C:\Users\Notebook\Downloads\SRDownloader.exe [2010-03-13 475136]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2008-01-22 152872]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-03-16 01:11:03 ----D---- C:\Program Files\trend micro
2010-03-16 01:11:02 ----D---- C:\rsit
2010-03-16 00:39:12 ----D---- C:\Users\Notebook\AppData\Roaming\Ahead
2010-03-16 00:38:25 ----D---- C:\ProgramData\Ahead
2010-03-16 00:30:50 ----A---- C:\Windows\system32\d3dx9_28.dll
2010-03-15 11:23:22 ----D---- C:\Program Files\uTorrent
2010-03-15 11:22:56 ----D---- C:\Users\Notebook\AppData\Roaming\uTorrent
2010-03-13 17:35:24 ----D---- C:\Users\Notebook\AppData\Roaming\DAEMON Tools Pro
2010-03-13 17:35:24 ----D---- C:\Users\Notebook\AppData\Roaming\DAEMON Tools
2010-03-13 17:34:41 ----D---- C:\ProgramData\DAEMON Tools Lite
2010-03-13 17:33:31 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-03-13 17:33:20 ----D---- C:\Program Files\DAEMON Tools Lite
2010-03-13 17:32:58 ----D---- C:\Users\Notebook\AppData\Roaming\DAEMON Tools Lite
2010-03-07 10:35:30 ----A---- C:\Windows\system32\browserchoice.exe
2010-03-03 14:44:45 ----D---- C:\ProgramData\Blizzard
2010-03-01 20:12:22 ----D---- C:\Users\Notebook\AppData\Roaming\Media Player Classic
2010-03-01 15:28:36 ----D---- C:\Program Files\Xilisoft
2010-02-26 07:48:54 ----D---- C:\Fraps
2010-02-25 14:35:05 ----D---- C:\Program Files\Windows Portable Devices
2010-02-25 08:43:42 ----A---- C:\Windows\system32\UIAnimation.dll
2010-02-25 08:43:40 ----A---- C:\Windows\system32\UIRibbonRes.dll
2010-02-25 08:43:40 ----A---- C:\Windows\system32\UIRibbon.dll
2010-02-25 08:42:48 ----A---- C:\Windows\system32\WMPhoto.dll
2010-02-25 08:42:46 ----A---- C:\Windows\system32\cdd.dll
2010-02-25 08:42:41 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2010-02-25 08:42:41 ----A---- C:\Windows\system32\d3d10warp.dll
2010-02-25 08:42:40 ----A---- C:\Windows\system32\XpsRasterService.dll
2010-02-25 08:42:39 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2010-02-25 08:42:39 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2010-02-25 08:42:39 ----A---- C:\Windows\system32\d2d1.dll
2010-02-25 08:42:38 ----A---- C:\Windows\system32\WindowsCodecs.dll
2010-02-25 08:42:38 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2010-02-25 08:42:38 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2010-02-25 08:42:38 ----A---- C:\Windows\system32\dxdiagn.dll
2010-02-25 08:42:38 ----A---- C:\Windows\system32\dxdiag.exe
2010-02-25 08:42:37 ----A---- C:\Windows\system32\XpsPrint.dll
2010-02-25 08:42:36 ----A---- C:\Windows\system32\xpsservices.dll
2010-02-25 08:42:36 ----A---- C:\Windows\system32\OpcServices.dll
2010-02-25 08:42:35 ----A---- C:\Windows\system32\FntCache.dll
2010-02-25 08:42:35 ----A---- C:\Windows\system32\DWrite.dll
2010-02-25 08:42:35 ----A---- C:\Windows\system32\d3d10level9.dll
2010-02-25 08:42:35 ----A---- C:\Windows\system32\d3d10core.dll
2010-02-25 08:42:35 ----A---- C:\Windows\system32\d3d10_1core.dll
2010-02-25 08:42:34 ----A---- C:\Windows\system32\dxgi.dll
2010-02-25 08:42:34 ----A---- C:\Windows\system32\d3d11.dll
2010-02-25 08:42:34 ----A---- C:\Windows\system32\d3d10_1.dll
2010-02-25 08:42:34 ----A---- C:\Windows\system32\d3d10.dll
