VIRY.CZ

Dobrý den,
nějaký zmetek mi blokuje aplikace. I přes vypnutí win brány firewall a avastu se mi některé aplikace nedostanou na net. Vypadá to tak, že delší dobu mi si neprohlídnu net přes IE, Chrome ani Operu a včera mi to odseklo FireFox

tak jsem se rozhodl konat. (Díky bohu běží Safari, jinak bych sem teď asi nepsal...)
Bohužel nejde stáhnout ani aktuální virovou db avastu(btw. při scanu nic nenajde), protože se taky nepřipojí, stejný problém s avg -ten ani nenainstaluji.

Děkuji za kontrolu logu!

Windows Vista SP 2 (build 6002)
Boot Mode: Normal
Ověření souborů Microsoftu: Ano
Whitelist: Ano
Internet Explorer v8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
Log vygenerován: 26.6.2010 9:50:23
================================================================

Běžící procesy
================================================================

(rootkit?) smss.exe
(rootkit?) csrss.exe
(rootkit?) wininit.exe
(rootkit?) csrss.exe
(rootkit?) services.exe
(rootkit?) lsass.exe
(rootkit?) lsm.exe
(rootkit?) winlogon.exe
(rootkit?) svchost.exe
(rootkit?) svchost.exe
(rootkit?) svchost.exe
(rootkit?) svchost.exe
(rootkit?) svchost.exe
(rootkit?) svchost.exe
(rootkit?) audiodg.exe
(rootkit?) svchost.exe
(rootkit?) SLsvc.exe
(rootkit?) svchost.exe
(rootkit?) svchost.exe
(rootkit?) spoolsv.exe
(rootkit?) taskeng.exe
(rootkit?) svchost.exe
(rootkit?) IPSSVC.EXE
(rootkit?) AcPrfMgrSvc.exe
(rootkit?) agrsmsvc.exe
(rootkit?) BcmSqlStartupSvc.exe
(rootkit?) svchost.exe
(rootkit?) DkService.exe
(rootkit?) FnF5svc.exe
(rootkit?) IAANTmon.exe
(rootkit?) ICQ Service.exe
(rootkit?) GoogleCrashHandler.exe
(rootkit?) PMSveH.exe
(rootkit?) svchost.exe
(rootkit?) PSIService.exe
(rootkit?) RichVideo.exe
(rootkit?) svchost.exe
(rootkit?) SUService.exe
(rootkit?) tvt_reg_monitor_svc.exe
(rootkit?) TPHKSVC.exe
(rootkit?) tvttcsd.exe
(rootkit?) rrpservice.exe
(rootkit?) rrservice.exe
(rootkit?) tvtsched.exe
(rootkit?) svchost.exe
(rootkit?) SearchIndexer.exe
(rootkit?) AcSvc.exe
(rootkit?) WUDFHost.exe
C:\WINDOWS\VSNP2UVC.EXE
C:\PROGRAM FILES\LENOVO\NPDIRECT\TPFNF7SP.EXE
(rootkit?) SvcGuiHlpr.exe
(rootkit?) PMHandler.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\PROGRAM FILES\LENOVO\HOTKEY\TPWAUDAP.EXE
C:\PROGRAM FILES\INTEL\INTEL MATRIX STORAGE MANAGER\IAANOTIF.EXE
C:\WINDOWS\RTHDVCPL.EXE
C:\PROGRAM FILES\COMMON FILES\LENOVO\SCHEDULER\SCHEDULER_PROXY.EXE
C:\PROGRAM FILES\LENOVO\LENOVOCARE\LPMGR.EXE
C:\PROGRAM FILES\LENOVO\AWAYTASK\AWAYSCH.EXE
C:\PROGRAM FILES\LENOVO MULTIMEDIA CENTER\POWERDVD\PDVDSERV.EXE
C:\PROGRAM FILES\THINKVANTAGE\AMSG\AMSG.EXE
C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACTRAY.EXE
C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACWLICON.EXE
C:\PROGRAM FILES\LENOVO\CLIENT SECURITY SOLUTION\CSSAUTH.EXE
C:\PROGRAM FILES\JAVA\JRE6\BIN\JUSCHED.EXE
C:\WINDOWS\SYSTEM32\HKCMD.EXE
C:\WINDOWS\SYSTEM32\IGFXPERS.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\LENOVO\NPDIRECT\NPDTRAY.EXE
C:\PROGRAM FILES\LENOVO\BLUETOOTH SOFTWARE\BTTRAY.EXE
C:\PROGRAM FILES\LOGITECH\SETPOINT\SETPOINT.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\USERS\MAITRÉJA\APPDATA\ROAMING\DROPBOX\BIN\DROPBOX.EXE
C:\PROGRAM FILES\DISKEEPER CORPORATION\DISKEEPER\DKICON.EXE
C:\WINDOWS\SYSTEM32\IGFXSRVC.EXE
(rootkit?) svchost.exe
(rootkit?) wmpnetwk.exe
(rootkit?) WmiPrvSE.exe
C:\PROGRAM FILES\LENOVO\BLUETOOTH SOFTWARE\BTSTACKSERVER.EXE
C:\PROGRAM FILES\COMMON FILES\LOGISHRD\KHAL2\KHALMNPR.EXE
(rootkit?) AluSchedulerSvc.exe
C:\PROGRAM FILES\SAFARI\SAFARI.EXE
(rootkit?) conime.exe

