problem s Desktop Security 2010

[Shreček]

Zdravím, dostal se mi do ruky notebook, kde dělá nepořádek rogue Desktop Security 2010, zkoušel jsem ho vyčistit pomocí MBAM (našel a odstranil), jenže bez úspěchu, po restartu se objeví znovu, nějaký nápad jak ho vyhubit? Díky moc

Log z RSITu:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Helča at 2010-04-11 17:51:29
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 10 GB (14%) free of 71 GB
Total RAM: 1790 MB (42% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-04-25 151552]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-07-06 4669440]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-04-25 457216]
"eAudio"=C:\Acer\Empowering Technology\eAudio\eAudio.exe [2007-06-11 1286144]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2007-08-15 772616]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-06-06 159744]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-07-24 63048]
"OODefragTray"=C:\Windows\system32\oodtray.exe [2007-05-11 2512392]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-03 13556256]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-03 92704]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-03-30 1086856]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-03-26 142120]
"IObit Security 360"=F:\\IS360tray.exe /autostart []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ares"=C:\Program Files\Ares\Ares.exe [2008-02-20 963072]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2009-10-09 25623336]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"Instructions"=C:\Users\Helča\AppData\Local\Temp\Temp1_Instructions.zip\Instructions.exe [2010-04-07 143872]
"olspqgurfwoq"=C:\Users\Helča\AppData\Local\Temp\m.2814C.tmp.exe [2010-04-07 4034048]
"StudioMSVCR71"=c:\users\helča\appdata\locallow\sun\java\deployment\cache\6.0\46\140de92e-67f413b7-n\msvcr71studio.exe []
"SecurityDesktop29748"=c:\users\helča\appdata\roaming\microsoft\windows\start menu\programs\securitydesktop.exe [2010-04-07 143872]
"JavaFXMicrosoft"=c:\users\helča\appdata\locallow\sun\java\deployment\cache\6.0\54\1a209876-13ba4b16-n\visualvisual.exe []
"DesktopSecurity"=C:\Users\Helča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecurityDesktop.exe [2010-04-07 143872]
"SecurityDesktop"=C:\Users\Helča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecurityDesktop.exe [2010-04-07 143872]
"decorad3dJavaFX1.0.0.1"=c:\users\helča\appdata\locallow\sun\java\deployment\cache\6.0\46\759e98ee-5a40e7e0-n\javafxdecorad3d.exe []
"Desktop Security 2010"=C:\Users\Helča\AppData\Roaming\Desktop Security 2010\Desktop Security 2010.exe [2010-04-07 1654272]
"SecurityCenter"=C:\Users\Helča\AppData\Roaming\Desktop Security 2010\securitycenter.exe [2010-04-07 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
C:\Program Files\Kontiki\KHost.exe [2007-04-23 1032640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
C:\Acer\AcerTour\Reminder.exe [2007-05-22 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Acer\Acer Arcade\PCMService.exe [2007-04-26 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"="C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption"
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94f1e86d-2e1f-11dd-98a9-001b38589382}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94f1e881-2e1f-11dd-98a9-001b38589382}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7f3e8c3-7675-11dd-bd92-001b38589382}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7f3e8c4-7675-11dd-bd92-001b38589382}]
shell\AutoRun\command - F:\AutoRun.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-04-11 17:48:58 ----D---- C:\Users\Helča\AppData\Roaming\Desktop Security 2010
2010-04-11 16:59:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-11 16:55:57 ----D---- C:\Program Files\trend micro
2010-04-11 16:55:56 ----D---- C:\rsit
2010-04-10 22:03:06 ----AD---- C:\ProgramData\TEMP
2010-04-09 20:19:16 ----D---- C:\Users\Helča\AppData\Roaming\Malwarebytes
2010-04-09 20:19:06 ----D---- C:\ProgramData\Malwarebytes
2010-04-09 17:10:27 ----D---- C:\ProgramData\IObit
2010-04-04 14:32:20 ----D---- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-04 14:32:20 ----D---- C:\Program Files\iTunes
2010-04-04 14:24:11 ----D---- C:\Program Files\QuickTime
2010-04-04 14:08:22 ----D---- C:\Program Files\Bonjour
2010-04-04 14:08:13 ----SHD---- C:\Config.Msi
2010-03-31 10:14:39 ----A---- C:\Windows\system32\mshtml.dll
2010-03-31 10:14:38 ----A---- C:\Windows\system32\ieframe.dll
2010-03-31 10:14:37 ----A---- C:\Windows\system32\iertutil.dll
2010-03-31 10:14:36 ----A---- C:\Windows\system32\wininet.dll
2010-03-31 10:14:36 ----A---- C:\Windows\system32\urlmon.dll
2010-03-31 10:14:36 ----A---- C:\Windows\system32\occache.dll
2010-03-31 10:14:36 ----A---- C:\Windows\system32\msfeeds.dll
2010-03-31 10:14:35 ----A---- C:\Windows\system32\mstime.dll
2010-03-31 10:14:35 ----A---- C:\Windows\system32\ieui.dll
2010-03-31 10:14:35 ----A---- C:\Windows\system32\iedkcs32.dll
2010-03-31 10:14:34 ----A---- C:\Windows\system32\msfeedssync.exe
2010-03-31 10:14:34 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-03-31 10:14:34 ----A---- C:\Windows\system32\jsproxy.dll
2010-03-31 10:14:34 ----A---- C:\Windows\system32\ieUnatt.exe
2010-03-31 10:14:34 ----A---- C:\Windows\system32\iesysprep.dll
2010-03-31 10:14:34 ----A---- C:\Windows\system32\iesetup.dll
2010-03-31 10:14:34 ----A---- C:\Windows\system32\iernonce.dll
2010-03-31 10:14:34 ----A---- C:\Windows\system32\iepeers.dll
2010-03-31 10:14:34 ----A---- C:\Windows\system32\ie4uinit.exe