2010-02-25 08:40:53 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2010-02-25 08:40:53 ----A---- C:\Windows\system32\wpdbusenum.dll
2010-02-25 08:40:53 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2010-02-25 08:40:39 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2010-02-25 08:40:31 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2010-02-25 08:40:31 ----A---- C:\Windows\system32\wpdshext.dll
2010-02-25 08:40:31 ----A---- C:\Windows\system32\wpd_ci.dll
2010-02-25 08:40:31 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2010-02-25 08:40:30 ----A---- C:\Windows\system32\WPDSp.dll
2010-02-25 08:40:30 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2010-02-25 08:40:30 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2010-02-25 08:40:30 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2010-02-25 08:38:10 ----A---- C:\Windows\system32\oleaccrc.dll
2010-02-25 08:38:10 ----A---- C:\Windows\system32\oleacc.dll
2010-02-25 08:38:09 ----A---- C:\Windows\system32\UIAutomationCore.dll
2010-02-24 22:32:03 ----A---- C:\Windows\system32\jscript.dll
2010-02-24 22:31:52 ----A---- C:\Windows\system32\tzres.dll
2010-02-24 22:31:34 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 22:31:34 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 22:31:33 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 22:31:33 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 22:31:33 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 22:31:32 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 22:31:32 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 22:31:32 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 22:31:32 ----A---- C:\Windows\system32\msdrm.dll
2010-02-24 22:31:28 ----A---- C:\Windows\system32\gameux.dll
2010-02-24 22:31:27 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-02-24 22:31:26 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-02-24 10:45:58 ----D---- C:\Windows\system32\vi-VN
2010-02-24 10:45:58 ----D---- C:\Windows\system32\eu-ES
2010-02-24 10:45:58 ----D---- C:\Windows\system32\ca-ES
2010-02-24 10:36:49 ----A---- C:\Windows\system32\unrar.dll
2010-02-24 10:36:49 ----A---- C:\Windows\avisplitter.ini
2010-02-24 10:36:47 ----A---- C:\Windows\system32\yv12vfw.dll
2010-02-24 10:36:47 ----A---- C:\Windows\system32\xvidvfw.dll
2010-02-24 10:36:47 ----A---- C:\Windows\system32\xvidcore.dll
2010-02-24 10:36:44 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2010-02-24 10:36:44 ----A---- C:\Windows\system32\ff_vfw.dll
2010-02-24 10:36:42 ----D---- C:\Program Files\K-Lite Codec Pack
2010-02-24 10:26:55 ----D---- C:\Windows\system32\EventProviders
2010-02-24 10:23:52 ----D---- C:\Program Files\Common Files\Ahead
2010-02-21 07:21:38 ----D---- C:\Program Files\MSXML 4.0
2010-02-20 20:16:13 ----D---- C:\ProgramData\WindowsSearch
2010-02-20 01:32:20 ----D---- C:\Users\Notebook\AppData\Roaming\Nero
2010-02-19 20:18:21 ----D---- C:\Program Files\Axesstel
2010-02-19 10:21:33 ----A---- C:\Windows\Irremote.ini
2010-02-19 08:45:46 ----D---- C:\Program Files\Nero
2010-02-19 08:44:14 ----D---- C:\ProgramData\Nero
2010-02-19 08:44:13 ----D---- C:\Program Files\Common Files\Nero
2010-02-19 08:41:41 ----A---- C:\Windows\system32\d3dx9_30.dll
2010-02-18 19:51:18 ----D---- C:\Users\Notebook\AppData\Roaming\TS3Client

