spomalené PC /podozrenie na vírus

[Ronye]

PC mám spomalené, procesor pracuje ako šialený + prehrievanie
môj ochranca Eset Smart Security nehlási nič
PC som čistil cez tune UP 2011 všetkými nástrojmi a tiež ukazuje že všetko je OK

tu je log

Kód: Vybrat vše

Logfile of random's system information tool 1.08 (written by random/random)
Run by Roman at 2011-04-15 20:05:23
Microsoft Windows 7 Ultimate  
System drive C: has 84 GB (27%) free of 305 GB
Total RAM: 4092 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:05:29, on 15. 4. 2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Roman\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Roman.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/facesmooch3/{64D96956-F47E-4C04-B020-375B4F4D5F8E}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/facesmooch3/{64D96956-F47E-4C04-B020-375B4F4D5F8E}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Program Files (x86)\System Control Manager\MSIService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9313 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-09-12 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MGSysCtrl"=C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe [2009-11-06 2244608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"PC Suite Tray"=C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-04-15 20:05:24 ----D---- C:\Program Files (x86)\trend micro
2011-04-15 20:05:23 ----D---- C:\rsit
2011-04-15 00:29:52 ----A---- C:\Windows\War3Unin.pif
2011-04-15 00:29:51 ----A---- C:\Windows\War3Unin.exe
2011-04-14 21:43:30 ----A---- C:\Windows\SysWOW64\XpsGdiConverter.dll
2011-04-14 18:22:42 ----D---- C:\Program Files (x86)\HJ
2011-04-13 22:51:16 ----A---- C:\Windows\SysWOW64\mshtml.dll
2011-04-13 22:51:07 ----A---- C:\Windows\SysWOW64\ieframe.dll
2011-04-13 22:51:00 ----A---- C:\Windows\SysWOW64\urlmon.dll
2011-04-13 22:50:58 ----A---- C:\Windows\SysWOW64\wininet.dll
2011-04-13 22:50:57 ----A---- C:\Windows\SysWOW64\mstime.dll
2011-04-13 22:50:57 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2011-04-13 22:50:57 ----A---- C:\Windows\SysWOW64\ieui.dll
2011-04-13 22:50:57 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2011-04-13 22:50:56 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2011-04-13 22:50:56 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2011-04-13 22:50:56 ----A---- C:\Windows\SysWOW64\licmgr10.dll
2011-04-13 22:50:56 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2011-04-13 22:50:56 ----A---- C:\Windows\SysWOW64\iertutil.dll
2011-04-13 22:50:56 ----A---- C:\Windows\SysWOW64\iepeers.dll
2011-04-13 22:50:55 ----A---- C:\Windows\SysWOW64\msfeedssync.exe
2011-04-13 22:49:22 ----A---- C:\Windows\SysWOW64\mfc42.dll
2011-04-13 22:49:20 ----A---- C:\Windows\SysWOW64\mfc42u.dll
2011-04-13 22:49:16 ----A---- C:\Windows\SysWOW64\atmfd.dll
2011-04-13 22:49:15 ----A---- C:\Windows\SysWOW64\atmlib.dll
2011-04-13 22:49:11 ----A---- C:\Windows\SysWOW64\dnsapi.dll
2011-04-13 22:49:10 ----A---- C:\Windows\SysWOW64\dnscacheugc.exe
2011-04-13 22:49:03 ----A---- C:\Windows\SysWOW64\jscript.dll
2011-04-13 22:49:02 ----A---- C:\Windows\SysWOW64\vbscript.dll
2011-04-13 22:47:31 ----A---- C:\Windows\SysWOW64\inetcomm.dll
2011-04-13 04:44:53 ----D---- C:\ProgramData\Kaspersky Lab
2011-04-13 04:40:52 ----D---- C:\Users\Roman\AppData\Roaming\AVG
2011-04-13 04:40:10 ----D---- C:\Windows\XSxS
2011-04-13 04:40:10 ----D---- C:\Program Files (x86)\Xenocode
2011-04-13 00:52:08 ----D---- C:\Users\Roman\AppData\Roaming\Thinstall
2011-04-07 21:55:41 ----D---- C:\Windows\Sun
2011-04-04 10:45:53 ----D---- C:\temp