======List of files/folders modified in the last 1 months======

2010-04-11 17:51:27 ----D---- C:\Windows\Temp
2010-04-11 17:46:38 ----D---- C:\Windows\system32\drivers
2010-04-11 17:46:38 ----D---- C:\Windows\security
2010-04-11 17:17:01 ----D---- C:\Windows\Globalization
2010-04-11 16:59:34 ----RD---- C:\Program Files
2010-04-11 16:58:34 ----D---- C:\Windows\System32
2010-04-11 16:58:34 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-11 16:58:33 ----D---- C:\Windows\inf
2010-04-11 16:55:17 ----D---- C:\Windows\Prefetch
2010-04-11 16:47:13 ----D---- C:\Program Files\LogMeIn
2010-04-11 16:35:16 ----A---- C:\Windows\ntbtlog.txt
2010-04-10 22:53:42 ----D---- C:\Program Files\Common Files
2010-04-10 22:52:44 ----D---- C:\Windows
2010-04-10 22:37:32 ----D---- C:\DRV
2010-04-10 22:26:46 ----HD---- C:\ProgramData
2010-04-10 22:25:15 ----D---- C:\Windows\DigitalLocker
2010-04-09 23:19:41 ----RSD---- C:\Windows\assembly
2010-04-09 22:45:23 ----D---- C:\Windows\Branding
2010-04-09 21:14:44 ----D---- C:\Windows\Provisioning
2010-04-09 20:28:50 ----D---- C:\Windows\en-US
2010-04-09 20:16:04 ----D---- C:\Windows\Minidump
2010-04-09 17:10:12 ----D---- C:\Program Files\KaraFun
2010-04-06 14:14:45 ----SHD---- C:\System Volume Information
2010-04-04 21:53:14 ----D---- C:\Windows\system32\catroot
2010-04-04 21:52:34 ----D---- C:\Users\Helča\AppData\Roaming\Skype
2010-04-04 16:00:21 ----D---- C:\Users\Helča\AppData\Roaming\skypePM
2010-04-04 14:36:27 ----SHD---- C:\Windows\Installer
2010-04-04 14:32:31 ----D---- C:\Program Files\iPod
2010-04-04 14:32:27 ----D---- C:\Program Files\Common Files\Apple
2010-04-04 14:11:53 ----D---- C:\Windows\system32\catroot2
2010-04-04 13:52:41 ----D---- C:\Program Files\Mozilla Firefox
2010-03-31 23:38:16 ----D---- C:\Program Files\Internet Explorer
2010-03-31 23:38:15 ----D---- C:\Windows\system32\migration
2010-03-31 10:48:36 ----D---- C:\Windows\winsxs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2008-07-24 47640]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2007-05-17 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-17 8192]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-14 154624]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-04-09 958464]
R3 Cam5607;Acer Crystal Eye webcam; C:\Windows\System32\Drivers\BisonC07.sys [2007-05-28 767664]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2007-05-16 32256]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-05-17 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-05-17 207360]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-18 1841312]
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-08-10 6144]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-18 1040544]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-03 7606688]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-05-17 12032]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-05-17 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Everest\kerneld.wnt [2008-09-18 20760]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2007-03-01 92032]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 se59bus;Sony Ericsson Device 089 driver (WDM); C:\Windows\system32\DRIVERS\se59bus.sys [2006-09-05 61536]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\se59mdfl.sys [2006-09-05 9360]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\se59mdm.sys [2006-09-05 97088]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\se59obex.sys [2006-09-05 86432]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []
S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-03-19 144672]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-02-12 345376]
R2 eDataSecurity Service;eDSService.exe; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-04-25 457512]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2009-10-01 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-07-24 63040]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-03 203296]
R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2007-05-11 1050120]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-09-22 604416]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 167936]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-03-26 545576]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 gupdate1c9f5124e925880;Služba Google Update (gupdate1c9f5124e925880); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-24 133104]
S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2007-03-20 263168]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-09-22 361216]
S4 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2007-04-26 257736]
S4 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [2007-04-26 118464]
S4 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2007-04-26 1076832]
S4 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-04-23 24576]
S4 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-07-03 53248]
S4 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 24576]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S4 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
S4 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-05-17 386560]

-----------------EOF-----------------

[Shreček]

tady je eště část z HJT, pokud by byla třeba..

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Helča\AppData\Local\Temp\Temp1_Instructions.zip\Instructions.exe
C:\Users\Helča\AppData\Local\Temp\m.2814C.tmp.exe
C:\Users\Helča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecurityDesktop.exe
C:\Users\Helča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecurityDesktop.exe
C:\Users\Helča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecurityDesktop.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\HELA~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
c:\users\helča\appdata\local\microsoft\feeds\informační kanály společnosti microsoft~\microsoftdomafeed.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Helča\AppData\Roaming\Desktop Security 2010\Desktop Security 2010.exe
C:\Users\Helča\AppData\Roaming\Desktop Security 2010\securitycenter.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
F:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IObit Security 360] "F:\\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Instructions] C:\Users\Helča\AppData\Local\Temp\Temp1_Instructions.zip\Instructions.exe
O4 - HKCU\..\Run: [olspqgurfwoq] C:\Users\Helča\AppData\Local\Temp\m.2814C.tmp.exe
O4 - HKCU\..\Run: [StudioMSVCR71] c:\users\helča\appdata\locallow\sun\java\deployment\cache\6.0\46\140de92e-67f413b7-n\msvcr71studio.exe
O4 - HKCU\..\Run: [SecurityDesktop29748] c:\users\helča\appdata\roaming\microsoft\windows\start menu\programs\securitydesktop.exe
O4 - HKCU\..\Run: [JavaFXMicrosoft] c:\users\helča\appdata\locallow\sun\java\deployment\cache\6.0\54\1a209876-13ba4b16-n\visualvisual.exe
O4 - HKCU\..\Run: [DesktopSecurity] C:\Users\Helča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecurityDesktop.exe
O4 - HKCU\..\Run: [SecurityDesktop] C:\Users\Helča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecurityDesktop.exe
O4 - HKCU\..\Run: [decorad3dJavaFX1.0.0.1] c:\users\helča\appdata\locallow\sun\java\deployment\cache\6.0\46\759e98ee-5a40e7e0-n\javafxdecorad3d.exe
O4 - HKCU\..\Run: [Desktop Security 2010] C:\Users\Helča\AppData\Roaming\Desktop Security 2010\Desktop Security 2010.exe
O4 - HKCU\..\Run: [SecurityCenter] C:\Users\Helča\AppData\Roaming\Desktop Security 2010\securitycenter.exe
O4 - HKCU\..\RunServices: [Instructions] C:\Users\Helča\AppData\Local\Temp\Temp1_Instructions.zip\Instructions.exe
O4 - HKCU\..\RunServices: [galerieTapeta] c:\users\helča\appdata\roaming\microsoft\windows photo gallery\galeriewindows.exe
O4 - HKCU\..\RunServices: [domafeedMicrosoft] c:\users\helča\appdata\local\microsoft\feeds\informační kanály společnosti microsoft~\microsoftdomafeed.exe
O4 - HKCU\..\RunServices: [MSVCR71Microsoft] c:\users\helča\appdata\locallow\sun\java\deployment\cache\6.0\15\58fb3e0f-4902ff6f-n\studiomicrosoft.exe
O4 - HKCU\..\RunServices: [DesktopSecurity] C:\Users\Helča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecurityDesktop.exe
O4 - HKCU\..\RunServices: [SecurityDesktop] C:\Users\Helča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecurityDesktop.exe
O4 - HKCU\..\RunServices: [IILucianaDuos] c:\users\helča\appdata\local\acer arcade\albumart\iilucianasouza.exe
O4 - HKCU\..\RunServices: [decorad3dJavaFX1.0.0.1] c:\users\helča\appdata\locallow\sun\java\deployment\cache\6.0\21\14e5d595-781eb764-n\javafxdecorad3d1.0.0.1.exe
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: Služba Google Update (gupdate1c9f5124e925880) (gupdate1c9f5124e925880) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

[Shreček]

takže - tu je log z Combofixu..

ComboFix 10-04-10.02 - Helča 11.04.2010 18:40:35.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.1790.910 [GMT 1:00]
Spuštěný z: c:\users\Helča\Desktop\Combofix.exe
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\HELA~1\AppData\Local\Temp\Temp1_Instructions.zip\Instructions.exe
c:\users\Helča\AppData\Local\Temp\Temp1_Instructions.zip\Instructions.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-11 do 2010-04-11 )))))))))))))))))))))))))))))))
.