======List of files/folders modified in the last 1 months======

2010-03-16 01:11:08 ----D---- C:\Windows\Temp
2010-03-16 01:11:03 ----RD---- C:\Program Files
2010-03-16 01:11:00 ----D---- C:\Windows\Prefetch
2010-03-16 00:48:41 ----D---- C:\Windows\System32
2010-03-16 00:48:41 ----D---- C:\Windows\inf
2010-03-16 00:48:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-16 00:40:49 ----SHD---- C:\Windows\Installer
2010-03-16 00:38:25 ----HD---- C:\ProgramData
2010-03-16 00:36:20 ----D---- C:\Windows
2010-03-16 00:31:35 ----SHD---- C:\System Volume Information
2010-03-15 11:53:37 ----D---- C:\Windows\system32\Tasks
2010-03-14 22:45:27 ----D---- C:\Users\Notebook\AppData\Roaming\ICQ
2010-03-12 16:15:42 ----D---- C:\Program Files\World of Warcraft
2010-03-12 11:35:38 ----D---- C:\Program Files\ICQ7.0
2010-03-12 11:16:50 ----D---- C:\Windows\winsxs
2010-03-12 00:22:34 ----D---- C:\Program Files\Movie Maker
2010-03-12 00:22:28 ----D---- C:\Windows\system32\catroot
2010-03-12 00:22:21 ----D---- C:\Program Files\Windows Mail
2010-03-11 15:16:07 ----D---- C:\Windows\system32\catroot2
2010-03-09 22:09:22 ----SD---- C:\Users\Notebook\AppData\Roaming\Microsoft
2010-03-08 18:58:38 ----D---- C:\Users\Notebook\AppData\Roaming\Skype
2010-03-08 16:08:06 ----D---- C:\Users\Notebook\AppData\Roaming\skypePM
2010-03-05 14:33:34 ----D---- C:\Windows\system32\LogFiles
2010-03-02 06:30:12 ----A---- C:\Windows\system32\mrt.exe
2010-03-01 20:06:53 ----D---- C:\Users\Notebook\AppData\Roaming\BSplayer PRO
2010-02-26 00:17:47 ----D---- C:\Windows\rescache
2010-02-26 00:12:28 ----D---- C:\Windows\Microsoft.NET
2010-02-26 00:12:20 ----RSD---- C:\Windows\assembly
2010-02-25 14:35:06 ----D---- C:\Windows\system32\cs-CZ
2010-02-25 14:35:05 ----D---- C:\Windows\system32\wbem
2010-02-25 14:35:04 ----D---- C:\Windows\system32\zh-HK
2010-02-25 14:35:04 ----D---- C:\Windows\system32\uk-UA
2010-02-25 14:35:04 ----D---- C:\Windows\system32\sr-Latn-CS
2010-02-25 14:35:04 ----D---- C:\Windows\system32\sl-SI
2010-02-25 14:35:04 ----D---- C:\Windows\system32\pt-PT
2010-02-25 14:35:04 ----D---- C:\Windows\system32\pt-BR
2010-02-25 14:35:04 ----D---- C:\Windows\system32\pl-PL
2010-02-25 14:35:04 ----D---- C:\Windows\system32\nl-NL
2010-02-25 14:35:04 ----D---- C:\Windows\system32\ko-KR
2010-02-25 14:35:04 ----D---- C:\Windows\system32\it-IT
2010-02-25 14:35:04 ----D---- C:\Windows\system32\hu-HU
2010-02-25 14:35:04 ----D---- C:\Windows\system32\hr-HR
2010-02-25 14:35:04 ----D---- C:\Windows\system32\he-IL
2010-02-25 14:35:04 ----D---- C:\Windows\system32\fr-FR
2010-02-25 14:35:04 ----D---- C:\Windows\system32\fi-FI
2010-02-25 14:35:04 ----D---- C:\Windows\system32\el-GR
2010-02-25 14:35:04 ----D---- C:\Windows\system32\bg-BG
2010-02-25 14:35:03 ----D---- C:\Windows\system32\zh-TW
2010-02-25 14:35:03 ----D---- C:\Windows\system32\zh-CN
2010-02-25 14:35:03 ----D---- C:\Windows\system32\tr-TR
2010-02-25 14:35:03 ----D---- C:\Windows\system32\th-TH
2010-02-25 14:35:03 ----D---- C:\Windows\system32\sv-SE
2010-02-25 14:35:03 ----D---- C:\Windows\system32\sk-SK
2010-02-25 14:35:03 ----D---- C:\Windows\system32\ru-RU
2010-02-25 14:35:03 ----D---- C:\Windows\system32\ro-RO
2010-02-25 14:35:03 ----D---- C:\Windows\system32\nb-NO
