VIRY.CZ

Projedte PC timhle http://files.avast.com/files/eng/aswclear.exe

Nainstalujte Avast free znovu http://www.avast.com/cs-cz/free-antivirus-download

Dejte novy log z RSIT

Po spuštění aswclear mi to napíše toto:
AVAST Software Uninstall utility
The avast! self protection module is enabled. For this reason, the operation cannot be completed.
To complete the operation, either run this program from Windows Safe Mode, or disable the avast! self protection (via Settings - > Troubleshooting page).
Když dám OK tak to zmizí a nic se neděje.

To complete the operation, either run this program from Windows Safe Mode

Takze jej pouzijte v nouzovem rezimu

Tak v nouzovém režimu to šlo.
Nainstaloval jsem znava Avast, už běží, OK.
RSIT mi nejde spustit, píše to Systém Windows nemá přístup k určenému zařízení, cestě nebo souboru. K přístupu k položce pravděpodobně nemáte patřičná oprávnění.

Ani v nouzaku nejde

Ano, v nouzáku mi to udělalo tento log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2011-07-29 14:22:57
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 52 GB (34%) free of 153 GB
Total RAM: 1977 MB (87% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:23:05, on 29.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Software Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

--
End of file - 4831 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-362288127-725345543-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-362288127-725345543-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"=C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe [2006-07-17 53248]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-02-22 1032192]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-06-13 16871936]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-06-17 150040]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-06-17 170520]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-06-17 141848]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-07-24 875016]
"tray_ico"= []
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\CTFMON.EXE [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Software Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-06-11 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Metin2United US\Metin2client.bin"="C:\Program Files\Metin2United US\Metin2client.bin:*:Enabled:Metin2client"
"E:\Lederion 2011 Client\Metin2.exe"="E:\Lederion 2011 Client\Metin2.exe:*:Enabled:Customizable 2010 Client Launcher"
"C:\Documents and Settings\Mornštejn Roman\Plocha\Microsoft Office\Lederion 2011 Client\Metin2.exe"="C:\Documents and Settings\Mornštejn Roman\Plocha\Microsoft Office\Lederion 2011 Client\Metin2.exe:*:Enabled:Customizable 2010 Client Launcher"
"C:\Program Files\BlueLightMT2\metin2.bin"="C:\Program Files\BlueLightMT2\metin2.bin:*:Enabled:metin2"
"C:\Documents and Settings\Mornštejn Roman\Plocha\Lederion 2011 Client\Metin2.exe"="C:\Documents and Settings\Mornštejn Roman\Plocha\Lederion 2011 Client\Metin2.exe:*:Enabled:Customizable 2010 Client Launcher"
"C:\Documents and Settings\Mornštejn Roman\Plocha\Dark-Revolution2\metin2.exe"="C:\Documents and Settings\Mornštejn Roman\Plocha\Dark-Revolution2\metin2.exe:*:Enabled:metin2"
"C:\Documents and Settings\Mornštejn Roman\Plocha\Microsoft Office\Dark-Revolution2\metin2.exe"="C:\Documents and Settings\Mornštejn Roman\Plocha\Microsoft Office\Dark-Revolution2\metin2.exe:*:Enabled:metin2"
"C:\Documents and Settings\Mornštejn Roman\Local Settings\Temp\7ZipSfx.000\CF_Downloader.exe"="C:\Documents and Settings\Mornštejn Roman\Local Settings\Temp\7ZipSfx.000\CF_Downloader.exe:*:Enabled:PT2Downloader"
"C:\Program Files\CrossFire\CF_G4box.exe"="C:\Program Files\CrossFire\CF_G4box.exe:*:Enabled:PT2Downloader"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Documents and Settings\Mornštejn Roman\Dokumenty\Downloads\Flash-Player.exe"="C:\Documents and Settings\Mornštejn Roman\Dokumenty\Downloads\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Mornštejn Roman\Dokumenty\Downloads\Flash-Player.exe"
"C:\Program Files\Z8Games\CrossFire\CF_G4box.exe"="C:\Program Files\Z8Games\CrossFire\CF_G4box.exe:*:Enabled:PT2Downloader"
"C:\Documents and Settings\Mornštejn Roman\Local Settings\temp\RarSFX0\3047777.exe"="C:\Documents and Settings\Mornštejn Roman\Local Settings\temp\RarSFX0\3047777.exe:*:Enabled:3047777"
"C:\Documents and Settings\Mornštejn Roman\Local Settings\temp\3508114\3047777.exe"="C:\Documents and Settings\Mornštejn Roman\Local Settings\temp\3508114\3047777.exe:*:Enabled:Kaspersky Virus Removal Tool"
"C:\Documents and Settings\Mornštejn Roman\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe"="C:\Documents and Settings\Mornštejn Roman\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe:*:Enabled:Instalační program Google"
"C:\WINDOWS\system32\WgaTray.exe"="C:\WINDOWS\system32\WgaTray.exe:*:Enabled:Windows Genuine Advantage Notifications"
"C:\Documents and Settings\Administrator\Local Settings\temp\RarSFX0\3047777.exe"="C:\Documents and Settings\Administrator\Local Settings\temp\RarSFX0\3047777.exe:*:Enabled:3047777"
"C:\Documents and Settings\Administrator\Local Settings\temp\9490818\3047777.exe"="C:\Documents and Settings\Administrator\Local Settings\temp\9490818\3047777.exe:*:Enabled:Kaspersky Virus Removal Tool"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Documents and Settings\Mornštejn Roman\Plocha\tdsskiller.exe"="C:\Documents and Settings\Mornštejn Roman\Plocha\tdsskiller.exe:*:Enabled:TDSS rootkit removing tool"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=iyvu9_32.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\Iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"VIDC.PIM1"=pclepim1.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.XFR1"=xfcodec.dll