2011-04-04 05:04:46 ----A---- C:\Windows\NeroDigital.ini
2011-04-02 21:50:31 ----D---- C:\Program Files (x86)\WinZip
2011-04-02 21:21:13 ----A---- C:\Windows\UC.PIF
2011-04-02 21:21:13 ----A---- C:\Windows\RAR.PIF
2011-04-02 21:21:13 ----A---- C:\Windows\PKZIP.PIF
2011-04-02 21:21:13 ----A---- C:\Windows\PKUNZIP.PIF
2011-04-02 21:21:13 ----A---- C:\Windows\NOCLOSE.PIF
2011-04-02 21:21:13 ----A---- C:\Windows\LHA.PIF
2011-04-02 21:21:13 ----A---- C:\Windows\ARJ.PIF
2011-04-02 21:21:12 ----D---- C:\Users\Roman\AppData\Roaming\GHISLER
2011-04-02 21:21:12 ----D---- C:\Program Files (x86)\totalcmd
2011-04-02 20:51:54 ----D---- C:\Garmin
2011-04-02 20:51:52 ----D---- C:\Program Files (x86)\Garmin
2011-04-02 20:51:40 ----D---- C:\MapSource
2011-04-02 20:45:55 ----D---- C:\Users\Roman\AppData\Roaming\GARMIN
2011-04-02 20:45:55 ----D---- C:\ProgramData\GARMIN
2011-04-01 15:32:10 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI
2011-03-31 12:11:43 ----A---- C:\Windows\SysWOW64\cnvshell.dll
2011-03-31 12:11:42 ----A---- C:\Windows\SysWOW64\gdiplus.dll
2011-03-31 12:11:37 ----D---- C:\Program Files (x86)\ImageConverter Plus
2011-03-20 00:49:15 ----D---- C:\ProgramData\Ubisoft
2011-03-20 00:43:34 ----D---- C:\Users\Roman\AppData\Roaming\PunkBuster
2011-03-20 00:41:57 ----A---- C:\Windows\SysWOW64\XAudio2_5.dll
2011-03-20 00:41:57 ----A---- C:\Windows\SysWOW64\xactengine3_5.dll
2011-03-20 00:41:55 ----A---- C:\Windows\SysWOW64\D3DCompiler_42.dll
2011-03-20 00:41:53 ----A---- C:\Windows\SysWOW64\d3dcsx_42.dll
2011-03-20 00:41:52 ----A---- C:\Windows\SysWOW64\d3dx11_42.dll
2011-03-20 00:41:48 ----A---- C:\Windows\SysWOW64\d3dx10_41.dll
2011-03-20 00:41:48 ----A---- C:\Windows\SysWOW64\D3DCompiler_41.dll
2011-03-20 00:41:45 ----A---- C:\Windows\SysWOW64\D3DX9_41.dll
2011-03-20 00:41:44 ----A---- C:\Windows\SysWOW64\XAudio2_4.dll
2011-03-20 00:41:44 ----A---- C:\Windows\SysWOW64\XAPOFX1_3.dll
2011-03-20 00:41:43 ----A---- C:\Windows\SysWOW64\xactengine3_4.dll
2011-03-20 00:41:42 ----A---- C:\Windows\SysWOW64\X3DAudio1_6.dll
2011-03-20 00:41:39 ----A---- C:\Windows\SysWOW64\d3dx10_40.dll
2011-03-20 00:41:39 ----A---- C:\Windows\SysWOW64\D3DCompiler_40.dll
2011-03-20 00:41:36 ----A---- C:\Windows\SysWOW64\D3DX9_40.dll
2011-03-20 00:41:35 ----A---- C:\Windows\SysWOW64\XAudio2_3.dll
2011-03-20 00:41:35 ----A---- C:\Windows\SysWOW64\XAPOFX1_2.dll
2011-03-20 00:41:34 ----A---- C:\Windows\SysWOW64\xactengine3_3.dll
2011-03-20 00:41:33 ----A---- C:\Windows\SysWOW64\X3DAudio1_5.dll
2011-03-20 00:41:32 ----A---- C:\Windows\SysWOW64\XAudio2_2.dll
2011-03-20 00:41:32 ----A---- C:\Windows\SysWOW64\XAPOFX1_1.dll
2011-03-20 00:41:31 ----A---- C:\Windows\SysWOW64\xactengine3_2.dll
2011-03-20 00:41:28 ----A---- C:\Windows\SysWOW64\d3dx10_39.dll
2011-03-20 00:41:28 ----A---- C:\Windows\SysWOW64\D3DCompiler_39.dll
2011-03-20 00:41:25 ----A---- C:\Windows\SysWOW64\D3DX9_39.dll
2011-03-20 00:20:06 ----D---- C:\Program Files (x86)\Ubisoft
2011-03-20 00:13:11 ----D---- C:\Program Files (x86)\DAEMON Tools Pro
2011-03-20 00:12:48 ----D---- C:\Users\Roman\AppData\Roaming\DAEMON Tools Pro
2011-03-20 00:12:48 ----D---- C:\ProgramData\DAEMON Tools Pro
2011-03-20 00:07:14 ----D---- C:\Program Files (x86)\paradox-dbase-reader
2011-03-19 23:56:58 ----D---- C:\Users\Roman\AppData\Roaming\Free Online Radio Player Recorder
2011-03-19 23:41:34 ----A---- C:\Windows\SysWOW64\msvcr70.dll
2011-03-19 23:11:32 ----D---- C:\Program Files (x86)\Alcohol Soft
2011-03-17 23:01:13 ----D---- C:\Program Files (x86)\JDownloader
2011-03-17 05:40:54 ----D---- C:\Users\Roman\AppData\Roaming\fizzy
2011-03-17 05:40:49 ----SHD---- C:\Windows\ftpcache