2010-02-25 14:35:03 ----D---- C:\Windows\system32\lv-LV
2010-02-25 14:35:03 ----D---- C:\Windows\system32\lt-LT
2010-02-25 14:35:03 ----D---- C:\Windows\system32\ja-JP
2010-02-25 14:35:03 ----D---- C:\Windows\system32\et-EE
2010-02-25 14:35:03 ----D---- C:\Windows\system32\es-ES
2010-02-25 14:35:03 ----D---- C:\Windows\system32\en-US
2010-02-25 14:35:03 ----D---- C:\Windows\system32\de-DE
2010-02-25 14:35:03 ----D---- C:\Windows\system32\da-DK
2010-02-25 14:35:03 ----D---- C:\Windows\system32\ar-SA
2010-02-25 14:35:02 ----RSD---- C:\Windows\Fonts
2010-02-25 14:35:02 ----D---- C:\Windows\AppPatch
2010-02-24 10:53:45 ----SHD---- C:\Boot
2010-02-24 10:46:30 ----D---- C:\Program Files\Windows Calendar
2010-02-24 10:46:29 ----D---- C:\Program Files\Windows Sidebar
2010-02-24 10:46:29 ----D---- C:\Program Files\Windows Photo Gallery
2010-02-24 10:46:29 ----D---- C:\Program Files\Windows Media Player
2010-02-24 10:46:29 ----D---- C:\Program Files\Windows Collaboration
2010-02-24 10:46:29 ----D---- C:\Program Files\Internet Explorer
2010-02-24 10:46:29 ----D---- C:\Program Files\Common Files\System
2010-02-24 10:46:28 ----D---- C:\Windows\servicing
2010-02-24 10:46:28 ----D---- C:\Program Files\Windows Defender
2010-02-24 10:46:23 ----D---- C:\Windows\system32\XPSViewer
2010-02-24 10:46:23 ----D---- C:\Windows\IME
2010-02-24 10:46:22 ----D---- C:\Windows\system32\oobe
2010-02-24 10:46:22 ----D---- C:\Windows\system32\migration
2010-02-24 10:46:21 ----D---- C:\Windows\system32\setup
2010-02-24 10:46:21 ----D---- C:\Windows\system32\cs
2010-02-24 10:46:21 ----D---- C:\Windows\system32\AdvancedInstallers
2010-02-24 10:46:19 ----D---- C:\Windows\system32\SLUI
2010-02-24 10:46:18 ----D---- C:\Windows\system32\manifeststore
2010-02-24 10:46:16 ----D---- C:\Windows\system32\migwiz
2010-02-24 10:45:58 ----D---- C:\Windows\system32\Boot
2010-02-24 10:44:26 ----D---- C:\Windows\system32\RTCOM
2010-02-24 10:42:56 ----D---- C:\Windows\WindowsMobile
2010-02-24 10:23:52 ----D---- C:\Program Files\Common Files
2010-02-24 09:16:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-02-22 11:15:16 ----D---- C:\Users\Notebook\AppData\Roaming\LangSoft
2010-02-19 20:35:46 ----D---- C:\Windows\ModemLogs
2010-02-19 20:35:34 ----A---- C:\Windows\ODBC.INI
2010-02-19 07:44:37 ----D---- C:\Windows\system32\WDI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-07-09 3880448]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-01-23 1187320]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-03 2152088]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-12-20 234016]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-02-22 198064]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 a50kfflu;a50kfflu; C:\Windows\system32\drivers\a50kfflu.sys []
S3 a567hzr4;a567hzr4; C:\Windows\system32\drivers\a567hzr4.sys []
S3 Axtmvflt;Axesstel USB Filter Service; C:\Windows\system32\DRIVERS\Axtmvflt.sys [2007-03-22 3456]
S3 Axtmvmdm;Axesstel USB Modem; C:\Windows\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 40064]
S3 Axtmvprt;Axesstel Diagnostic Port; C:\Windows\System32\Drivers\Axtmvprt.sys [2007-03-26 38784]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-07-09 700416]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]