======List of files/folders created in the last 1 month======

2011-07-29 14:09:32 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-07-29 14:09:32 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-07-29 14:09:29 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-07-29 14:09:28 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-07-29 14:09:28 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-07-29 14:09:27 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-07-29 14:09:27 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-07-29 14:09:26 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-07-29 14:09:08 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-07-29 14:08:56 ----D---- C:\Program Files\AVAST Software
2011-07-29 14:08:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2011-07-29 12:50:33 ----AD---- C:\Kaspersky Rescue Disk 10.0
2011-07-29 08:44:46 ----A---- C:\TDSSKiller.2.5.11.0_29.07.2011_08.44.46_log.txt
2011-07-29 08:22:33 ----D---- C:\WINDOWS\CSC
2011-07-28 12:13:28 ----SD---- C:\ComboFix
2011-07-28 10:54:08 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2011-07-28 10:53:58 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-07-28 10:53:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-28 10:53:54 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-07-28 10:51:41 ----A---- C:\WINDOWS\ntbtlog.txt
2011-07-28 09:09:51 ----A---- C:\WINDOWS\PEV.exe
2011-07-28 09:09:51 ----A---- C:\WINDOWS\MBR.exe
2011-07-28 01:08:46 ----D---- C:\rsit
2011-07-28 01:08:46 ----D---- C:\Program Files\trend micro
2011-07-28 00:49:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-07-28 00:26:05 ----A---- C:\WINDOWS\system32\CF11619.exe
2011-07-28 00:16:43 ----A---- C:\WINDOWS\system32\CF9784.exe
2011-07-27 23:45:36 ----D---- C:\Program Files\Alwil Software
2011-07-27 18:53:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2011-07-27 18:27:53 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Opera
2011-07-27 18:13:29 ----D---- C:\Documents and Settings\Administrator\Data aplikací\GHISLER
2011-07-27 18:12:36 ----ASH---- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
2011-07-27 18:12:35 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2011-07-27 17:30:32 ----D---- C:\WINDOWS\temp
2011-07-27 17:29:57 ----A---- C:\WINDOWS\system32\CF28391.exe
2011-07-27 17:10:34 ----A---- C:\WINDOWS\zip.exe
2011-07-27 17:10:34 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-07-27 17:10:34 ----A---- C:\WINDOWS\SWSC.exe
2011-07-27 17:10:34 ----A---- C:\WINDOWS\SWREG.exe
2011-07-27 17:10:34 ----A---- C:\WINDOWS\sed.exe
2011-07-27 17:10:34 ----A---- C:\WINDOWS\NIRCMD.exe
2011-07-27 17:10:34 ----A---- C:\WINDOWS\grep.exe
2011-07-27 17:10:25 ----A---- C:\WINDOWS\system32\CF24564.exe
2011-07-27 17:08:15 ----D---- C:\WINDOWS\ERDNT
2011-07-27 17:07:55 ----D---- C:\Qoobox
2011-07-27 15:38:31 ----D---- C:\Program Files\CCleaner
2011-07-21 19:47:59 ----D---- C:\WINDOWS\system32\appmgmt
2011-07-21 19:02:29 ----D---- C:\WINDOWS\Minidump
2011-07-21 16:43:33 ----D---- C:\Program Files\Z8Games
2011-07-21 09:16:27 ----D---- C:\WINDOWS\ufa
2011-07-21 09:16:27 ----D---- C:\WINDOWS\rpcminer
2011-07-21 09:16:27 ----D---- C:\WINDOWS\phoenix
2011-07-21 09:03:50 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-07-21 09:02:10 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-21 09:01:48 ----HD---- C:\WINDOWS\update.2
2011-07-21 09:01:38 ----A---- C:\WINDOWS\unrar.exe
2011-07-21 09:01:20 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-21 09:00:58 ----HD---- C:\WINDOWS\update.5.0