======List of files/folders modified in the last 1 months======

2011-04-15 20:05:29 ----D---- C:\Windows\Temp
2011-04-15 20:05:29 ----D---- C:\Windows\Prefetch
2011-04-15 20:05:24 ----RD---- C:\Program Files (x86)
2011-04-15 19:24:57 ----D---- C:\Windows\System32
2011-04-15 19:24:56 ----D---- C:\Windows\inf
2011-04-15 03:04:59 ----D---- C:\Windows\SysWOW64
2011-04-15 03:04:57 ----D---- C:\Windows\winsxs
2011-04-15 03:00:49 ----D---- C:\Windows\debug
2011-04-15 03:00:29 ----SHD---- C:\System Volume Information
2011-04-15 00:29:54 ----D---- C:\Windows
2011-04-15 00:24:51 ----D---- C:\Games (x86)
2011-04-14 21:46:51 ----D---- C:\Program Files (x86)\Opera
2011-04-14 18:22:45 ----SHD---- C:\Windows\Installer
2011-04-14 18:22:42 ----SD---- C:\Users\Roman\AppData\Roaming\Microsoft
2011-04-14 10:45:15 ----D---- C:\Windows\Microsoft.NET
2011-04-14 10:45:13 ----RSD---- C:\Windows\assembly
2011-04-14 05:35:05 ----D---- C:\Users\Roman\AppData\Roaming\BSplayer PRO
2011-04-14 05:15:48 ----D---- C:\Windows\SysWOW64\migration
2011-04-14 05:15:48 ----D---- C:\Program Files (x86)\Internet Explorer
2011-04-13 23:05:13 ----D---- C:\ProgramData\Microsoft Help
2011-04-13 19:32:48 ----D---- C:\Users\Roman\AppData\Roaming\My Battle for Middle-earth Files
2011-04-13 04:46:18 ----D---- C:\Windows\Downloaded Program Files
2011-04-13 04:44:53 ----HD---- C:\ProgramData
2011-04-13 04:13:18 ----D---- C:\Program Files (x86)\Google
2011-04-13 03:25:58 ----D---- C:\Windows\Logs
2011-04-13 03:16:50 ----D---- C:\Program Files (x86)\Zrychlenie PC
2011-04-13 03:16:48 ----D---- C:\Program Files (x86)\Windows Media Player
2011-04-13 03:16:39 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-04-13 03:16:10 ----D---- C:\Program Files (x86)\DivX
2011-04-13 03:16:08 ----D---- C:\Program Files (x86)\Common Files\System
2011-04-13 03:15:54 ----D---- C:\PerfLogs
2011-04-13 03:15:06 ----D---- C:\Users\Roman\AppData\Roaming\Skype
2011-04-13 03:14:57 ----D---- C:\Users\Roman\AppData\Roaming\Real
2011-04-13 03:14:54 ----D---- C:\Users\Roman\AppData\Roaming\Nokia
2011-04-13 03:14:37 ----D---- C:\Users\Roman\AppData\Roaming\InstallShield
2011-04-13 03:14:36 ----D---- C:\Users\Roman\AppData\Roaming\Identities
2011-04-13 03:14:36 ----D---- C:\Users\Roman\AppData\Roaming\ICQ
2011-04-13 03:14:30 ----D---- C:\Users\Roman\AppData\Roaming\DivX
2011-04-13 03:14:29 ----D---- C:\Users\Roman\AppData\Roaming\DAEMON Tools Lite
2011-04-13 03:14:27 ----D---- C:\Users\Roman\AppData\Roaming\Adobe
2011-04-13 03:09:39 ----D---- C:\ProgramData\Real
2011-04-13 03:08:44 ----SD---- C:\ProgramData\Microsoft
2011-04-13 03:08:40 ----D---- C:\ProgramData\PC Suite
2011-04-13 03:08:34 ----D---- C:\ProgramData\Adobe
2011-04-10 01:14:22 ----D---- C:\programy SetUp
2011-04-09 12:17:45 ----SH---- C:\Program Files (x86)\desktop.ini
2011-04-09 12:17:45 ----RD---- C:\Users
2011-04-09 02:41:49 ----SHD---- C:\Boot
2011-04-09 02:05:47 ----D---- C:\Program Files (x86)\DAEMON Tools Toolbar
2011-04-09 02:05:06 ----RD---- C:\Program Files
2011-04-09 01:05:54 ----D---- C:\Program Files (x86)\SpeedFan
2011-04-02 21:51:35 ----D---- C:\ProgramData\WinZip