Scanner
================================================================
smss.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

csrss.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

wininit.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

csrss.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

services.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

lsass.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

lsm.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

winlogon.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

svchost.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

svchost.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

svchost.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

svchost.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

svchost.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

svchost.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

audiodg.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

svchost.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

SLsvc.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

svchost.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

svchost.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

spoolsv.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

taskeng.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Shodná jména, jiná cesta: TASKENG.EXE X TASKENG.EXE
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

svchost.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

IPSSVC.EXE
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

AcPrfMgrSvc.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

agrsmsvc.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

BcmSqlStartupSvc.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

svchost.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

DkService.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

FnF5svc.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

IAANTmon.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

ICQ Service.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

GoogleCrashHandler.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

PMSveH.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

svchost.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

PSIService.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

RichVideo.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

svchost.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

SUService.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

tvt_reg_monitor_svc.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

TPHKSVC.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

tvttcsd.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

rrpservice.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Podobná jména: RRPSERVICE.EXE X RRSERVICE.EXE
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

rrservice.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Podobná jména: RRSERVICE.EXE X RRPSERVICE.EXE
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

tvtsched.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

svchost.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

SearchIndexer.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

AcSvc.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

WUDFHost.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

[S] taskeng.exe
Shodná jména, jiná cesta: TASKENG.EXE X TASKENG.EXE

[S] explorer.exe
Spouští se po startu HKLM Winlogon [Shell]

[S] MSASCui.exe
Spouští se po startu HKLM Run [Windows Defender]

[?] vsnp2uvc.exe
Spouští se po startu HKLM Run [snp2uvc]

[?] tpfnf7sp.exe
Spouští se po startu HKLM Run [TPFNF7]
Soubor 7%

[?] SvcGuiHlpr.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

[?] PMHandler.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít

[?] SynTPEnh.exe
Spouští se po startu HKLM Run [SynTPEnh]

[?] TpWAudAp.exe
Bez výrobce
Spouští se po startu HKLM Run [TPWAUDAP]
Soubor 12%

[?] IAAnotif.exe
Spouští se po startu HKLM Run [IAAnotif]
Soubor 7%

[?] RtHDVCpl.exe
Spouští se po startu HKLM Run [RtHDVCpl]

[?] scheduler_proxy.exe
Spouští se po startu HKLM Run [TVT Scheduler Proxy]
Nemá okno
Soubor 7%

[?] LPMGR.EXE
Spouští se po startu HKLM Run [LPManager]
Soubor 7%

[?] AwaySch.EXE
Spouští se po startu HKLM Run [AwaySch]
Soubor 7%

[?] PDVDServ.exe
Spouští se po startu HKLM Run [RemoteControl]
Soubor 7%

[?] Amsg.exe
Spouští se po startu HKLM Run [AMSG]
Soubor 7%

[?] ACTray.exe
Spouští se po startu HKLM Run [ACTray]
Nemá okno
Soubor 14%

[?] ACWLIcon.exe
Spouští se po startu HKLM Run [ACWLIcon]
Nemá okno
Soubor 7%

[?] cssauth.exe
Spouští se po startu HKLM Run [cssauth]
Soubor 7%

[?] jusched.exe
Spouští se po startu HKLM Run [SunJavaUpdateSched]
Nemá okno
Soubor 7%

[?] hkcmd.exe
Non Microsoft v System32:
Spouští se po startu HKLM Run [HotKeysCmds]

[?] igfxpers.exe
Non Microsoft v System32:
Spouští se po startu HKLM Run [Persistence]

[S] wmdc.exe
Spouští se po startu HKLM Run [Windows Mobile Device Center]

[?] realsched.exe
Spouští se po startu HKLM Run [TkBellExe]
Soubor 7%

[S] wmpnscfg.exe
Spouští se po startu HKCU Run [WMPNSCFG]

[?] NPDTRAY.EXE
Spouští se po startu HKCU Run [NPDTRAY]
Nemá okno
Soubor 7%

[?] BTTray.exe
Spouští se po startu Po spuštění []
Nemá okno
Soubor 7%

[?] SetPoint.exe
Spouští se po startu Po spuštění []
Soubor 7%

[?] WZQKPICK.EXE
Spouští se po startu Po spuštění []
Soubor 7%

[?] Dropbox.exe
Bez výrobce
Soubor 25%

[?] DkIcon.exe
Spouští se po startu HKLM Run [DiskeeperSystray]
Soubor 7%

[?] igfxsrvc.exe
Non Microsoft v System32:
Nemá okno

[?] svchost.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

[?] wmpnetwk.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

[S] WmiPrvSE.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít

[S] conime.exe
Shodná jména, jiná cesta: CONIME.EXE X CONIME.EXE
Skrytá cesta EXE:

[?] BTStackServer.exe
Soubor 7%

[?] KHALMNPR.exe
Spouští se po startu HKLM Run [Kernel and Hardware Abstraction Layer]
Soubor 7%

[?] AluSchedulerSvc.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít
Nemá okno