2011-07-21 09:00:49 ----A---- C:\WINDOWS\iplist.txt
2011-07-21 08:59:56 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-21 08:58:00 ----D---- C:\WINDOWS\av_ico
2011-07-21 08:56:43 ----HD---- C:\WINDOWS\update.1
2011-07-21 08:56:34 ----HD---- C:\WINDOWS\update.tray-7-0-lnk
2011-07-21 08:56:34 ----HD---- C:\WINDOWS\update.tray-7-0
2011-07-21 08:46:25 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-21 08:46:25 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-21 08:34:07 ----A---- C:\WINDOWS\system32\muweb.dll
2011-07-21 08:34:07 ----A---- C:\WINDOWS\system32\mucltui.dll
2011-07-19 16:23:05 ----D---- C:\Program Files\Xfire
2011-07-19 15:31:15 ----D---- C:\Program Files\CrossFire
2011-07-19 11:51:49 ----D---- C:\Program Files\Microsoft Silverlight
2011-07-14 19:16:40 ----A---- C:\WINDOWS\system32\3ivx.dll
2011-07-14 19:16:39 ----D---- C:\Program Files\Acala DVD 3gp Ripper
2011-07-14 19:11:39 ----D---- C:\Program Files\Launch Manager
2011-07-14 19:10:24 ----A---- C:\WINDOWS\system32\FILTRCOI.DLL
2011-07-14 19:10:24 ----A---- C:\WINDOWS\system32\drivers\DKbFltr.SYS
2011-07-14 19:10:23 ----A---- C:\WINDOWS\UNINST32.EXE
2011-07-14 18:45:22 ----A---- C:\WINDOWS\system32\igxprd32.dll
2011-07-14 18:45:22 ----A---- C:\WINDOWS\system32\igfxtray.exe
2011-07-14 18:45:22 ----A---- C:\WINDOWS\system32\igfxexps.dll
2011-07-14 18:45:21 ----A---- C:\WINDOWS\system32\igxpdv32.dll
2011-07-14 18:45:21 ----A---- C:\WINDOWS\system32\igfxsrvc.dll
2011-07-14 18:45:21 ----A---- C:\WINDOWS\system32\igfxpers.exe
2011-07-14 18:45:21 ----A---- C:\WINDOWS\system32\igfxext.exe
2011-07-14 18:45:21 ----A---- C:\WINDOWS\system32\hccutils.dll
2011-07-14 18:45:21 ----A---- C:\WINDOWS\system32\drivers\igxpmp32.sys
2011-07-14 18:45:20 ----A---- C:\WINDOWS\system32\igxpgd32.dll
2011-07-14 18:45:20 ----A---- C:\WINDOWS\system32\igfxzoom.exe
2011-07-14 18:45:20 ----A---- C:\WINDOWS\system32\igfxsrvc.exe
2011-07-14 18:45:20 ----A---- C:\WINDOWS\system32\igfxcfg.exe
2011-07-14 18:45:20 ----A---- C:\WINDOWS\system32\ig4icd32.dll
2011-07-14 18:45:20 ----A---- C:\WINDOWS\system32\ig4dev32.dll
2011-07-14 18:45:19 ----A---- C:\WINDOWS\system32\igxpdx32.dll
2011-07-14 18:45:19 ----A---- C:\WINDOWS\system32\igfxress.dll
2011-07-14 18:45:19 ----A---- C:\WINDOWS\system32\igfxpph.dll
2011-07-14 18:45:19 ----A---- C:\WINDOWS\system32\igfxdo.dll
2011-07-14 18:45:19 ----A---- C:\WINDOWS\system32\igfxdev.dll
2011-07-14 18:45:19 ----A---- C:\WINDOWS\system32\igfxCoIn_v4957.dll
2011-07-14 18:45:19 ----A---- C:\WINDOWS\system32\hkcmd.exe
2011-07-14 18:45:17 ----A---- C:\WINDOWS\system32\igxpun.exe
2011-07-14 18:44:47 ----A---- C:\WINDOWS\system32\TVWizudlg.exe
2011-07-14 18:44:47 ----A---- C:\WINDOWS\system32\igfxtvcx.dll
2011-07-14 18:44:46 ----D---- C:\WINDOWS\system32\Lang
2011-07-14 18:35:49 ----D---- C:\Driver
2011-07-14 16:05:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-14 16:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-07-10 21:46:47 ----AH---- C:\WINDOWS\system32\ezsidmv.dat
2011-07-10 21:46:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype Extras
2011-07-10 21:42:15 ----RD---- C:\Program Files\Skype
2011-07-10 21:42:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2011-07-02 13:47:27 ----A---- C:\WINDOWS\system32\srusd.dll
2011-07-02 13:47:27 ----A---- C:\WINDOWS\system32\drivers\serscan.sys
2011-07-02 13:47:26 ----A---- C:\WINDOWS\system32\fnfilter.dll
2011-07-01 19:09:44 ----D---- C:\Program Files\Adobe
2011-07-01 10:42:47 ----D---- C:\Program Files\Opera
2011-06-30 09:04:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$