2011-04-02 20:22:37 ----D---- C:\Program Files (x86)\EA GAMES
2011-04-02 05:18:06 ----D---- C:\Windows\ModemLogs
2011-03-30 22:20:09 ----D---- C:\MOBIL NEW !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!§§§
2011-03-29 13:51:46 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
2011-03-26 22:31:43 ----D---- C:\Program Files (x86)\YouTube Downloader
2011-03-24 13:47:04 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-03-20 00:42:53 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2007-02-07 14104]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys []
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys []
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys []
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys []
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys []
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys []
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys []
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr28x.sys []
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys []
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys []
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys []
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys []
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys []
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys []
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys []
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S3 amdcvcg1;amdcvcg1; C:\Windows\SysWOW64\drivers\amdcvcg1.sys []
S3 azfbj24s;azfbj24s; C:\Windows\SysWOW64\drivers\azfbj24s.sys []
S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbox64.sys []
S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsucx64.sys []
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys []
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys []
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys []
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys []
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys []
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys []
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys []
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-08-12 810144]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 2111368]
R2 Micro Star SCM;Micro Star SCM; C:\Program Files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2007-12-03 869672]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-11-17 1353544]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-10-20 630272]
R3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2009-10-21 193904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-12 135664]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-08-12 42360]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-11-18 654848]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-12 135664]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2007-12-13 447784]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TuneUp.Defrag;@C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-10-16 607048]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[Ronye]