[?] Safari.exe
Soubor 14%

[?] conime.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Shodná jména, jiná cesta: CONIME.EXE X CONIME.EXE
Spouští se po startu HKCU Run [Google Update]
Nelze otevřít

Po spuštění
================================================================

HKCU Run
|_ [X][Notes] (Soubor nenalezen)
|_ [?][Google Update] C:\Users\Maitréja\AppData\Local\Google\Update\GoogleUpdate.exe /c
|_ [?][NPDTRAY] C:\PROGRA~1\Lenovo\NPDIRECT\NPDTray.exe
|_ [?][ICQ] C:\Program Files\ICQ7.2\ICQ.exe silent loginmode=4
|_ [?][Meebo Notifier] C:\Users\Maitréja\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe /startup

HKLM Run
|_ [S][Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
|_ [?][snp2uvc] C:\Windows\vsnp2uvc.exe
|_ [?][TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
|_ [?][PMHandler] C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe
|_ [?][SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
|_ [?][TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
|_ [?][IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
|_ [?][RtHDVCpl] C:\Windows\RtHDVCpl.exe
|_ [?][LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath=c:\swshare\firstrun.txt
|_ [?][TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
|_ (Soubor nenalezen)
|_ [?][FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe \s
|_ [?][LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
|_ [?][DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
|_ [?][AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
|_ [?][CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe
|_ [?][RemoteControl] C:\Program Files\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe
|_ [?][LanguageShortcut] C:\Program Files\Lenovo Multimedia Center\PowerDVD\Language\Language.exe
|_ [?][AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
|_ [?][ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
|_ [?][ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
|_ [?][cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe silent
|_ [?][WheelMouse] C:\MSI\ADVANC~1\wh_exec.exe
|_ [?][Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
|_ [?][AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe -launchedbylogin
|_ [?][Skytel] C:\Windows\Skytel.exe
|_ [?][SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
|_ [?][Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.EXE
|_ [?][IgfxTray] C:\Windows\system32\igfxtray.exe
|_ [?][HotKeysCmds] C:\Windows\system32\hkcmd.exe
|_ [?][Persistence] C:\Windows\system32\igfxpers.exe
|_ [?][TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

HKLM ShellServiceObjectDelayLoad
|_ [X][WebCheck] (Soubor nenalezen)

HKLM IC
|_ [?][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll

HKLM Winlogon Notify
|_ [?][igfxcui] C:\Windows\system32\igfxdev.dll

Po spuštění
|_ C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
|_ C:\Program Files\Logitech\SetPoint\SetPoint.exe
|_ C:\Program Files\WinZip\WZQKPICK.EXE
|_ [?][Bluetooth.lnk] C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
|_ [?][Logitech SetPoint.lnk] C:\Program Files\Logitech\SetPoint\SetPoint.exe
|_ [?][WinZip Quick Pick.lnk] C:\Program Files\WinZip\WZQKPICK.EXE

HKLM BHO
|_ [X][{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] (Soubor nenalezen)
|_ [!][{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}] C:\PROGRA~1\Crawler\ctbr.dll
|_ [X][{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] (Soubor nenalezen)
|_ [?][{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] c:\Program Files\Windows Live Toolbar\msntb.dll
|_ [?][{DBC80044-A445-435b-BC74-9C25C1C588A9}] C:\Program Files\Java\jre6\bin\jp2ssv.dll
|_ [?][{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}] C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
|_ [?][{F040E541-A427-4CF7-85D8-75E3E0F476C5}] C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

HKCU IE WebBrowser Toolbar
|_ [?][{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] c:\Program Files\Windows Live Toolbar\msntb.dll
|_ [!][{4B3803EA-5230-4DC3-A7FC-33638F3D3542}] C:\PROGRA~1\Crawler\ctbr.dll
|_ [X][{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] (Soubor nenalezen)

HKLM IE Toolbar
|_ [?][{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] c:\Program Files\Windows Live Toolbar\msntb.dll
|_ [!][{4B3803EA-5230-4DC3-A7FC-33638F3D3542}] C:\PROGRA~1\Crawler\ctbr.dll
|_ [X][{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] (Soubor nenalezen)
|_ [?][{855F3B16-6D32-4FE6-8A56-BBB695989046}] C:\Program Files\ICQ6Toolbar\ICQToolBar.dll

hezké dopoledne

To je log z UPM? To je nějaký divoký

.
Ještě poprosím o log ze Rsitu, viz můj podpis

(kdyby jste se na net už nemohl dostat vůbec, zkuste obnovu systému)

edit// budu tu až večer kolem 8.hodiny

Jj, je to ump.
Přikládám log z RSIT:

Logfile of random's system information tool 1.07 (written by random/random)
Run by Maitréja at 2010-06-26 11:06:46
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 79 GB (34%) free of 233 GB
Total RAM: 2038 MB (43% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3710777502-3298855474-964073315-1003Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3710777502-3298855474-964073315-1003UA.job
C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2008-12-03 1194496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - c:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [2010-02-23 2121728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F040E541-A427-4CF7-85D8-75E3E0F476C5}]
CPwmIEBrowserHelper Object - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2007-08-09 795960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - c:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\ctbr.dll [2008-12-03 1194496]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-03-28 1017592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"snp2uvc"=C:\Windows\vsnp2uvc.exe [2006-12-29 569344]
"TPFNF7"=C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [2007-11-29 59168]
"PMHandler"=C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe [2007-06-06 34352]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104]
"TPWAUDAP"=C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe [2006-09-06 54824]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-23 4423680]
"LenovoOobeOffers"=c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe [2007-09-25 28672]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2007-01-09 536576]
""= []
"FingerPrintSoftware"=C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [2007-05-31 946176]
"LPManager"=C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe [2007-04-26 120368]
"DiskeeperSystray"=C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [2006-11-16 217176]
"AwaySch"=C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [2006-11-07 91688]
"CameraApplicationLauncher"=C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe [2007-08-23 16384]
"RemoteControl"=C:\Program Files\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe [2006-11-24 56928]
"LanguageShortcut"=C:\Program Files\Lenovo Multimedia Center\PowerDVD\Language\Language.exe [2006-12-06 54832]
"AMSG"=C:\Program Files\ThinkVantage\AMSG\Amsg.exe [2007-02-01 439856]
"ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2007-07-06 419112]
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2007-07-06 124200]
"cssauth"=C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2007-08-09 2630968]
"WheelMouse"=C:\MSI\ADVANC~1\wh_exec.exe [2007-09-13 90112]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Skytel"=C:\Windows\Skytel.exe [2007-03-16 1822720]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2009-06-17 55824]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-03-20 202256]
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Notes"= []
"Google Update"=C:\Users\Maitréja\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-02 133104]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"NPDTRAY"=C:\PROGRA~1\Lenovo\NPDIRECT\NPDTray.exe [2007-11-29 218400]
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2010-06-21 133368]
"Meebo Notifier"=C:\Users\Maitréja\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe [2010-05-28 802504]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Users\Maitréja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Maitréja\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2dcc0ca6-6de9-11de-b1a6-001fe1e6e509}]
shell\AutoRun\command - H:\setupSNK.exe

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-06-26 11:06:47 ----D---- C:\Program Files\trend micro
2010-06-26 11:06:46 ----D---- C:\rsit
2010-06-26 09:21:32 ----D---- C:\Program Files\Ultimate Process Manager
2010-06-25 18:36:08 ----D---- C:\Users\Maitréja\AppData\Roaming\Facebook
2010-06-23 20:58:03 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-06-23 20:58:03 ----A---- C:\Windows\system32\PresentationHost.exe
2010-06-23 20:58:03 ----A---- C:\Windows\system32\netfxperf.dll
2010-06-23 20:58:03 ----A---- C:\Windows\system32\mscoree.dll
2010-06-23 20:58:03 ----A---- C:\Windows\system32\dfshim.dll
2010-06-23 20:52:13 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-06-23 20:52:12 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-06-22 11:50:37 ----D---- C:\Users\Maitréja\AppData\Roaming\Meebo
2010-06-21 14:17:10 ----D---- C:\Program Files\ICQ6Toolbar
2010-06-21 14:17:02 ----D---- C:\ProgramData\ICQ
2010-06-21 13:44:03 ----D---- C:\Program Files\ICQ7.2
2010-06-21 11:15:51 ----D---- C:\Users\Maitréja\AppData\Roaming\BorWare
2010-06-09 09:13:14 ----A---- C:\Windows\system32\asycfilt.dll
2010-06-09 09:13:12 ----A---- C:\Windows\system32\atmlib.dll
2010-06-09 09:13:12 ----A---- C:\Windows\system32\atmfd.dll
2010-06-09 09:13:00 ----A---- C:\Windows\system32\mshtml.dll
2010-06-09 09:12:56 ----A---- C:\Windows\system32\ieframe.dll
2010-06-09 09:12:54 ----A---- C:\Windows\system32\iertutil.dll
2010-06-09 09:12:53 ----A---- C:\Windows\system32\wininet.dll
2010-06-09 09:12:53 ----A---- C:\Windows\system32\urlmon.dll
2010-06-09 09:12:52 ----A---- C:\Windows\system32\occache.dll
2010-06-09 09:12:52 ----A---- C:\Windows\system32\mstime.dll
2010-06-09 09:12:52 ----A---- C:\Windows\system32\msfeeds.dll
2010-06-09 09:12:52 ----A---- C:\Windows\system32\iedkcs32.dll
2010-06-09 09:12:51 ----A---- C:\Windows\system32\msfeedssync.exe
2010-06-09 09:12:51 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-06-09 09:12:51 ----A---- C:\Windows\system32\jsproxy.dll
2010-06-09 09:12:51 ----A---- C:\Windows\system32\ieUnatt.exe
2010-06-09 09:12:51 ----A---- C:\Windows\system32\ieui.dll
2010-06-09 09:12:51 ----A---- C:\Windows\system32\iesysprep.dll
2010-06-09 09:12:51 ----A---- C:\Windows\system32\iesetup.dll
2010-06-09 09:12:51 ----A---- C:\Windows\system32\iernonce.dll
2010-06-09 09:12:51 ----A---- C:\Windows\system32\iepeers.dll
2010-06-09 09:12:51 ----A---- C:\Windows\system32\ie4uinit.exe