-----------------EOF-----------------

[JaRon]

Presun ComboFix
na plochu (ak tam este nie je)

otvor si Poznamkovy blok - notepad

do neho zkopiruj skript z nasledujiceho okna:

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies"=-

uloz vytvoreny textovy soubor ako CFScript.txt na plochu

po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:



po aplikacii by mal vzniknut dalsi log, ten vloz sem

[L.e.x.u.s]

Tady to je
ComboFix 10-03-16.03 - Notebook 16.03.2010 23:13:17.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.2813.2089 [GMT 1:00]
Spuštěný z: c:\users\Notebook\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Notebook\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\license.rtf
c:\windows\system32\oem7.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-16 do 2010-03-16 )))))))))))))))))))))))))))))))
.

2010-03-16 22:22 . 2010-03-16 22:23 -------- d-----w- c:\users\Notebook\AppData\Local\temp
2010-03-16 22:22 . 2010-03-16 22:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-16 22:22 . 2010-03-16 22:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-16 00:40 . 2010-03-16 08:33 -------- d-----w- c:\users\Notebook\AppData\Local\Temp(12)
2010-03-16 00:11 . 2010-03-16 00:11 -------- d-----w- c:\program files\trend micro
2010-03-16 00:11 . 2010-03-16 00:11 -------- d-----w- C:\rsit
2010-03-15 23:39 . 2010-03-15 23:39 -------- d-----w- c:\users\Notebook\AppData\Roaming\Ahead
2010-03-15 23:38 . 2010-03-15 23:38 -------- d-----w- c:\programdata\Ahead
2010-03-15 10:22 . 2010-03-15 23:40 -------- d-----w- c:\users\Notebook\AppData\Roaming\uTorrent
2010-03-13 16:35 . 2010-03-13 16:35 -------- d-----w- c:\users\Notebook\AppData\Roaming\DAEMON Tools Pro
2010-03-13 16:35 . 2010-03-13 16:35 -------- d-----w- c:\users\Notebook\AppData\Roaming\DAEMON Tools
2010-03-13 16:34 . 2010-03-13 16:34 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-03-13 16:33 . 2010-03-13 16:33 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-03-13 16:33 . 2010-03-13 16:33 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-03-13 16:32 . 2010-03-13 16:32 -------- d-----w- c:\users\Notebook\AppData\Roaming\DAEMON Tools Lite
2010-03-07 09:35 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-03 13:44 . 2010-03-03 13:44 -------- d-----w- c:\programdata\Blizzard
2010-03-01 19:12 . 2010-03-01 19:13 -------- d-----w- c:\users\Notebook\AppData\Roaming\Media Player Classic
2010-03-01 14:28 . 2010-03-01 14:28 -------- d-----w- c:\program files\Xilisoft
2010-02-26 06:48 . 2010-03-09 19:51 -------- d-----w- C:\Fraps
2010-02-25 13:35 . 2010-02-25 13:35 -------- d-----w- c:\program files\Windows Portable Devices
2010-02-25 07:43 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-02-25 07:43 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-02-25 07:43 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-02-25 07:40 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-02-25 07:40 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-02-25 07:40 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-02-25 07:40 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-02-25 07:40 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-02-25 07:40 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-02-25 07:40 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2010-02-25 07:40 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-02-25 07:40 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-02-25 07:40 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2010-02-25 07:40 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-02-25 07:40 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-02-25 07:38 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-02-25 07:38 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-02-25 07:38 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-02-24 09:57 . 2010-03-15 23:44 -------- d-----w- c:\users\Notebook\AppData\Local\Ahead