hotovo

behom scanu som omylom otvoril FireFox ten program to ale hned zavrel

tu je log

Kód: Vybrat vše

ComboFix 11-04-14.03 - Roman . 04. 2011  21:21:38.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1250.421.1051.18.4092.2901 [GMT 2:00]
Running from: c:\users\Roman\Downloads\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Resident AV is active
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Roman\AppData\Roaming\Local
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\fmfxilvbldlg.avi.ddr
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\fmfxilvbldlg.avi.ddp
c:\windows\system32\ReadMe.txt
c:\windows\XSxS
.
.
(((((((((((((((((((((((((   Files Created from 2011-03-15 to 2011-04-15  )))))))))))))))))))))))))))))))
.
.
2011-04-15 19:07 . 2011-04-15 19:17	--------	d-----w-	C:\32788R22FWJFW
2011-04-15 18:50 . 2011-03-15 05:17	8424784	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED400F29-3773-4E9A-A2B9-37F561388151}\mpengine.dll
2011-04-15 18:05 . 2011-04-15 18:05	--------	d-----w-	c:\program files (x86)\trend micro
2011-04-15 18:05 . 2011-04-15 18:05	--------	d-----w-	C:\rsit
2011-04-14 22:29 . 2011-04-14 22:29	2829	----a-w-	c:\windows\War3Unin.pif
2011-04-14 22:29 . 2011-04-14 22:29	126976	----a-w-	c:\windows\War3Unin.exe
2011-04-14 19:43 . 2011-02-24 06:30	476160	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-04-14 19:43 . 2011-02-24 05:32	288256	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-14 16:22 . 2011-04-14 16:22	388096	----a-r-	c:\users\Roman\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-14 16:22 . 2011-04-14 16:22	--------	d-----w-	c:\program files (x86)\HJ
2011-04-13 20:51 . 2011-02-24 06:29	1197056	----a-w-	c:\windows\system32\wininet.dll
2011-04-13 20:49 . 2011-03-03 03:58	3133440	----a-w-	c:\windows\system32\win32k.sys
2011-04-13 20:47 . 2011-02-23 05:15	157696	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-04-13 20:47 . 2011-02-23 05:15	286720	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-04-13 20:47 . 2011-02-23 05:15	126464	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-04-13 20:47 . 2011-02-23 05:15	90624	----a-w-	c:\windows\system32\drivers\bowser.sys
2011-04-13 20:47 . 2011-02-05 12:41	640896	----a-w-	c:\windows\system32\winload.efi
2011-04-13 20:47 . 2011-02-05 12:41	19328	----a-w-	c:\windows\system32\kd1394.dll
2011-04-13 20:47 . 2011-02-05 12:39	603976	----a-w-	c:\windows\system32\winload.exe
2011-04-13 20:47 . 2011-02-05 12:39	518160	----a-w-	c:\windows\system32\winresume.exe
2011-04-13 20:47 . 2011-02-05 12:41	556928	----a-w-	c:\windows\system32\winresume.efi
2011-04-13 20:47 . 2011-02-05 12:41	20352	----a-w-	c:\windows\system32\kdusb.dll
2011-04-13 20:47 . 2011-02-05 12:41	17792	----a-w-	c:\windows\system32\kdcom.dll
2011-04-13 20:47 . 2011-03-08 06:14	976896	----a-w-	c:\windows\system32\inetcomm.dll
2011-04-13 20:47 . 2011-03-08 05:38	740864	----a-w-	c:\windows\SysWow64\inetcomm.dll
2011-04-13 20:45 . 2011-02-12 06:14	267776	----a-w-	c:\windows\system32\FXSCOVER.exe
2011-04-13 02:44 . 2011-04-13 02:55	--------	d-----w-	c:\programdata\Kaspersky Lab
2011-04-13 02:40 . 2011-04-13 02:48	--------	d-----w-	c:\users\Roman\AppData\Roaming\AVG
2011-04-13 02:40 . 2011-04-13 02:40	--------	d-----w-	c:\users\Roman\Impostazioni locali