2010-04-11 17:58 . 2010-04-11 17:58 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2010-04-11 17:58 . 2010-04-11 17:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-11 15:59 . 2010-03-29 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-11 15:59 . 2010-04-11 15:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-11 15:59 . 2010-03-29 23:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-11 15:55 . 2010-04-11 15:55 -------- d-----w- c:\program files\trend micro
2010-04-11 15:55 . 2010-04-11 15:56 -------- d-----w- C:\rsit
2010-04-09 19:19 . 2010-04-09 19:19 -------- d-----w- c:\programdata\Malwarebytes
2010-04-09 16:10 . 2010-04-09 16:10 -------- d-----w- c:\programdata\IObit
2010-04-04 13:32 . 2010-04-04 13:34 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-04 13:32 . 2010-04-04 13:34 -------- d-----w- c:\program files\iTunes
2010-04-04 13:24 . 2010-04-04 13:25 -------- d-----w- c:\program files\QuickTime
2010-04-04 13:08 . 2010-04-04 13:08 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 17:36 . 2007-01-08 21:10 602092 ----a-w- c:\windows\system32\perfh005.dat
2010-04-11 17:36 . 2007-01-08 21:10 116204 ----a-w- c:\windows\system32\perfc005.dat
2010-04-11 15:47 . 2008-09-18 13:24 -------- d-----w- c:\program files\LogMeIn
2010-04-09 22:20 . 2009-05-03 04:35 67627 ----a-w- c:\programdata\nvModes.dat
2010-04-09 16:10 . 2007-12-31 21:40 -------- d-----w- c:\program files\KaraFun
2010-04-04 13:32 . 2007-12-27 09:16 -------- d-----w- c:\program files\iPod
2010-04-04 13:32 . 2008-01-07 15:39 -------- d-----w- c:\program files\Common Files\Apple
2010-04-04 13:03 . 2010-04-04 13:03 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-11 00:10 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-11 00:10 . 2007-08-10 12:42 -------- d-----w- c:\programdata\Microsoft Help
2010-02-24 10:16 . 2009-10-03 07:58 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 09:14 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 09:14 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 09:14 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 09:14 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 11:45 . 2009-08-12 16:32 -------- d-----w- c:\program files\ICQ6.5
2010-02-15 13:24 . 2008-09-18 18:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-12 10:46 . 2010-02-12 10:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46 . 2010-02-12 10:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 10:32 . 2010-03-05 15:17 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-01-25 12:00 . 2010-02-23 20:44 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-23 20:44 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-23 20:44 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-23 20:44 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-23 20:44 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-23 20:44 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-23 20:44 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-23 20:44 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:21 . 2010-02-23 20:44 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-23 09:26 . 2010-02-23 20:45 2048 ----a-w- c:\windows\system32\tzres.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ares"="c:\program files\Ares\Ares.exe" [2008-02-20 963072]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Desktop Security 2010"="c:\users\Helča\AppData\Roaming\Desktop Security 2010\Desktop Security 2010.exe" [2010-04-07 1654272]
"SecurityCenter"="c:\users\Helča\AppData\Roaming\Desktop Security 2010\securitycenter.exe" [2010-04-07 253952]
"Microsoftdomafeed"="c:\users\helča\appdata\local\microsoft\feeds\informační kanály společnosti microsoft~\microsoftdomafeed.exe" [2010-04-07 143872]
"IILucianaDuos"="c:\users\helča\appdata\local\acer arcade\albumart\souzaduos.exe" [2010-04-07 143872]
"DuosSouza"="c:\users\Helča\AppData\Local\Acer Arcade\AlbumArt\SouzaDuos.exe" [2010-04-07 143872]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"galerieTapeta"="c:\users\helča\appdata\roaming\microsoft\windows photo gallery\galeriewindows.exe" [2010-04-07 143872]
"domafeedMicrosoft"="c:\users\helča\appdata\local\microsoft\feeds\informační kanály společnosti microsoft~\microsoftdomafeed.exe" [2010-04-07 143872]
"DesktopSecurity"="c:\users\Helča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecurityDesktop.exe" [2010-04-07 143872]
"SecurityDesktop"="c:\users\Helča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecurityDesktop.exe" [2010-04-07 143872]
"IILucianaDuos"="c:\users\helča\appdata\local\acer arcade\albumart\iilucianasouza.exe" [2010-04-07 143872]
"Microsoftdomafeed"="c:\users\helča\appdata\local\microsoft\feeds\informační kanály společnosti microsoft~\microsoftdomafeed.exe" [2010-04-07 143872]
"burkerida14708"="c:\users\helča\appdata\local\ares\my shared folder\ridaarestraalexandra.exe" [2010-04-07 143872]
"SouzaDuos"="c:\users\Helča\AppData\Local\Acer Arcade\AlbumArt\SouzaDuos.exe" [2010-04-07 143872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-08-15 772616]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-03 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-03 92704]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-10 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="c:\users\Helča\AppData\Roaming\Desktop Security 2010\Desktop Security 2010.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
2007-04-23 09:23 1032640 ----a-w- c:\program files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
2007-05-22 13:49 151552 ----a-w- c:\acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-04-26 13:24 151552 ----a-w- c:\program files\Acer\Acer Arcade\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 20:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ares"="c:\program files\Ares\Ares.exe" -h
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):62,70,f2,4a,1f,38,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-264909603-731378532-1667188244-1000]
"EnableNotificationsRef"=dword:00000002