2010-02-24 09:45 . 2010-02-24 09:46 -------- d-----w- c:\windows\system32\ca-ES
2010-02-24 09:45 . 2010-02-24 09:46 -------- d-----w- c:\windows\system32\eu-ES
2010-02-24 09:45 . 2010-02-24 09:46 -------- d-----w- c:\windows\system32\vi-VN
2010-02-24 09:36 . 2009-12-12 14:15 178176 ----a-w- c:\windows\system32\unrar.dll
2010-02-24 09:36 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-02-24 09:36 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-02-24 09:36 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-02-24 09:36 . 2010-02-02 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-02-24 09:36 . 2010-02-24 09:37 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-24 09:26 . 2010-02-24 09:26 -------- d-----w- c:\windows\system32\EventProviders
2010-02-24 09:23 . 2010-03-16 09:03 -------- d-----w- c:\program files\Common Files\Ahead
2010-02-21 06:21 . 2010-02-21 06:21 -------- d-----w- c:\program files\MSXML 4.0
2010-02-20 19:16 . 2010-02-20 19:16 -------- d-----w- c:\programdata\WindowsSearch
2010-02-20 00:32 . 2010-02-20 00:32 -------- d-----w- c:\users\Notebook\AppData\Local\Nero
2010-02-20 00:32 . 2010-02-20 00:48 -------- d-----w- c:\users\Notebook\AppData\Roaming\Nero
2010-02-19 19:18 . 2007-03-26 06:25 38784 ----a-w- c:\windows\system32\drivers\Axtmvprt.sys
2010-02-19 19:18 . 2007-03-26 06:25 40064 ----a-w- c:\windows\system32\drivers\Axtmvmdm.sys
2010-02-19 19:18 . 2007-03-22 08:36 3456 ----a-w- c:\windows\system32\drivers\Axtmvflt.sys
2010-02-19 19:18 . 2010-02-19 19:18 -------- d-----w- c:\program files\Axesstel
2010-02-19 07:44 . 2010-03-15 23:33 -------- d-----w- c:\programdata\Nero
2010-02-19 07:44 . 2010-02-24 09:02 -------- d-----w- c:\program files\Common Files\Nero
2010-02-18 18:51 . 2010-02-18 18:51 -------- d-----w- c:\users\Notebook\AppData\Roaming\TS3Client
2010-02-15 06:21 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-02-15 06:21 . 2009-11-03 19:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-15 06:21 . 2009-11-03 21:43 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-15 06:21 . 2009-11-03 21:42 30720 ----a-w- c:\windows\system32\httpapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-16 22:17 . 2008-01-21 06:13 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-03-16 22:17 . 2008-01-21 06:13 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-03-16 22:08 . 2010-02-07 07:56 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-16 20:45 . 2010-02-06 15:08 -------- d-----w- c:\users\Notebook\AppData\Roaming\ICQ
2010-03-12 15:15 . 2010-02-11 14:06 -------- d-----w- c:\program files\World of Warcraft
2010-03-12 10:35 . 2010-02-06 15:08 -------- d-----w- c:\program files\ICQ7.0
2010-03-11 23:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-08 17:58 . 2010-02-06 15:07 -------- d-----w- c:\users\Notebook\AppData\Roaming\Skype
2010-03-08 15:08 . 2010-02-07 09:41 -------- d-----w- c:\users\Notebook\AppData\Roaming\skypePM
2010-03-01 19:06 . 2010-02-06 09:21 -------- d-----w- c:\users\Notebook\AppData\Roaming\BSplayer PRO
2010-02-25 23:02 . 2010-02-05 10:15 54312 ----a-w- c:\users\Notebook\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-25 13:35 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-25 13:34 . 2010-02-25 13:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-02-24 09:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2010-02-24 09:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2010-02-24 09:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2010-02-24 09:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2010-02-24 09:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2010-02-24 08:16 . 2010-02-05 13:07 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 10:15 . 2010-02-06 12:59 -------- d-----w- c:\users\Notebook\AppData\Roaming\LangSoft