2011-04-13 02:40 . 2011-04-13 02:40	--------	d-----w-	c:\program files (x86)\Xenocode
2011-04-12 22:52 . 2011-04-13 03:02	--------	d-----w-	c:\users\Roman\AppData\Roaming\Thinstall
2011-04-12 22:52 . 2011-04-12 22:52	--------	d-----w-	c:\users\Roman\AppData\Local\Thinstall
2011-04-07 19:55 . 2011-04-07 19:55	--------	d-----w-	c:\windows\Sun
2011-04-04 08:45 . 2011-04-04 08:45	--------	d-----w-	C:\temp
2011-04-02 19:21 . 2007-09-05 05:02	545	----a-w-	c:\windows\UC.PIF
2011-04-02 19:21 . 2007-09-05 05:02	545	----a-w-	c:\windows\RAR.PIF
2011-04-02 19:21 . 2007-09-05 05:02	545	----a-w-	c:\windows\PKZIP.PIF
2011-04-02 19:21 . 2007-09-05 05:02	545	----a-w-	c:\windows\PKUNZIP.PIF
2011-04-02 19:21 . 2007-09-05 05:02	545	----a-w-	c:\windows\NOCLOSE.PIF
2011-04-02 19:21 . 2007-09-05 05:02	545	----a-w-	c:\windows\LHA.PIF
2011-04-02 19:21 . 2007-09-05 05:02	545	----a-w-	c:\windows\ARJ.PIF
2011-04-02 19:21 . 2011-04-02 19:23	--------	d-----w-	c:\program files (x86)\totalcmd
2011-04-02 19:21 . 2011-04-02 19:21	--------	d-----w-	c:\users\Roman\AppData\Roaming\GHISLER
2011-04-02 18:51 . 2011-04-02 19:56	--------	d-----w-	C:\Garmin
2011-04-02 18:51 . 2011-04-02 19:04	--------	d-----w-	c:\program files (x86)\Garmin
2011-04-02 18:51 . 2011-04-02 19:41	--------	d-----w-	C:\MapSource
2011-04-02 18:45 . 2011-04-13 01:14	--------	d-----w-	c:\users\Roman\AppData\Roaming\GARMIN
2011-04-02 18:45 . 2011-04-02 18:45	--------	d-----w-	c:\programdata\GARMIN
2011-03-31 10:11 . 2007-11-03 20:49	413696	----a-w-	c:\windows\SysWow64\cnvshell.dll
2011-03-31 10:11 . 2001-08-23 14:25	1706800	----a-w-	c:\windows\SysWow64\gdiplus.dll
2011-03-31 10:11 . 2011-03-31 10:11	--------	d-----w-	c:\program files (x86)\ImageConverter Plus
2011-03-19 22:49 . 2011-04-13 01:12	--------	d-----w-	c:\programdata\Ubisoft
2011-03-19 22:43 . 2011-03-19 22:43	--------	d-----w-	c:\users\Roman\AppData\Roaming\PunkBuster
2011-03-19 22:20 . 2011-03-19 22:42	--------	d-----w-	c:\program files (x86)\Ubisoft
2011-03-19 22:13 . 2011-03-19 22:13	--------	d-----w-	c:\program files (x86)\DAEMON Tools Pro
2011-03-19 22:12 . 2011-03-19 22:18	--------	d-----w-	c:\users\Roman\AppData\Roaming\DAEMON Tools Pro
2011-03-19 22:12 . 2011-03-19 22:13	--------	d-----w-	c:\programdata\DAEMON Tools Pro
2011-03-19 22:07 . 2011-04-09 00:06	--------	d-----w-	c:\program files (x86)\paradox-dbase-reader
2011-03-19 21:56 . 2011-03-19 21:56	--------	d-----w-	c:\users\Roman\AppData\Roaming\Free Online Radio Player Recorder
2011-03-19 21:41 . 2002-01-05 15:37	344064	----a-w-	c:\windows\SysWow64\msvcr70.dll
2011-03-19 21:11 . 2011-03-19 21:11	--------	d-----w-	c:\program files (x86)\Alcohol Soft
2011-03-17 21:01 . 2011-04-12 21:37	--------	d-----w-	c:\program files (x86)\JDownloader
2011-03-17 03:40 . 2011-04-13 01:14	--------	d-----w-	c:\users\Roman\AppData\Roaming\fizzy
2011-03-17 03:40 . 2011-03-17 03:40	--------	d-sh--w-	c:\windows\ftpcache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-31 10:15 . 2010-12-12 20:18	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-03-31 10:15 . 2010-12-12 20:17	458048	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-03-30 12:30 . 2011-01-21 14:02	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-03-23 17:54 . 2011-01-22 12:08	458048	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-02-19 06:37 . 2011-03-09 12:56	1135104	----a-w-	c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 12:56	1540608	----a-w-	c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 12:56	902656	----a-w-	c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 12:56	1074176	----a-w-	c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 12:56	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2011-02-02 17:11 . 2010-09-12 15:27	270720	------w-	c:\windows\system32\MpSigStub.exe