======List of files/folders modified in the last 1 month======

2011-07-29 14:20:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-29 14:14:42 ----D---- C:\WINDOWS\Prefetch
2011-07-29 14:09:32 ----D---- C:\WINDOWS\system32\drivers
2011-07-29 14:09:23 ----SHD---- C:\WINDOWS\Installer
2011-07-29 14:09:21 ----D---- C:\WINDOWS\WinSxS
2011-07-29 14:09:09 ----D---- C:\WINDOWS
2011-07-29 14:09:08 ----D---- C:\WINDOWS\system32
2011-07-29 14:08:56 ----RD---- C:\Program Files
2011-07-29 08:21:47 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-29 08:12:05 ----HD---- C:\WINDOWS\inf
2011-07-28 12:13:53 ----SHD---- C:\RECYCLER
2011-07-28 12:09:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$
2011-07-27 18:12:35 ----D---- C:\Documents and Settings
2011-07-27 16:23:45 ----D---- C:\Program Files\O2Micro Flash Memory Card Driver
2011-07-27 16:23:45 ----D---- C:\Program Files\CDBurnerXP
2011-07-27 16:08:03 ----SHD---- C:\System Volume Information
2011-07-27 15:39:33 ----D---- C:\WINDOWS\Debug
2011-07-26 09:03:11 ----A---- C:\WINDOWS\ModemLog_Axesstel USB Modem.txt
2011-07-26 08:00:18 ----D---- C:\Program Files\Microsoft Office
2011-07-23 12:02:09 ----A---- C:\WINDOWS\win.ini
2011-07-23 12:00:29 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-07-23 12:00:04 ----RSD---- C:\WINDOWS\assembly
2011-07-21 19:53:58 ----D---- C:\Program Files\Microsoft Works
2011-07-21 19:53:54 ----RSD---- C:\WINDOWS\Fonts
2011-07-21 17:18:03 ----D---- C:\Program Files\City Interactive
2011-07-21 09:04:16 ----D---- C:\WINDOWS\system32\Restore
2011-07-21 09:02:11 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-21 08:56:53 ----A---- C:\boot.ini
2011-07-19 11:52:01 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-07-14 19:11:45 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-07-14 18:45:19 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-07-14 18:44:45 ----D---- C:\Program Files\Intel
2011-07-14 16:05:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-14 16:03:41 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-13 09:23:02 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-10 21:42:26 ----D---- C:\Program Files\Common Files
2011-07-08 07:30:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-07-02 11:05:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-07-01 19:10:00 ----D---- C:\Program Files\Common Files\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-10-18 36624]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-04-08 1309504]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-03-19 175104]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2006-01-20 17408]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 O2MDRDR;O2MDRDR; C:\WINDOWS\system32\DRIVERS\o2media.sys [2008-05-13 51288]
R3 O2SDRDR;O2SDRDR; C:\WINDOWS\system32\DRIVERS\o2sd.sys [2008-06-12 43608]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-02-22 222400]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-07-04 30808]
S1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-07-04 441176]
S1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-07-04 309848]
S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-07-04 43608]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
S2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-07-04 102616]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
S3 Axtmvflt;Axesstel USB Filter Service; C:\WINDOWS\system32\DRIVERS\Axtmvflt.sys [2007-03-22 3456]
S3 Axtmvmdm;Axesstel USB Modem; C:\WINDOWS\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 40064]
S3 Axtmvprt;Axesstel Diagnostic Port; C:\WINDOWS\System32\Drivers\Axtmvprt.sys [2007-03-26 38784]
S3 btaudio;Zvukové zařízení Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2009-09-18 533152]
S3 BTDriver;Ovladač virtuálních komunikací Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160]
S3 BTKRNL;Enumenátor sběrnice Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2009-07-09 991264]
S3 BTWDNDIS;Server pro přístup k síti LAN Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-07-24 156816]
S3 btwmodem;Modem Bluetooth; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2008-02-04 37032]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2009-09-08 45984]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-03-01 988032]
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-03-01 210688]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-06-11 6021184]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-06-13 4754944]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\WINDOWS\system32\drivers\IntcHdmi.sys [2008-04-29 108032]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-03-01 731136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Stahnete OTM (viz muj podpis)