======List of files/folders modified in the last 1 months======

2010-06-26 11:06:47 ----RD---- C:\Program Files
2010-06-26 11:06:41 ----D---- C:\Windows\Temp
2010-06-26 09:11:59 ----SHD---- C:\System Volume Information
2010-06-26 09:11:19 ----D---- C:\Users\Maitréja\AppData\Roaming\Dropbox
2010-06-26 09:09:16 ----A---- C:\Windows\system32\PROCDB.INI
2010-06-26 09:09:07 ----D---- C:\Windows\System32
2010-06-26 09:09:07 ----A---- C:\Windows\system32\IPSCtrl.INI
2010-06-25 23:07:40 ----A---- C:\Windows\system32\scorelog.txt
2010-06-25 22:34:11 ----D---- C:\Windows\system32\drivers
2010-06-25 19:28:35 ----D---- C:\Program Files\Mozilla Firefox
2010-06-25 18:17:03 ----D---- C:\Windows\inf
2010-06-25 18:17:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-06-24 10:26:58 ----D---- C:\Windows\Microsoft.NET
2010-06-24 10:26:56 ----RSD---- C:\Windows\assembly
2010-06-23 23:41:17 ----D---- C:\Windows\AppPatch
2010-06-23 23:41:16 ----D---- C:\Windows\ehome
2010-06-23 21:00:22 ----D---- C:\Windows\winsxs
2010-06-23 20:59:50 ----D---- C:\Windows\system32\catroot
2010-06-23 20:59:47 ----D---- C:\Windows\system32\catroot2
2010-06-23 15:38:34 ----D---- C:\Users\Maitréja\AppData\Roaming\Skype
2010-06-21 14:30:14 ----D---- C:\Users\Maitréja\AppData\Roaming\ICQ
2010-06-21 14:17:03 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-21 14:17:03 ----D---- C:\Program Files\ICQ6.5
2010-06-21 14:17:02 ----HD---- C:\ProgramData
2010-06-21 12:46:55 ----SHD---- C:\Windows\Installer
2010-06-21 12:28:00 ----A---- C:\Windows\ntbtlog.txt
2010-06-21 12:26:34 ----D---- C:\Program Files\OpenType Tools
2010-06-21 12:01:13 ----D---- C:\Program Files\Crawler
2010-06-21 10:44:41 ----D---- C:\Program Files\Google
2010-06-20 22:44:40 ----AD---- C:\Windows
2010-06-19 20:07:32 ----D---- C:\SWSHARE
2010-06-19 19:04:12 ----D---- C:\Windows\system32\LogFiles
2010-06-19 10:49:09 ----SD---- C:\Users\Maitréja\AppData\Roaming\Microsoft
2010-06-16 14:42:32 ----D---- C:\Windows\Prefetch
2010-06-11 13:58:16 ----D---- C:\ProgramData\Alwil Software
2010-06-10 03:35:50 ----D---- C:\Program Files\Windows Mail
2010-06-10 03:35:50 ----D---- C:\Program Files\Internet Explorer
2010-06-10 03:35:48 ----D---- C:\Windows\system32\migration
2010-06-10 03:18:46 ----D---- C:\ProgramData\Microsoft Help
2010-06-10 03:03:35 ----D---- C:\Windows\system32\wbem
2010-06-09 10:58:29 ----D---- C:\Windows\Minidump
2010-06-07 22:20:28 ----D---- C:\wamp
2010-05-28 21:37:34 ----A---- C:\Windows\system32\mrt.exe
2010-05-27 09:06:11 ----D---- C:\Windows\rescache
2010-05-27 08:54:34 ----D---- C:\Windows\system32\cs-CZ

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-08-26 371248]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiif32.sys [2006-08-30 13744]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-12-01 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2009-02-19 24112]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2009-02-19 184496]
R2 PROCDD;IPS Helper Driver; C:\Windows\system32\DRIVERS\PROCDD.SYS [2006-11-06 12080]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-24 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-22 37376]
R2 tvtfilter;tvtfilter; C:\Windows\system32\DRIVERS\tvtfilter.sys [2008-08-16 33536]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-08 1161888]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-06-17 146824]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-09 179712]
R3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 79664]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 81200]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 16432]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-26 102448]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-26 1761696]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2009-05-29 4233728]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2007-05-22 21376]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-02-17 9598080]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2009-02-19 13616]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-03-25 124464]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2009-02-19 96560]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2009-02-19 22320]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-23 179896]
R3 TVTI2C;Lenovo SM bus driver; C:\Windows\system32\DRIVERS\Tvti2c.sys [2007-05-23 30336]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 ag5tmyyj;ag5tmyyj; C:\Windows\system32\drivers\ag5tmyyj.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-21 220672]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100316.003\NAVENG.SYS [2010-02-16 84912]
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100316.003\NAVEX15.SYS [2010-02-16 1324720]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-12-19 1786880]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\Windows\system32\DRIVERS\pcdrndisuio.sys []
S3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-12-01 279088]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-12-01 317616]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2008-01-21 45624]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 whfltr2k;WheelMouse USB Lower Filter Driver; C:\Windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2007-01-09 128104]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2007-07-06 91432]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2007-07-06 206120]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Automatic LiveUpdate Scheduler;Plánovač automatické aktualizace LiveUpdate; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-31 243064]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-12 30312]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2006-11-16 634988]
R2 FNF5SVC;Fn+F5 Service; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [2007-04-09 54832]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
R2 IPSSVC;IPS Core Service; C:\Windows\system32\IPSSVC.EXE [2007-01-30 108080]
R2 PMSveH;PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [2007-03-16 57344]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-03 174656]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-20 272024]
R2 SUService;System Update; c:\Program Files\Lenovo\System Update\SUService.exe [2007-06-08 13312]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-08-09 644408]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2007-03-02 55936]
R2 TSSCoreService;TSS Core Service; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [2007-08-09 722232]
R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-01-09 569344]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2007-01-09 950272]
R2 TVT Scheduler;TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2007-01-09 1118208]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 gupdate1c9a499c7ea7e2a;Služba Google Update (gupdate1c9a499c7ea7e2a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-14 133104]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-21 655624]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-23 3192184]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 24635]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe [2008-04-17 5750784]