2011-01-28 08:00 . 2011-02-26 18:17	80896	----a-w-	c:\windows\SysWow64\ff_vfw.dll
2011-01-26 06:53 . 2011-02-09 11:46	982912	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-09 11:46	265088	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-09 11:46	144384	----a-w-	c:\windows\system32\cdd.dll
2011-01-22 13:56 . 2011-01-22 13:56	93696	----a-w-	c:\users\Roman\AppData\Roaming\ezpinst.exe
2011-01-22 13:56 . 2011-01-22 13:56	82048	----a-w-	c:\windows\system32\drivers\pcouffin.sys
2011-01-22 13:56 . 2011-01-22 13:56	82048	----a-w-	c:\users\Roman\AppData\Roaming\pcouffin.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MGSysCtrl"="c:\program files (x86)\System Control Manager\MGSysCtrl.exe" [2009-11-06 2244608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-11-5 2717024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe"  -osboot
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"
"ITSecMng"=%ProgramFiles(x86)%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-12 135664]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-12 135664]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2010-08-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 2111368]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-11-17 1353544]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-12 15:53]
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-12 15:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2916584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bigseekpro.com/facesmooch3/{64D96956-F47E-4C04-B020-375B4F4D5F8E}
mStart Page = hxxp://www.bigseekpro.com/facesmooch3/{64D96956-F47E-4C04-B020-375B4F4D5F8E}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\3hifeq0u.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bigseekpro.com/facesmooch3/{64D96956-F47E-4C04-B020-375B4F4D5F8E}
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: qtl: qtl.co.il@gmail.com - %profile%\extensions\qtl.co.il@gmail.com
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: FileSonic Affiliate Plugin: affiliates.firefox@addons.filesonic.com - %profile%\extensions\affiliates.firefox@addons.filesonic.com
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files (x86)\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F} - g:\rrrr\GetDataBack for NTFS\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1195897426-1694775190-1340162812-1000\Software\SecuROM\License information*]
"datasecu"=hex:47,b1,b9,78,a7,ad,a4,0c,37,46,8e,3b,a6,e5,5f,93,7e,48,7c,f2,ba,
   59,e2,ec,e6,65,f7,bf,34,84,5f,da,85,1f,96,b7,25,4e,6a,6e,18,5e,07,4b,e9,f7,\
"rkeysecu"=hex:ad,6b,e5,c6,e4,3a,59,05,94,1e,0c,11,44,d5,d2,3c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-15  22:08:09
ComboFix-quarantined-files.txt  2011-04-15 20:07
.
Pre-Run: 86 700 474 368 bytes free
Post-Run: 86 715 486 208 bytes free
.
- - End Of File - - E5B62AD9350FE129CFDACA1CB24C59D9