R2 gupdate1c9f5124e925880;Služba Google Update (gupdate1c9f5124e925880);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 133104]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Everest\kerneld.wnt [2008-09-18 20760]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-05-16 32256]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-04-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 14:37]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 21:25]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 21:25]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Helča\AppData\Roaming\Mozilla\Firefox\Profiles\37g4zzn3.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-StudioMSVCR71 - c:\users\helča\appdata\locallow\sun\java\deployment\cache\6.0\46\140de92e-67f413b7-n\msvcr71studio.exe
HKCU-Run-JavaFXMicrosoft - c:\users\helča\appdata\locallow\sun\java\deployment\cache\6.0\54\1a209876-13ba4b16-n\visualvisual.exe
HKCU-Run-decorad3dJavaFX1.0.0.1 - c:\users\helča\appdata\locallow\sun\java\deployment\cache\6.0\46\759e98ee-5a40e7e0-n\javafxdecorad3d.exe
HKCU-RunServices-Instructions - c:\users\Helča\AppData\Local\Temp\Temp1_Instructions.zip\Instructions.exe
HKCU-RunServices-MSVCR71Microsoft - c:\users\helča\appdata\locallow\sun\java\deployment\cache\6.0\15\58fb3e0f-4902ff6f-n\studiomicrosoft.exe
HKCU-RunServices-decorad3dJavaFX1.0.0.1 - c:\users\helča\appdata\locallow\sun\java\deployment\cache\6.0\21\14e5d595-781eb764-n\javafxdecorad3d1.0.0.1.exe
HKLM-Run-IObit Security 360 - f:\\IS360tray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 19:04
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Everest\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="C6B5D787444B696E89A0257E32C57F35F427301868DDA688C56624D3857117DFB6D4ADEBFD3198571E61A66C624B0B0E639E0758759FC70C3884AA549709C83FB23E63727FB228862306607EC0FC714B4E9961E0A67432ABE6B13B92585C71B662152DA2D63F67B295B483C1C31A8BFC2ADD8DE9F50FED715AF3E10FE6ADE7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A6A0AC4980AC79338EDD5E5BE2F6E6677A0E9F0D1144B5A68ECC82475C027DBC32235B428FCE42AC644404928ACC7BF9603C9796175CB08888B434BAA5893F4BDE01C11387403044157E5B37C9541DCBA148348010DFAB2FEAB69A830CE48E9D852E84707CC921E27A3F31ADC42009F7231CD3510ABFEE5B1653D56566AA47BE9D60A17BB0C8A2824593041046711D07713897C1F7414BC18E1DC855F244C7B045E1DD85C76C4691CB9619307D5C3BF13BAEE6C0B2809289FA3E9BFD50F17468BD8FC299CBB89EF0897CFA91FA4AC82852276B6F74681BCE2772B7BF0347B54EEAD999EFAA05C5F7990B766E36F62F8EAEDC92A15D3C4022050ACD2BF4A7F441D4C6757936FD5870C09C9B320A745DF96B1F8E637090DF07A6695007F1D1258F2A6FA7D9A2227617629FC0FC332643B546D156EF14D1DBF4C30876CD29D23701BB024BE78A46C3208A957E255646D70123EB243B96BA1E59B9F3BAAFB08CA34C7DBDBA30E912EA2FE5953231F76093108877F4E8A4DF0E92874BDC0D7FB666A009F81671A30018E0C6C9FBDD8355F40921158C52D2259BF6D0C3617EF25CFE9D1B9E421F7C62FA412370C21DC65BFC073CF76F0618C439CBDD250D4D4C5CF0D715A867609CDA49D294DBAF92F479B218CC67E845CF4B5ECF1B4B6C772DE843597A2BF0921461BA8BD871AD96248D9DC16ABE8706BA9D04B017A74FAF2008831FF4CA10C452438C56D1AD6F364EC74DF7CDEB1C70F96EA99407BDC55E9116BF9951BF37382D9E0010061C6BB052AC53285774BCE317C8D211C1A5AA9B50418B2E81D7A0E65E67580C1FE057FC7296C3308AED45707B0B8435448C9737130C7F3698F4C7FA03665E8F6AB03441D4B0B9E28C04D15C78E54BFDAD316BB3EF4E367E518CEB541CB7DFD3DBD7C05B847C5288AA75C6213F5FB461C2E9C9C765B0D04708A611871048AD87863302DAEE4E2F5BD197C7EBE951D2C66A1D99DCD2B4F147BBE001DA285F9A4D25354205E7CFF589944F419E72EA3D0AB1C785917CAA412694ED47CA901301BA97E48ED2A47C50372C19DFCE382C8EFB46FA7D3A0BBA6A0159913305DBCEBD595D5C37EF3FA5EC7B710416C4FE6AE45FFED834DB895E1D687725D9EE7FD2AE289D49D2BCB7707BE064B39A806D51E36D519CA132EAE68D637F"
"OODEFRAG10.00.00.01WORKSTATION"="22A2EA078DF754F13DFC6267248D25082858225468664F795F0069B154A9A3F7567A180E341701A197938C90D37673107B38893B44DF6E49F02835FA224E06F1536DA1087507C75A4F2AE697A6C99954DB36CE5C73D72F5D3D8A8F5487498A1521FE93E991AF1008BE54D668778CA5461292D1399491E94C9F36707305BAF23E4C2BA03E882F236B431A69026BF88AAAED8217660A035902F6AC76235F74E31D65DF1E259ED4301ABEF44A7766FA211DC02CC40AFB56A0BB28DFE13FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A6A0AC4980AC7933A6171C11EC38DE3DFE5F50AF0265F303BCD29CE5F153257381E0176A6FF5A4016BD3735BFD320A1F6714E4E7BF9926A9F5E8D1B5BBA47DF7F20B919EB421CB3F7A8E4633118AA8BB5110BB9A4E9D273C6AC15BB10DC99BE86D39288B206DDC67DC165D37385F244DBC7705D8994F74DCD9BFB10E61EF189992A8BE2C5D72A725B2A722C7F1D6A870EA24D1880F04B2BE487931563937AFF344CD18511F40233662B3E498BF0C04D9E2A31B63A104A9AB7B3A9A6A1736C376AACFDF1E975868EB94DFD633278EA9516D383C77470A457EFE7F12FA0375D831B38BA20A02B1362FB5840F74B161B03119D6F4277B48152722FC219188F119C90F1051E199356D77F62C068DEE7BD4E7382867A6BDDF4DAAF7973286B71CCFF8311F42C41EC015D44E191D036D46727AE18B9B010F6B46A1586B978923D8EE8CCF32AD265526D568753F15AC44238F00EE91FD93F6F5FA385D47839D64820AE56AF3B1CE092D7EE9E8C714398DE4CF227EFEDC117F7E0D2F652B909894E4DBF93FC3CFD9830E02A1E80E26276650012271CE6BFC387B3E5817CF3A27D6413FD25336ECB61777F370FAA3B7CBF0A210D2EEADC1B334D2779ED41FDF464B4D370C6D12D2A8178B10C5E84D9BD1D20B911AE0FC5B6108E0457D4EB8C7491B3067581A5330C9DDE0B22A408209B4B42A3B74755317084FF6D585EF6D9957728A98FDABA7930446005FB6D0709AC44499E7719F78B8FD2AD7FE5A6C44E1EA006938D2B275F497B2683A1930F6CC27B4E297B3146C66EBB8BB38343D779052F7D4D7470BD2AB18078B0F16B8AB84D4BA06EBF2CCDDAED0A44F1B601CF6F9B192C3AADB4E8A77EDABCECA010656061B8F752C798A34FDFE9532EA3E8864D67E8A250B25DC9DF6D48C0E7F4679737D98F11843A74D88281ABBF70A424496C3049E5775CCDB3F325B9C15E16339B3F845A248C0EFDA28659D49A800F4D917C0E094330B10B3D51167CD27CDE92EFBE8E7675756DABE15D0D5F541797190A5338733FD8FC00FFD61AE9BF940020465261D0B06DB03C5846AE6FA31C5697A33E140C5F6EC435F0753BC"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(744)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\oodag.exe
c:\windows\System32\TUProgSt.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\LManager.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\rundll32.exe
c:\acer\Empowering Technology\ENET\ENMTRAY.EXE
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\users\HELA~1\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2010-04-11 19:15:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-11 18:15

Před spuštěním: Volných bajtů: 10 539 315 200
Po spuštění: Volných bajtů: 10 300 780 544