-----------------EOF-----------------

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

Tak skenování trvalo trochu déle... přikládám obsah ComboFix.txt:

ComboFix 10-06-26.01 - Maitréja 26.06.2010 22:01:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2038.1009 [GMT 2:00]
Spuštěný z: c:\users\Maitréja\Pictures\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\pswi_preloaded.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-26 do 2010-06-26 )))))))))))))))))))))))))))))))
.

2010-06-26 20:14 . 2010-06-26 20:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-26 19:10 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-26 19:10 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-26 19:10 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-26 19:10 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-26 19:10 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-26 19:09 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-26 19:09 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-26 09:06 . 2010-06-26 09:06 -------- d-----w- c:\program files\trend micro
2010-06-26 09:06 . 2010-06-26 09:06 -------- d-----w- C:\rsit
2010-06-26 07:21 . 2010-06-26 07:21 -------- d-----w- c:\program files\Ultimate Process Manager
2010-06-23 18:58 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 18:58 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 18:58 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 18:58 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 18:58 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 18:52 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 18:52 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-21 12:17 . 2010-06-21 12:34 -------- d-----w- c:\program files\ICQ6Toolbar
2010-06-21 12:17 . 2010-06-21 12:34 -------- d-----w- c:\programdata\ICQ
2010-06-21 11:44 . 2010-06-22 07:09 -------- d-----w- c:\program files\ICQ7.2
2010-06-19 18:07 . 2010-06-19 18:07 1732 ----a-w- C:\tvtpktfilter.dat
2010-06-09 07:13 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 07:13 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 07:13 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-09 07:10 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-26 20:15 . 2008-08-16 06:34 4268 ----a-w- c:\windows\bthservsdp.dat
2010-06-26 16:13 . 2008-08-16 06:22 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-06-26 16:13 . 2008-08-16 06:22 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-06-21 12:17 . 2009-07-21 09:28 -------- d-----w- c:\program files\ICQ6.5
2010-06-21 12:17 . 2008-08-16 06:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-21 10:26 . 2009-10-20 21:25 -------- d-----w- c:\program files\OpenType Tools
2010-06-21 10:01 . 2009-01-12 22:48 -------- d-----w- c:\program files\Crawler
2010-06-21 08:44 . 2008-08-16 07:24 -------- d-----w- c:\program files\Google
2010-06-11 11:58 . 2010-04-07 09:47 -------- d-----w- c:\programdata\Alwil Software
2010-06-10 01:35 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-10 01:18 . 2008-08-16 07:36 -------- d-----w- c:\programdata\Microsoft Help
2010-05-21 12:14 . 2009-10-02 18:08 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 05:59 . 2010-06-09 07:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-09 07:12 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-09 07:12 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-09 07:12 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-03 08:44 . 2008-08-16 07:12 -------- d-----w- c:\programdata\Corel
2010-05-03 08:42 . 2008-08-16 07:12 -------- d-----w- c:\programdata\Borland
2010-05-03 08:37 . 2009-04-12 19:43 -------- d-----w- c:\program files\MP3 WAV Converter
2010-05-03 08:31 . 2008-10-24 13:14 -------- d-----w- c:\program files\MeeSoft
2010-05-03 08:30 . 2008-12-03 21:40 -------- d-----w- c:\programdata\Lavasoft
2010-05-03 08:28 . 2009-03-23 11:21 -------- d-----w- c:\program files\SlySoft
2010-04-23 14:13 . 2010-05-26 12:41 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 16:43 . 2010-06-23 18:52 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-23 18:52 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-23 18:52 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-23 18:52 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2009-03-20 11:55 . 2008-09-19 19:14 88 --sh--r- c:\windows\System32\56AE0B2085.sys
2009-03-20 11:58 . 2008-09-19 19:14 2828 --sha-w- c:\windows\System32\KGyGaAvL.sys
2008-08-16 06:25 . 2008-08-16 06:25 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Maitréja\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Maitréja\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Maitréja\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Maitréja\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-07-02 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"NPDTRAY"="c:\progra~1\Lenovo\NPDIRECT\NPDTray.exe" [2007-11-29 218400]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-06-21 133368]
"Meebo Notifier"="c:\users\Maitréja\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe" [2010-05-28 802504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2006-12-29 569344]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 59168]
"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2007-06-06 34352]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2006-09-06 54824]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 4423680]
"LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2007-09-25 28672]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-01-09 536576]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2007-04-26 120368]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-15 217176]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2007-08-23 16384]
"RemoteControl"="c:\program files\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\Lenovo Multimedia Center\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 439856]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 419112]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 124200]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-09 2630968]
"WheelMouse"="c:\msi\ADVANC~1\wh_exec.exe" [2007-09-13 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Skytel"="Skytel.exe" [2007-03-16 1822720]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-20 202256]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