2010-02-12 18:40 . 2010-02-12 18:39 -------- d-----w- c:\users\Notebook\AppData\Roaming\Ventrilo
2010-02-12 18:38 . 2010-02-12 18:38 -------- d-----w- c:\program files\Ventrilo
2010-02-12 18:38 . 2010-02-12 18:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-07 14:48 . 2010-02-07 14:49 737280 ----a-w- c:\windows\iun6002.exe
2010-02-07 14:17 . 2010-02-07 14:17 -------- d-----w- c:\program files\Katalog DVD
2010-02-07 13:35 . 2010-02-05 11:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-07 13:29 . 2010-02-05 11:46 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-07 13:27 . 2010-02-07 13:27 -------- d-----w- c:\programdata\UDL
2010-02-07 13:26 . 2010-02-07 13:02 -------- d-----w- c:\program files\epson
2010-02-07 13:23 . 2010-02-07 13:23 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2010-02-07 13:09 . 2010-02-07 12:59 -------- d-----w- c:\programdata\EPSON
2010-02-07 12:58 . 2010-02-07 12:58 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-02-07 09:50 . 2010-02-07 09:48 -------- d-----w- c:\program files\CesarFTP
2010-02-07 09:41 . 2010-02-07 09:41 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-02-07 07:59 . 2010-02-07 07:59 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2010-02-07 06:23 . 2010-02-07 06:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2010-02-06 17:31 . 2010-02-06 17:28 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-02-06 15:07 . 2010-02-06 15:06 -------- d-----r- c:\program files\Skype
2010-02-06 15:07 . 2010-02-06 15:07 -------- d-----w- c:\program files\Common Files\Skype
2010-02-06 15:06 . 2010-02-06 15:06 -------- d-----w- c:\programdata\Skype
2010-02-06 13:01 . 2010-02-06 13:01 798771 ----a-w- c:\programdata\LangSoft\WebIE.dll
2010-02-06 13:01 . 2010-02-06 13:01 299008 ----a-w- c:\programdata\LangSoft\TrnWord.dll
2010-02-06 13:01 . 2010-02-06 13:00 -------- d-----w- c:\programdata\LangSoft
2010-02-06 13:01 . 2010-02-06 13:01 356352 ----a-w- c:\programdata\LangSoft\TrnOutl.dll
2010-02-06 09:35 . 2010-02-06 09:35 -------- d-----w- c:\program files\Alcohol Soft
2010-02-06 09:33 . 2010-02-06 09:33 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-06 09:23 . 2010-02-06 09:23 -------- d-----w- c:\users\Notebook\AppData\Roaming\IObit
2010-02-06 09:23 . 2010-02-06 09:23 -------- d-----w- c:\program files\IObit
2010-02-06 09:21 . 2010-02-06 09:21 -------- d-----w- c:\program files\Webteh
2010-02-06 09:17 . 2010-02-06 09:17 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-06 09:07 . 2010-02-06 09:07 -------- d-----w- c:\program files\RocketDock
2010-02-06 09:06 . 2010-02-06 09:06 -------- d-----w- c:\program files\Alwil Software
2010-02-05 11:53 . 2010-02-05 11:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-02-05 11:53 . 2010-02-05 11:53 -------- d-----w- c:\program files\Synaptics
2010-02-05 11:50 . 2010-02-05 11:46 -------- d-----w- c:\program files\Realtek
2010-02-05 11:50 . 2010-02-05 11:50 -------- d-----w- c:\users\Notebook\AppData\Roaming\InstallShield
2010-02-05 11:46 . 2010-02-05 11:46 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-02-05 11:46 . 2010-02-05 11:46 315392 ----a-w- c:\windows\HideWin.exe
2010-02-05 11:43 . 2010-02-05 11:43 -------- d-----w- c:\users\Notebook\AppData\Roaming\ATI
2010-02-05 11:43 . 2010-02-05 11:43 -------- d-----w- c:\programdata\ATI
2010-02-05 11:42 . 2010-02-05 11:42 0 ----a-w- c:\windows\ativpsrm.bin
2010-02-05 11:40 . 2010-02-05 11:38 -------- d-----w- c:\program files\ATI Technologies
2010-02-05 11:38 . 2010-02-05 11:38 10134 ----a-r- c:\users\Notebook\AppData\Roaming\Microsoft\Installer\{58FF8C7E-F431-7069-DA9A-A61411208DF3}\ARPPRODUCTICON.exe
2010-02-05 11:38 . 2010-02-05 11:38 -------- d-----w- c:\program files\ATI
2010-02-05 11:36 . 2010-02-05 11:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-02-05 10:21 . 2010-02-05 10:15 680 ----a-w- c:\users\Notebook\AppData\Local\d3d9caps.dat