- - End Of File - - BE97760949E85FE65A27D2043517BC8C

tu je rychlý scan gmeru:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-11 19:30:03
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\HELA~1\AppData\Local\Temp\kwrcipoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

tu je kompletní scan gmeru:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-11 20:15:24
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\HELA~1\AppData\Local\Temp\kwrcipoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION C6B5D787444B696E89A0257E32C57F35F427301868DDA688C56624D3857117DFB6D4ADEBFD3198571E61A66C624B0B0E639E0758759FC70C3884AA549709C83FB23E63727FB228862306607EC0FC714B4E9961E0A67432ABE6B13B92585C71B662152DA2D63F67B295B483C1C31A8BFC2ADD8DE9F50FED715AF3E10FE6ADE7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A6A0AC4980AC79338EDD5E5BE2F6E6677A0E9F0D1144B5A68ECC82475C027DBC32235B428FCE42AC644404928ACC7BF9603C9796175CB08888B434BAA5893F4BDE01C11387403044157E5B37C9541DCBA148348010DFAB2FEAB69A830CE48E9D852E84707CC921E27A3F31ADC42009F7231CD3510ABFEE5B1653D56566AA47BE9D60A17BB0C8A2824593041046711D07713897C1F7414BC18E1DC855F244C7B045E1DD85C76C4691CB9619307D5C3BF13BAEE6C0B2809289FA3E9BFD50F17468BD8FC299CBB89EF0897CFA91FA4AC82852276B6F74681BCE2772B7BF0347B54EEAD999EFAA05C5F7990B766E36F62F8EAEDC92A15D3C4022050ACD2BF4A7F441D4C6757936FD5870C09C9B320A745DF96B1F8E637090DF07A6695007F1D1258F2A6FA7D9A2227617629FC0FC332643B546D156EF14D1DBF4C30876CD29D23701B
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 22A2EA078DF754F13DFC6267248D25082858225468664F795F0069B154A9A3F7567A180E341701A197938C90D37673107B38893B44DF6E49F02835FA224E06F1536DA1087507C75A4F2AE697A6C99954DB36CE5C73D72F5D3D8A8F5487498A1521FE93E991AF1008BE54D668778CA5461292D1399491E94C9F36707305BAF23E4C2BA03E882F236B431A69026BF88AAAED8217660A035902F6AC76235F74E31D65DF1E259ED4301ABEF44A7766FA211DC02CC40AFB56A0BB28DFE13FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A6A0AC4980AC7933A6171C11EC38DE3DFE5F50AF0265F303BCD29CE5F153257381E0176A6FF5A4016BD3735BFD320A1F6714E4E7BF9926A9F5E8D1B5BBA47DF7F20B919EB421CB3F7A8E4633118AA8BB5110BB9A4E9D273C6AC15BB10DC99BE86D39288B206DDC67DC165D37385F244DBC7705D8994F74DCD9BFB10E61EF189992A8BE2C5D72A725B2A722C7F1D6A870EA24D1880F04B2BE487931563937AFF344CD18511F40233662B3E498BF0C04D9E2A31B63A104A9AB7B3A9A6A1736C376AACFDF1E975868EB94DFD633278EA9516D383C77470A457EFE7F12FA0375D831B38BA20A02B1362FB5840F74B161B03119D6F4277B48152722FC219188F119C90F1051E

---- EOF - GMER 1.0.15 ----

[Shreček]

log z ComboFixu -

ComboFix 10-04-10.02 - Helča 11.04.2010 21:04:35.2.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.1790.830 [GMT 1:00]
Spuštěný z: c:\users\Helča\Desktop\Combofix.exe
Použité ovládací přepínače :: c:\users\Helča\Desktop\CFScript.txt
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

file zipped: c:\users\helča\appdata\local\acer arcade\albumart\iilucianasouza.exe
file zipped: c:\users\Helča\AppData\Local\Acer Arcade\AlbumArt\SouzaDuos.exe
file zipped: c:\users\helča\appdata\local\ares\my shared folder\ridaarestraalexandra.exe
file zipped: c:\users\helča\appdata\local\microsoft\feeds\informační kanály společnosti microsoft~\microsoftdomafeed.exe
file zipped: c:\users\Helča\AppData\Roaming\Desktop Security 2010\Desktop Security 2010.exe
file zipped: c:\users\Helča\AppData\Roaming\Desktop Security 2010\securitycenter.exe
file zipped: c:\users\helča\appdata\roaming\microsoft\windows photo gallery\galeriewindows.exe
file zipped: c:\users\Helča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecurityDesktop.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\helča\appdata\local\acer arcade\albumart\iilucianasouza.exe
c:\users\Helča\AppData\Local\Acer Arcade\AlbumArt\SouzaDuos.exe
c:\users\helča\appdata\local\ares\my shared folder\ridaarestraalexandra.exe
c:\users\helča\appdata\local\microsoft\feeds\informační kanály společnosti microsoft~\microsoftdomafeed.exe
c:\users\Helča\AppData\Roaming\Desktop Security 2010\Desktop Security 2010.exe
c:\users\Helča\AppData\Roaming\Desktop Security 2010\securitycenter.exe
c:\users\helča\appdata\roaming\microsoft\windows photo gallery\galeriewindows.exe
c:\users\Helča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecurityDesktop.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-11 do 2010-04-11 )))))))))))))))))))))))))))))))
.

2010-04-11 20:15 . 2010-04-11 20:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-11 20:15 . 2010-04-11 20:15 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2010-04-11 20:15 . 2010-04-11 20:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-11 15:59 . 2010-04-11 18:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-11 15:55 . 2010-04-11 15:55 -------- d-----w- c:\program files\trend micro
2010-04-09 19:19 . 2010-04-09 19:19 -------- d-----w- c:\programdata\Malwarebytes
2010-04-09 16:10 . 2010-04-09 16:10 -------- d-----w- c:\programdata\IObit
2010-04-04 13:32 . 2010-04-04 13:34 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-04 13:32 . 2010-04-04 13:34 -------- d-----w- c:\program files\iTunes
2010-04-04 13:24 . 2010-04-04 13:25 -------- d-----w- c:\program files\QuickTime
2010-04-04 13:08 . 2010-04-04 13:08 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 18:48 . 2007-01-08 21:10 602092 ----a-w- c:\windows\system32\perfh005.dat
2010-04-11 18:48 . 2007-01-08 21:10 116204 ----a-w- c:\windows\system32\perfc005.dat
2010-04-11 15:47 . 2008-09-18 13:24 -------- d-----w- c:\program files\LogMeIn
2010-04-09 22:20 . 2009-05-03 04:35 67627 ----a-w- c:\programdata\nvModes.dat
2010-04-09 16:10 . 2007-12-31 21:40 -------- d-----w- c:\program files\KaraFun
2010-04-04 13:32 . 2007-12-27 09:16 -------- d-----w- c:\program files\iPod
2010-04-04 13:32 . 2008-01-07 15:39 -------- d-----w- c:\program files\Common Files\Apple
2010-04-04 13:03 . 2010-04-04 13:03 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-11 00:10 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-11 00:10 . 2007-08-10 12:42 -------- d-----w- c:\programdata\Microsoft Help
2010-02-24 10:16 . 2009-10-03 07:58 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 09:14 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 09:14 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 09:14 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 09:14 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 11:45 . 2009-08-12 16:32 -------- d-----w- c:\program files\ICQ6.5
2010-02-15 13:24 . 2008-09-18 18:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-12 10:46 . 2010-02-12 10:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46 . 2010-02-12 10:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 10:32 . 2010-03-05 15:17 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-01-25 12:00 . 2010-02-23 20:44 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-23 20:44 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-23 20:44 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-23 20:44 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-23 20:44 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-23 20:44 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-23 20:44 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-23 20:44 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:21 . 2010-02-23 20:44 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-23 09:26 . 2010-02-23 20:45 2048 ----a-w- c:\windows\system32\tzres.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ares"="c:\program files\Ares\Ares.exe" [2008-02-20 963072]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-08-15 772616]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-03 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-03 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-10 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
2007-04-23 09:23 1032640 ----a-w- c:\program files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
2007-05-22 13:49 151552 ----a-w- c:\acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-04-26 13:24 151552 ----a-w- c:\program files\Acer\Acer Arcade\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 20:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ares"="c:\program files\Ares\Ares.exe" -h
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):62,70,f2,4a,1f,38,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-264909603-731378532-1667188244-1000]
"EnableNotificationsRef"=dword:00000002