c:\users\Maitr‚ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Maitr‚ja\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2007-3-29 719664]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-7 813584]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-10 525640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c8,3f,6c,6b,c7,66,ca,01

R2 gupdate1c9a499c7ea7e2a;Služba Google Update (gupdate1c9a499c7ea7e2a);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 133104]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-11-22 717296]
S1 aswSP;aswSP; [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2006-08-30 13744]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 FNF5SVC;Fn+F5 Service;c:\program files\LENOVO\HOTKEY\FNF5SVC.exe [2007-04-09 54832]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2007-03-02 55936]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-01-09 569344]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-26 102448]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-05-29 4233728]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-06-26 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 13:54]

2010-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 11:41]

2010-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 11:41]

2010-06-26 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2010-06-09 04:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\ICQ7.2\ICQ.exe
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\users\Maitréja\AppData\Roaming\Mozilla\Firefox\Profiles\emtxk9he.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.cz/ig
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Notes - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-26 22:31
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files\Lenovo\PM Driver\PMSveH.exe
c:\windows\system32\PSIService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\Bubbles.scr
.
**************************************************************************
.
Celkový čas: 2010-06-26 22:36:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-26 20:35

Před spuštěním: Volných bajtů: 82 217 828 352
Po spuštění: Volných bajtů: 82 478 501 888

- - End Of File - - B0CBECA637803B23BA6AE65B648A52D2

Změnilo se něco?

Bohužel ne

FF stále nemůže zobrazit žádnou stránku a avast nenaváže spojení se serverem...

Nemáte nějakou radu co dělat dál? Jak zjistit kde je chyba?
Děkuji za pomoc.

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT

-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Gmer 1. log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-27 09:15:56
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\MAITRJ~1\AppData\Local\Temp\ugrdqpow.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85A1C1F8
Device \FileSystem\fastfat \Fat 907E3500

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)
AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Gmer 2. log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-27 09:37:07
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\MAITRJ~1\AppData\Local\Temp\ugrdqpow.sys