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :reg
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "QuickTime Task"=-
  "Adobe Reader Speed Launcher"=-
  "Adobe ARM"=-
  "tray_ico"=-
  "tray_ico1"=-
  "tray_ico2"=-
  "tray_ico3"=-
  "tray_ico4"=-
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
  "C:\Documents and Settings\Mornštejn Roman\Dokumenty\Downloads\Flash-Player.exe"=-
  "C:\Documents and Settings\Mornštejn Roman\Local Settings\temp\RarSFX0\3047777.exe"=-
  "C:\Documents and Settings\Mornštejn Roman\Local Settings\temp\3508114\3047777.exe"=-
  "C:\Documents and Settings\Administrator\Local Settings\temp\RarSFX0\3047777.exe"=-
  "C:\Documents and Settings\Administrator\Local Settings\temp\9490818\3047777.exe"=-
  "C:\Documents and Settings\Mornštejn Roman\Plocha\tdsskiller.exe"=-
  
  :files
  C:\Documents and Settings\Mornštejn Roman\Local Settings\temp
  C:\Documents and Settings\Mornštejn Roman\Dokumenty\Downloads\Flash-Player.exe
  C:\WINDOWS\ufa
  C:\WINDOWS\rpcminer
  C:\WINDOWS\phoenix
  C:\WINDOWS\ddh_iplist.txt
  C:\WINDOWS\iecheck_iplist.txt
  C:\WINDOWS\update.2
  C:\WINDOWS\unrar.exe
  C:\WINDOWS\btc_client_iplist.txt
  C:\WINDOWS\update.5.0
  C:\WINDOWS\iplist.txt
  C:\WINDOWS\front_ip_list.txt
  C:\WINDOWS\av_ico
  C:\WINDOWS\update.1
  C:\WINDOWS\update.tray-7-0-lnk
  C:\WINDOWS\update.tray-7-0
  C:\WINDOWS\winlog-ids.txt
  C:\WINDOWS\winlog-dirs.txt
  C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-362288127-725345543-1003Core.job
  C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-362288127-725345543-1003UA.job
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]

• Kliknete na cervene tlacitko MoveIt!
• Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

Tak log je tady:

All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\Mornštejn Roman\Dokumenty\Downloads\Flash-Player.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\Mornštejn Roman\Local Settings\temp\RarSFX0\3047777.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\Mornštejn Roman\Local Settings\temp\3508114\3047777.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\Administrator\Local Settings\temp\RarSFX0\3047777.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\Administrator\Local Settings\temp\9490818\3047777.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\Mornštejn Roman\Plocha\tdsskiller.exe deleted successfully.
========== FILES ==========
C:\Documents and Settings\Mornštejn Roman\Local Settings\temp\_avast_ folder moved successfully.
C:\Documents and Settings\Mornštejn Roman\Local Settings\temp\_avast5_ folder moved successfully.
C:\Documents and Settings\Mornštejn Roman\Local Settings\temp\WPDNSE folder moved successfully.
C:\Documents and Settings\Mornštejn Roman\Local Settings\temp\is-SGKUI.tmp folder moved successfully.
C:\Documents and Settings\Mornštejn Roman\Local Settings\temp\2596-1-2011-7-28-6-12-58-296 folder moved successfully.
C:\Documents and Settings\Mornštejn Roman\Local Settings\temp\2168-1-2011-7-29-6-46-36-953 folder moved successfully.
C:\Documents and Settings\Mornštejn Roman\Local Settings\temp\2144-1-2011-7-29-5-43-44-671 folder moved successfully.
C:\Documents and Settings\Mornštejn Roman\Local Settings\temp\2116-1-2011-7-29-12-11-23-546 folder moved successfully.
C:\Documents and Settings\Mornštejn Roman\Local Settings\temp\2108-1-2011-7-29-11-2-51-484 folder moved successfully.
C:\Documents and Settings\Mornštejn Roman\Local Settings\temp\2096-1-2011-7-28-8-35-19-546 folder moved successfully.
C:\Documents and Settings\Mornštejn Roman\Local Settings\temp folder moved successfully.
File/Folder C:\Documents and Settings\Mornštejn Roman\Dokumenty\Downloads\Flash-Player.exe not found.
C:\WINDOWS\ufa folder moved successfully.
C:\WINDOWS\rpcminer folder moved successfully.
C:\WINDOWS\phoenix\kernels\poclbm folder moved successfully.
C:\WINDOWS\phoenix\kernels\phatk folder moved successfully.
C:\WINDOWS\phoenix\kernels folder moved successfully.
C:\WINDOWS\phoenix folder moved successfully.
C:\WINDOWS\ddh_iplist.txt moved successfully.
C:\WINDOWS\iecheck_iplist.txt moved successfully.
C:\WINDOWS\update.2 folder moved successfully.
C:\WINDOWS\unrar.exe moved successfully.
C:\WINDOWS\btc_client_iplist.txt moved successfully.
C:\WINDOWS\update.5.0 folder moved successfully.
C:\WINDOWS\iplist.txt moved successfully.
C:\WINDOWS\front_ip_list.txt moved successfully.
C:\WINDOWS\av_ico folder moved successfully.
C:\WINDOWS\update.1 folder moved successfully.
C:\WINDOWS\update.tray-7-0-lnk folder moved successfully.
C:\WINDOWS\update.tray-7-0 folder moved successfully.
C:\WINDOWS\winlog-ids.txt moved successfully.
C:\WINDOWS\winlog-dirs.txt moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-362288127-725345543-1003Core.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-362288127-725345543-1003UA.job moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
C:\WINDOWS\system32\SET17.tmp moved successfully.
C:\WINDOWS\003060_.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 3663 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Opera cache emptied: 1163175 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 3596 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Mornštejn Roman
->Temporary Internet Files folder emptied: 3824146 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 3596 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4079 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5,00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 07292011_144001

Jak se chova nas pacient

No vypadá to velice dobře.
Tak myslíte, že je čisto, nebo tam může ještě něco být?

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

Uf, to jsem se tentokrát řádně zapotil, hodně moc Vám děkuji za pomoc.
Jsem rád, že na tomto serveru jsou lidi na svém mýstě, které to baví a zajímá.
Ještě jednou Vám moc děkuji za trpělivost se mnou a rady.

Nemate zac, rad jsem pomohl Dekuji za spolupraci, byla skvela

Zase nekdy

ano, zase někdy
jen doufám, že zas né moc brzo.

v sekci preventivek se rad uvidim