R2 gupdate1c9f5124e925880;Služba Google Update (gupdate1c9f5124e925880);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 133104]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Everest\kerneld.wnt [2008-09-18 20760]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-05-16 32256]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-04-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 14:37]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 21:25]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 21:25]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Helča\AppData\Roaming\Mozilla\Firefox\Profiles\37g4zzn3.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 21:17
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Everest\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="C6B5D787444B696E89A0257E32C57F35F427301868DDA688C56624D3857117DFB6D4ADEBFD3198571E61A66C624B0B0E639E0758759FC70C3884AA549709C83FB23E63727FB228862306607EC0FC714B4E9961E0A67432ABE6B13B92585C71B662152DA2D63F67B295B483C1C31A8BFC2ADD8DE9F50FED715AF3E10FE6ADE7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A6A0AC4980AC79338EDD5E5BE2F6E6677A0E9F0D1144B5A68ECC82475C027DBC32235B428FCE42AC644404928ACC7BF9603C9796175CB08888B434BAA5893F4BDE01C11387403044157E5B37C9541DCBA148348010DFAB2FEAB69A830CE48E9D852E84707CC921E27A3F31ADC42009F7231CD3510ABFEE5B1653D56566AA47BE9D60A17BB0C8A2824593041046711D07713897C1F7414BC18E1DC855F244C7B045E1DD85C76C4691CB9619307D5C3BF13BAEE6C0B2809289FA3E9BFD50F17468BD8FC299CBB89EF0897CFA91FA4AC82852276B6F74681BCE2772B7BF0347B54EEAD999EFAA05C5F7990B766E36F62F8EAEDC92A15D3C4022050ACD2BF4A7F441D4C6757936FD5870C09C9B320A745DF96B1F8E637090DF07A6695007F1D1258F2A6FA7D9A2227617629FC0FC332643B546D156EF14D1DBF4C30876CD29D23701BB024BE78A46C3208A957E255646D70123EB243B96BA1E59B9F3BAAFB08CA34C7DBDBA30E912EA2FE5953231F76093108877F4E8A4DF0E92874BDC0D7FB666A009F81671A30018E0C6C9FBDD8355F40921158C52D2259BF6D0C3617EF25CFE9D1B9E421F7C62FA412370C21DC65BFC073CF76F0618C439CBDD250D4D4C5CF0D715A867609CDA49D294DBAF92F479B218CC67E845CF4B5ECF1B4B6C772DE843597A2BF0921461BA8BD871AD96248D9DC16ABE8706BA9D04B017A74FAF2008831FF4CA10C452438C56D1AD6F364EC74DF7CDEB1C70F96EA99407BDC55E9116BF9951BF37382D9E0010061C6BB052AC53285774BCE317C8D211C1A5AA9B50418B2E81D7A0E65E67580C1FE057FC7296C3308AED45707B0B8435448C9737130C7F3698F4C7FA03665E8F6AB03441D4B0B9E28C04D15C78E54BFDAD316BB3EF4E367E518CEB541CB7DFD3DBD7C05B847C5288AA75C6213F5FB461C2E9C9C765B0D04708A611871048AD87863302DAEE4E2F5BD197C7EBE951D2C66A1D99DCD2B4F147BBE001DA285F9A4D25354205E7CFF589944F419E72EA3D0AB1C785917CAA412694ED47CA901301BA97E48ED2A47C50372C19DFCE382C8EFB46FA7D3A0BBA6A0159913305DBCEBD595D5C37EF3FA5EC7B710416C4FE6AE45FFED834DB895E1D687725D9EE7FD2AE289D49D2BCB7707BE064B39A806D51E36D519CA132EAE68D637F"
"OODEFRAG10.00.00.01WORKSTATION"="22A2EA078DF754F13DFC6267248D25082858225468664F795F0069B154A9A3F7567A180E341701A197938C90D37673107B38893B44DF6E49F02835FA224E06F1536DA1087507C75A4F2AE697A6C99954DB36CE5C73D72F5D3D8A8F5487498A1521FE93E991AF1008BE54D668778CA5461292D1399491E94C9F36707305BAF23E4C2BA03E882F236B431A69026BF88AAAED8217660A035902F6AC76235F74E31D65DF1E259ED4301ABEF44A7766FA211DC02CC40AFB56A0BB28DFE13FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A6A0AC4980AC7933A6171C11EC38DE3DFE5F50AF0265F303BCD29CE5F153257381E0176A6FF5A4016BD3735BFD320A1F6714E4E7BF9926A9F5E8D1B5BBA47DF7F20B919EB421CB3F7A8E4633118AA8BB5110BB9A4E9D273C6AC15BB10DC99BE86D39288B206DDC67DC165D37385F244DBC7705D8994F74DCD9BFB10E61EF189992A8BE2C5D72A725B2A722C7F1D6A870EA24D1880F04B2BE487931563937AFF344CD18511F40233662B3E498BF0C04D9E2A31B63A104A9AB7B3A9A6A1736C376AACFDF1E975868EB94DFD633278EA9516D383C77470A457EFE7F12FA0375D831B38BA20A02B1362FB5840F74B161B03119D6F4277B48152722FC219188F119C90F1051E199356D77F62C068DEE7BD4E7382867A6BDDF4DAAF7973286B71CCFF8311F42C41EC015D44E191D036D46727AE18B9B010F6B46A1586B978923D8EE8CCF32AD265526D568753F15AC44238F00EE91FD93F6F5FA385D47839D64820AE56AF3B1CE092D7EE9E8C714398DE4CF227EFEDC117F7E0D2F652B909894E4DBF93FC3CFD9830E02A1E80E26276650012271CE6BFC387B3E5817CF3A27D6413FD25336ECB61777F370FAA3B7CBF0A210D2EEADC1B334D2779ED41FDF464B4D370C6D12D2A8178B10C5E84D9BD1D20B911AE0FC5B6108E0457D4EB8C7491B3067581A5330C9DDE0B22A408209B4B42A3B74755317084FF6D585EF6D9957728A98FDABA7930446005FB6D0709AC44499E7719F78B8FD2AD7FE5A6C44E1EA006938D2B275F497B2683A1930F6CC27B4E297B3146C66EBB8BB38343D779052F7D4D7470BD2AB18078B0F16B8AB84D4BA06EBF2CCDDAED0A44F1B601CF6F9B192C3AADB4E8A77EDABCECA010656061B8F752C798A34FDFE9532EA3E8864D67E8A250B25DC9DF6D48C0E7F4679737D98F11843A74D88281ABBF70A424496C3049E5775CCDB3F325B9C15E16339B3F845A248C0EFDA28659D49A800F4D917C0E094330B10B3D51167CD27CDE92EFBE8E7675756DABE15D0D5F541797190A5338733FD8FC00FFD61AE9BF940020465261D0B06DB03C5846AE6FA31C5697A33E140C5F6EC435F0753BC"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(2056)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\oodag.exe
c:\windows\System32\TUProgSt.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\LManager.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\rundll32.exe
c:\acer\Empowering Technology\ENET\ENMTRAY.EXE
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\program files\iPod\bin\iPodService.exe
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2010-04-11 21:28:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-11 20:28
ComboFix2.txt 2010-04-11 18:15

Před spuštěním: Volných bajtů: 10 085 081 088
Po spuštění: Volných bajtů: 10 041 896 960

- - End Of File - - FC1CA08356552A8D4318A3A16C12D2D8


k prosbě..zip soubor jsem odeslal na požadované stránce a nyní jdu poslat požadovaný link do SZ

..nyní běží hloubkový sken MBAM, pak sem hodím výsledek..