2010-02-05 10:12 . 2010-02-05 10:12 -------- d-sh--we c:\programdata\Plocha
2010-02-05 10:12 . 2010-02-05 10:12 -------- d-sh--we c:\programdata\Oblíbené položky
2010-02-05 10:12 . 2010-02-05 10:12 -------- d-sh--we c:\programdata\Šablony
2010-02-05 10:12 . 2010-02-05 10:12 -------- d-sh--we c:\programdata\Nabídka Start
2010-02-05 10:12 . 2010-02-05 10:12 -------- d-sh--we c:\programdata\Dokumenty
2010-02-05 10:12 . 2010-02-05 10:12 -------- d-sh--we c:\programdata\Data aplikací
2010-01-25 12:00 . 2010-02-24 21:31 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 21:31 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 21:31 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 21:31 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 21:31 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 21:31 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 21:31 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 21:31 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:21 . 2010-02-24 21:31 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-23 09:26 . 2010-02-24 21:31 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-06 15:39 . 2010-02-24 21:31 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-24 21:31 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-24 21:31 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 21:31 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 21:31 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 21:31 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 13:30 . 2010-02-24 21:31 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-02 06:38 . 2010-02-05 13:35 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-02-05 13:35 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-02-05 13:35 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-02-05 13:35 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-20 09:53 . 2009-12-20 09:53 234016 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"Skytel"="Skytel.exe" [2008-06-25 1826816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):b1,c1,97,31,37,b5,ca,01

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-06 691696]
R3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\DRIVERS\Axtmvflt.sys [2007-03-22 3456]
R3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 40064]
R3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\Drivers\Axtmvprt.sys [2007-03-26 38784]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-03-16 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-02-06 14:35]

2010-03-16 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-02-06 13:45]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
FF - ProfilePath - c:\users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\e8v7k9dd.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\e8v7k9dd.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF15.dll
FF - component: c:\users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\e8v7k9dd.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-16 23:22
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-03-16 23:26:43
ComboFix-quarantined-files.txt 2010-03-16 22:26
ComboFix2.txt 2010-03-16 00:40

Před spuštěním: Volných bajtů: 51 253 915 648
Po spuštění: Volných bajtů: 51 214 487 552

- - End Of File - - CF56C14DC39570439AB0EDDF5E212DBA

[JaRon]

prescanuj PC s MBAM

[L.e.x.u.s]

Vypadá to dobře...díkymoc!!!!
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3875
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

17.3.2010 9:56:31
mbam-log-2010-03-17 (09-56-31).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 105686
Uplynulý čas: 5 minute(s), 26 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

[JaRon]

ak existuje subor C:\Windows\system32\drivers\svchost.exe tak ho ZMAZ
inac hotovo
nemas zac