[Rudy]

Několik položek CF smazal, zbytek logu vypadá čistý. Nastala nějaká změna?

[Ronye]

zmenu cítiť je PC už nehorí a nejde stále na maximum
stále ale pocitujem spomalenie najme pri surfovaní pri po nete (spomalené písane, písmena nabiehajú oneskorene, kliknem a možnosti sa objavia oneskorene, srcrolovanie taktiež seká)

spravil som screen Grafu správcu úloh a keď je PC v klude nič nerobím tak to vizerá takto

[Rudy]

Zkuste obnovu systému k datu, kdy korektně fungoval.

[Ronye]

fúú to si už ani nepamätám kedy fungoval na 100% už to trvá takto dlhšie a som to neriešil takže staršie záchytné body pre obnovu systému sú už aj zmazané pri bežnej údržbe som ich odstránil

[Rudy]

Co jste instaloval těsně před tím, než se problém objevil?

[Ronye]

ako hovorím problém pretrváva už dlhšie takže neviem

[Rudy]

Nějaké viry CF smazal. Ještě zkuste sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.

[Ronye]

sken prebehol asi na 3tí krát kompletne lebo predtým mi hodilo chybu a ukončil sa program

Kód: Vybrat vše

Automatická kontrola: selhání    (události: 3, objekty: 0, čas: Neznámý)	
18. 4. 2011 10:06:30	Odstraněno: Backdoor.Win32.Poison.bqsr	C:\Documents and Settings\Roman\Downloads\garmin\Garmin_City_Navigator_Europe_NT_2011.20_Map_ID_2266\Garmin City Navigator Europe NT 2011.20 Map ID 2266\Garmin_Unlock_Generator_1_5_FID5DIGIT\Garmin_Unlock_Generator_1_5_FID5DIGIT.exe		
18. 4. 2011 10:05:23	Zjištěno: Backdoor.Win32.Poison.bqsr	C:\Documents and Settings\Roman\Downloads\garmin\Garmin_City_Navigator_Europe_NT_2011.20_Map_ID_2266\Garmin City Navigator Europe NT 2011.20 Map ID 2266\Garmin_Unlock_Generator_1_5_FID5DIGIT\Garmin_Unlock_Generator_1_5_FID5DIGIT.exe		
18. 4. 2011 9:48:33	Úloha byla spuštěna			
Automatická kontrola: selhání    (události: 1, objekty: 0, čas: Neznámý)	
18. 4. 2011 14:23:29	Úloha byla spuštěna			
Automatická kontrola: zastaveno před 12 hod.   (události: 2, objekty: 335, čas: 00:01:10)	
20. 4. 2011 12:00:53	Úloha byla zastavena			
20. 4. 2011 11:59:43	Úloha byla spuštěna			
Automatická kontrola: selhání    (události: 1, objekty: 0, čas: Neznámý)	
20. 4. 2011 12:01:22	Úloha byla spuštěna			
Automatická kontrola: zastaveno před 5 hod.   (události: 6, objekty: 312708, čas: 02:12:38)	
20. 4. 2011 18:54:30	Úloha byla zastavena			
20. 4. 2011 18:53:56	Nelze odstranit: Backdoor.Win32.Poison.bqsr	C:\Documents and Settings\Roman\Downloads\garmin\Garmin_City_Navigator_Europe_NT_2011.20_Map_ID_2266\Garmin City Navigator Europe NT 2011.20 Map ID 2266\Garmin_Unlock_Generator_1_5_FID5DIGIT.rar	Objekt nebyl nalezen	
20. 4. 2011 18:53:55	Odstraněno: Backdoor.Win32.Poison.bqsr	C:\Users\Roman\Downloads\garmin\Garmin_City_Navigator_Europe_NT_2011.20_Map_ID_2266\Garmin City Navigator Europe NT 2011.20 Map ID 2266\Garmin_Unlock_Generator_1_5_FID5DIGIT.rar		
20. 4. 2011 17:52:31	Zjištěno: Backdoor.Win32.Poison.bqsr	C:\Users\Roman\Downloads\garmin\Garmin_City_Navigator_Europe_NT_2011.20_Map_ID_2266\Garmin City Navigator Europe NT 2011.20 Map ID 2266\Garmin_Unlock_Generator_1_5_FID5DIGIT.rar/Garmin_Unlock_Generator_1_5_FID5DIGIT.exe		
20. 4. 2011 17:00:47	Zjištěno: Backdoor.Win32.Poison.bqsr	C:\Documents and Settings\Roman\Downloads\garmin\Garmin_City_Navigator_Europe_NT_2011.20_Map_ID_2266\Garmin City Navigator Europe NT 2011.20 Map ID 2266\Garmin_Unlock_Generator_1_5_FID5DIGIT.rar/Garmin_Unlock_Generator_1_5_FID5DIGIT.exe		
20. 4. 2011 16:41:52	Úloha byla spuštěna			
Automatická kontrola: dokončeno před 40 min.   (události: 5, objekty: 519755, čas: 04:48:49)	
20. 4. 2011 19:16:01	Úloha byla spuštěna			
20. 4. 2011 19:45:47	Chyba zpracování	C:\Users\Roman\AppData\Local\Microsoft\Outlook\archive.pst	Chyba čtení	
20. 4. 2011 21:29:59	Chyba zpracování	C:\Documents and Settings\Roman\AppData\Local\Microsoft\Outlook\Outlook.pst	Chyba čtení	
20. 4. 2011 22:36:57	Chyba zpracování	C:\Users\Roman\AppData\Local\Microsoft\Outlook\Outlook.pst	Chyba čtení	
21. 4. 2011 0:04:52	Úloha byla dokončena			

[Rudy]

OK. Nastala nyní nějaká změna?

[Ronye]

ano teraz je to výrazne lepšie
Ďakujem

[Rudy]

Nemáte zač!