[Shreček]

log z MBAM -

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3930

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

12.4.2010 0:32:10
mbam-log-2010-04-12 (00-32-10).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 215519
Uplynulý čas: 1 hodina(y), 35 minuta(y), 10 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 2
Infikované soubory: 14

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\Software\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
C:\Users\Helča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Users\Helča\AppData\Roaming\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

Infikované soubory:
C:\Users\Helča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010\Activate Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Users\Helča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010\Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Users\Helča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010\Help Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Users\Helča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010\How to Activate Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Users\Helča\AppData\Roaming\Desktop Security 2010\daily.cvd (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Users\Helča\AppData\Roaming\Desktop Security 2010\mfc71.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Users\Helča\AppData\Roaming\Desktop Security 2010\MFC71ENU.DLL (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Users\Helča\AppData\Roaming\Desktop Security 2010\msvcp71.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Users\Helča\AppData\Roaming\Desktop Security 2010\msvcr71.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Users\Helča\AppData\Roaming\Desktop Security 2010\pthreadVC2.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Users\Helča\AppData\Roaming\Desktop Security 2010\securityhelper.exe (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Users\Helča\AppData\Roaming\Desktop Security 2010\taskmgr.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Users\Helča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010.LNK (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Users\Helča\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Desktop Security 2010.LNK (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

[Shreček]

žádné další problémy jsem nezaznamenal, počítač jede bez ujmy na zdraví, vyzerá to, že jsme to uspěšně odstranili

log z RSIT -

Logfile of random's system information tool 1.06 (written by random/random)
Run by Helča at 2010-04-12 13:31:18
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 10 GB (13%) free of 71 GB
Total RAM: 1790 MB (47% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-04-25 151552]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-07-06 4669440]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-04-25 457216]
"eAudio"=C:\Acer\Empowering Technology\eAudio\eAudio.exe [2007-06-11 1286144]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2007-08-15 772616]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-06-06 159744]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-07-24 63048]
"OODefragTray"=C:\Windows\system32\oodtray.exe [2007-05-11 2512392]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-03 13556256]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-03 92704]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-03-26 142120]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-03-30 1086856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ares"=C:\Program Files\Ares\Ares.exe [2008-02-20 963072]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2009-10-09 25623336]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
C:\Program Files\Kontiki\KHost.exe [2007-04-23 1032640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
C:\Acer\AcerTour\Reminder.exe [2007-05-22 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Acer\Acer Arcade\PCMService.exe [2007-04-26 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"="C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption"
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-04-12 13:25:41 ----D---- C:\rsit
2010-04-11 21:26:40 ----SHD---- C:\$RECYCLE.BIN
2010-04-11 21:00:48 ----A---- C:\Windows\SWXCACLS.exe
2010-04-11 18:38:16 ----A---- C:\Windows\zip.exe
2010-04-11 18:38:16 ----A---- C:\Windows\SWSC.exe
2010-04-11 18:38:16 ----A---- C:\Windows\SWREG.exe
2010-04-11 18:38:16 ----A---- C:\Windows\sed.exe
2010-04-11 18:38:16 ----A---- C:\Windows\PEV.exe
2010-04-11 18:38:16 ----A---- C:\Windows\NIRCMD.exe
2010-04-11 18:38:16 ----A---- C:\Windows\MBR.exe
2010-04-11 18:38:16 ----A---- C:\Windows\grep.exe
2010-04-11 18:38:10 ----D---- C:\Windows\ERDNT
2010-04-11 16:59:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-11 16:55:57 ----D---- C:\Program Files\trend micro
2010-04-10 22:03:06 ----AD---- C:\ProgramData\TEMP
2010-04-09 20:19:16 ----D---- C:\Users\Helča\AppData\Roaming\Malwarebytes
2010-04-09 20:19:06 ----D---- C:\ProgramData\Malwarebytes
2010-04-09 17:10:27 ----D---- C:\ProgramData\IObit
2010-04-04 14:32:20 ----D---- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-04 14:32:20 ----D---- C:\Program Files\iTunes
2010-04-04 14:24:11 ----D---- C:\Program Files\QuickTime
2010-04-04 14:08:22 ----D---- C:\Program Files\Bonjour
2010-04-04 14:08:13 ----D---- C:\Config.Msi
2010-03-31 10:14:39 ----A---- C:\Windows\system32\mshtml.dll
2010-03-31 10:14:38 ----A---- C:\Windows\system32\ieframe.dll
2010-03-31 10:14:37 ----A---- C:\Windows\system32\iertutil.dll
2010-03-31 10:14:36 ----A---- C:\Windows\system32\wininet.dll
2010-03-31 10:14:36 ----A---- C:\Windows\system32\urlmon.dll
2010-03-31 10:14:36 ----A---- C:\Windows\system32\occache.dll
2010-03-31 10:14:36 ----A---- C:\Windows\system32\msfeeds.dll
2010-03-31 10:14:35 ----A---- C:\Windows\system32\mstime.dll
2010-03-31 10:14:35 ----A---- C:\Windows\system32\ieui.dll
2010-03-31 10:14:35 ----A---- C:\Windows\system32\iedkcs32.dll
2010-03-31 10:14:34 ----A---- C:\Windows\system32\msfeedssync.exe
2010-03-31 10:14:34 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-03-31 10:14:34 ----A---- C:\Windows\system32\jsproxy.dll
2010-03-31 10:14:34 ----A---- C:\Windows\system32\ieUnatt.exe
2010-03-31 10:14:34 ----A---- C:\Windows\system32\iesysprep.dll
2010-03-31 10:14:34 ----A---- C:\Windows\system32\iesetup.dll
2010-03-31 10:14:34 ----A---- C:\Windows\system32\iernonce.dll
2010-03-31 10:14:34 ----A---- C:\Windows\system32\iepeers.dll
2010-03-31 10:14:34 ----A---- C:\Windows\system32\ie4uinit.exe

======List of files/folders modified in the last 1 months======

2010-04-12 13:30:47 ----D---- C:\Windows\Temp
2010-04-12 13:27:33 ----D---- C:\Windows\System32
2010-04-12 13:27:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-12 13:27:32 ----D---- C:\Windows\inf
2010-04-12 00:35:19 ----RD---- C:\Windows\Offline Web Pages
2010-04-12 00:35:19 ----D---- C:\Windows\system32\drivers
2010-04-12 00:00:05 ----D---- C:\Program Files\LogMeIn
2010-04-11 21:18:01 ----D---- C:\Windows
2010-04-11 21:18:01 ----A---- C:\Windows\system.ini
2010-04-11 21:10:30 ----D---- C:\Windows\AppPatch
2010-04-11 21:10:28 ----D---- C:\Program Files\Common Files
2010-04-11 19:43:19 ----D---- C:\Windows\Minidump
2010-04-11 19:22:52 ----A---- C:\Windows\ntbtlog.txt
2010-04-11 18:55:32 ----SHD---- C:\System Volume Information
2010-04-11 17:46:38 ----D---- C:\Windows\security
2010-04-11 17:46:38 ----D---- C:\Windows\Globalization
2010-04-11 16:59:34 ----RD---- C:\Program Files
2010-04-11 16:55:17 ----D---- C:\Windows\Prefetch
2010-04-10 22:37:32 ----D---- C:\DRV
2010-04-10 22:26:46 ----D---- C:\ProgramData
2010-04-10 22:25:15 ----D---- C:\Windows\DigitalLocker
2010-04-09 23:19:41 ----RSD---- C:\Windows\assembly
2010-04-09 22:45:23 ----D---- C:\Windows\Branding
2010-04-09 21:14:44 ----D---- C:\Windows\Provisioning
2010-04-09 20:28:50 ----D---- C:\Windows\en-US
2010-04-09 17:10:12 ----D---- C:\Program Files\KaraFun
2010-04-04 21:53:14 ----D---- C:\Windows\system32\catroot
2010-04-04 21:52:34 ----D---- C:\Users\Helča\AppData\Roaming\Skype
2010-04-04 16:00:21 ----D---- C:\Users\Helča\AppData\Roaming\skypePM
2010-04-04 14:36:27 ----SHD---- C:\Windows\Installer
2010-04-04 14:32:31 ----D---- C:\Program Files\iPod
2010-04-04 14:32:27 ----D---- C:\Program Files\Common Files\Apple
2010-04-04 14:11:53 ----D---- C:\Windows\system32\catroot2
2010-04-04 13:52:41 ----D---- C:\Program Files\Mozilla Firefox
2010-03-31 23:38:16 ----D---- C:\Program Files\Internet Explorer
2010-03-31 23:38:15 ----D---- C:\Windows\system32\migration
2010-03-31 10:48:36 ----D---- C:\Windows\winsxs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2008-07-24 47640]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2007-05-17 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-17 8192]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-14 154624]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-04-09 958464]
R3 Cam5607;Acer Crystal Eye webcam; C:\Windows\System32\Drivers\BisonC07.sys [2007-05-28 767664]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2007-05-16 32256]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-05-17 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-05-17 207360]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-18 1841312]
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-08-10 6144]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-18 1040544]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-03 7606688]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-05-17 12032]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-05-17 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 catchme;catchme; \??\C:\Combofix\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Everest\kerneld.wnt [2008-09-18 20760]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2007-03-01 92032]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 se59bus;Sony Ericsson Device 089 driver (WDM); C:\Windows\system32\DRIVERS\se59bus.sys [2006-09-05 61536]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\se59mdfl.sys [2006-09-05 9360]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\se59mdm.sys [2006-09-05 97088]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\se59obex.sys [2006-09-05 86432]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []
S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-03-19 144672]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-02-12 345376]
R2 eDataSecurity Service;eDSService.exe; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-04-25 457512]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2009-10-01 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-07-24 63040]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-03 203296]
R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2007-05-11 1050120]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-09-22 604416]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 167936]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-03-26 545576]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 gupdate1c9f5124e925880;Služba Google Update (gupdate1c9f5124e925880); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-24 133104]
S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2007-03-20 263168]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-09-22 361216]
S4 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2007-04-26 257736]
S4 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [2007-04-26 118464]
S4 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2007-04-26 1076832]
S4 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-04-23 24576]
S4 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-07-03 53248]
S4 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 24576]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S4 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
S4 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-05-17 386560]

-----------------EOF-----------------

log z HJT -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:47:27, on 12.4.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\HELA~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Java\jre6\bin\jusched.exe
F:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: Služba Google Update (gupdate1c9f5124e925880) (gupdate1c9f5124e925880) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 9130 bytes

[Shreček]

Sbybota jsem dle rady odinstaloval..tu je seznam těch programů, pokud to tak mělo být..

3 DataModem HSDPA
4oD
Acer Arcade
Acer Crystal Eye webcam
Acer eAudio Management
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Acer Tour
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0 CE
Adobe Reader 8.1.3
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ares 2.0.9
avast! Antivirus
AVS DVD Authoring
AVS DVD Player version 2.4
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Big Kahuna Reef 2
Bonjour
Cake Mania
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Combined Community Codec Pack 2008-06-28
Desktop Security 2010
DivX Web Player
Dynasty
Foxit PDF Creator
Galapago
Google Chrome
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ICQ Toolbar
ICQ6.5
iPhone Configuration Utility
iPod for Windows 2006-03-23
iTunes
Java(TM) 6 Update 15
Junk Mail filter update
KaraFun 1.10a
Launch Manager
LightScribe 1.4.142.1
LogMeIn
Luxor 2
Microsoft .NET Framework 3.5 Language Pack SP1 - csy
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Czech) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Czech) 2007
Microsoft Office Groove MUI (Czech) 2007
Microsoft Office InfoPath MUI (Czech) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (Czech) 2007
Microsoft Office Outlook MUI (Czech) 2007
Microsoft Office PowerPoint MUI (Czech) 2007
Microsoft Office Proof (Czech) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Slovak) 2007
Microsoft Office Proofing (Czech) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Czech) 2007
Microsoft Office Shared MUI (Czech) 2007
Microsoft Office Word MUI (Czech) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files - Prime Suspects
Mystery Case Files Ravenhearst
Nástroj pro odesílání služby Windows Live
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
NVIDIA Drivers
O&O Defrag Professional Edition
OGA Notifier 2.0.0048.0
OLYMPUS CAMEDIA Master 4.2
Opera 10.01
Pomocník pro přihlášení ke službě Windows Live ID
PowerProducer 3.72
QuickTime
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Skype web features
Skype™ 4.1
Spybot - Search & Destroy
Star Defender 3
Teaching-you Touch Typing
The Sims 2
The Sims 2 Univerzita
TOEFL Mastery V2.0
Total Commander (Remove or Repair)
Treasures of the Deep
TuneUp Utilities 2009
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Word 2007 (KB974561)
Update for Outlook 2007 Junk Email Filter (kb979895)
VC80CRTRedist - 8.0.50727.762
VideoLAN VLC media player 0.8.6d
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Live Writer
Windows Media Player Firefox Plugin
Zoner Photo Studio 10
Zuma Deluxe

[Shreček]

přes HJT fixnuty 3 dané problémy
počítač vyčištěn přes Norton Removal Tool
odinstalován ComboFix
použity programy T-Cleaner, OTC,TFC
vypnuta a zapnuta obnova systému
nainstalován Comodo Firewall
použit CCleaner
vymazány všechny použité programy

žádné další problémy jsem nenašel tudíž díky moc za pomoc