---- System - GMER 1.0.15 ----

SSDT 906E5770 ZwAlpcConnectPort

INT 0x62 ? 8733CBF8
INT 0x62 ? 8733CBF8
INT 0x62 ? 8733CBF8
INT 0x72 ? 8507ABF8
INT 0x82 ? 8507ABF8
INT 0x92 ? 85A19BF8
INT 0xA2 ? 8733CBF8
INT 0xB2 ? 8733CBF8
INT 0xB3 ? 8733CBF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeInsertQueue + 32D 82C89924 4 Bytes [70, 57, 6E, 90] {JO 0x59; OUTSB ; NOP }
? System32\Drivers\spjm.sys Systém nemůže nalézt uvedenou cestu. !
.text USBPORT.SYS!DllUnload 8E3B041B 5 Bytes JMP 8733C1D8
.text aer9f5ut.SYS 8E96B000 22 Bytes [82, E3, FC, 82, 6C, E2, FC, ...]
.text aer9f5ut.SYS 8E96B017 45 Bytes [00, 32, 97, 74, 83, 3D, 95, ...]
.text aer9f5ut.SYS 8E96B045 135 Bytes [83, C7, 82, 4C, 9F, CA, 82, ...]
.text aer9f5ut.SYS 8E96B0CE 10 Bytes [00, 00, 00, 00, 00, 00, 66, ...]
.text aer9f5ut.SYS 8E96B0DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Safari\Safari.exe[6124] USER32.dll!EndPaint 76EAA28F 5 Bytes JMP 65C48F80 C:\Program Files\Safari\WebKit.dll (WebKit Dynamic Link Library/Apple Inc.)
.text C:\Program Files\Safari\Safari.exe[6124] USER32.dll!BeginPaint 76EAA2A3 5 Bytes JMP 65C48F10 C:\Program Files\Safari\WebKit.dll (WebKit Dynamic Link Library/Apple Inc.)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 850792D8
IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [83670C4C] \SystemRoot\System32\Drivers\spjm.sys
IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [83670CA0] \SystemRoot\System32\Drivers\spjm.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [836406D2] \SystemRoot\System32\Drivers\spjm.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [83640040] \SystemRoot\System32\Drivers\spjm.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [836407FC] \SystemRoot\System32\Drivers\spjm.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [836400BE] \SystemRoot\System32\Drivers\spjm.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8364013C] \SystemRoot\System32\Drivers\spjm.sys
IAT \SystemRoot\system32\drivers\ataport.SYS[ntoskrnl.exe!DbgBreakPoint] 8507A2D8
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8733C2D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [83650048] \SystemRoot\System32\Drivers\spjm.sys
IAT \SystemRoot\System32\Drivers\aer9f5ut.SYS[ataport.SYS!AtaPortNotification] 24488B66
IAT \SystemRoot\System32\Drivers\aer9f5ut.SYS[ataport.SYS!AtaPortWritePortUchar] E84D8966
IAT \SystemRoot\System32\Drivers\aer9f5ut.SYS[ataport.SYS!AtaPortWritePortUlong] 83E84D8B
IAT \SystemRoot\System32\Drivers\aer9f5ut.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 896602C1
IAT \SystemRoot\System32\Drivers\aer9f5ut.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 488BEA4D
IAT \SystemRoot\System32\Drivers\aer9f5ut.SYS[ataport.SYS!AtaPortGetScatterGatherList] [8DC80320] \SystemRoot\system32\DRIVERS\igdkmd32.sys (Intel Graphics Kernel Mode Driver/Intel Corporation)
IAT \SystemRoot\System32\Drivers\aer9f5ut.SYS[ataport.SYS!AtaPortReadPortUchar] 57500845
IAT \SystemRoot\System32\Drivers\aer9f5ut.SYS[ataport.SYS!AtaPortStallExecution] F0458D57
IAT \SystemRoot\System32\Drivers\aer9f5ut.SYS[ataport.SYS!AtaPortGetParentBusType] 00006850
IAT \SystemRoot\System32\Drivers\aer9f5ut.SYS[ataport.SYS!AtaPortRequestCallback] 458DB002
IAT \SystemRoot\System32\Drivers\aer9f5ut.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 35FF50E8
IAT \SystemRoot\System32\Drivers\aer9f5ut.SYS[ataport.SYS!AtaPortGetUnCachedExtension] [8E990FBC] \SystemRoot\System32\Drivers\aer9f5ut.SYS (ATAPI IDE Miniport Driver/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\aer9f5ut.SYS[ataport.SYS!AtaPortCompleteRequest] 57EC4D89
IAT \SystemRoot\System32\Drivers\aer9f5ut.SYS[ataport.SYS!AtaPortMoveMemory] 01F045C7
IAT \SystemRoot\System32\Drivers\aer9f5ut.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] E8000000
IAT \SystemRoot\System32\Drivers\aer9f5ut.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 0001E4E4
IAT \SystemRoot\System32\Drivers\aer9f5ut.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 4675C73B
IAT \SystemRoot\System32\Drivers\aer9f5ut.SYS[ataport.SYS!AtaPortReadPortUshort] 990FC8A1
IAT \SystemRoot\System32\Drivers\aer9f5ut.SYS[ataport.SYS!AtaPortReadPortBufferUshort] [8D526A8E] \SystemRoot\system32\drivers\RTKVHDA.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.)
IAT \SystemRoot\System32\Drivers\aer9f5ut.SYS[ataport.SYS!AtaPortInitialize] 00009A88
IAT \SystemRoot\System32\Drivers\aer9f5ut.SYS[ataport.SYS!AtaPortGetDeviceBase] 48C08300
IAT \SystemRoot\System32\Drivers\aer9f5ut.SYS[ataport.SYS!AtaPortDeviceStateChange] 8D076A50
IAT \SystemRoot\System32\Drivers\aer9f5ut.SYS[NTOSKRNL.exe!KeTickCount] 840FF87D
IAT \SystemRoot\system32\DRIVERS\storport.sys[ntoskrnl.exe!DbgBreakPoint] 8748A2D8

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[748] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00060002
IAT C:\Windows\system32\services.exe[748] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00060000
IAT C:\Windows\Explorer.EXE[4004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73E27817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73E7A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73E2BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73E1F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73E275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73E1E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73E58395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73E2DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73E1FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73E1FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73E171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73EACAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73E4C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73E1D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73E16853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73E1687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4004] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73E22AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85A1C1F8
Device \FileSystem\fastfat \FatCdrom 907E3500

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 8507C1F8
Device \Driver\usbuhci \Device\USBPDO-0 8739F500
Device \Driver\usbuhci \Device\USBPDO-1 8739F500
Device \Driver\usbehci \Device\USBPDO-2 873391F8
Device \Driver\usbuhci \Device\USBPDO-3 8739F500
Device \Driver\BTHUSB \Device\000000a0 bthport.sys (Ovladač sběrnice Bluetooth/Microsoft Corporation)
Device \Driver\BTHUSB \Device\000000a0 bthport.sys (Ovladač sběrnice Bluetooth/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-4 8739F500

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBPDO-5 8739F500
Device \Driver\BTHUSB \Device\000000a2 bthport.sys (Ovladač sběrnice Bluetooth/Microsoft Corporation)
Device \Driver\BTHUSB \Device\000000a2 bthport.sys (Ovladač sběrnice Bluetooth/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-6 873391F8
Device \Driver\volmgr \Device\HarddiskVolume1 8507C1F8
Device \Driver\volmgr \Device\HarddiskVolume2 8507C1F8
Device \Driver\cdrom \Device\CdRom0 8735E1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85A1A1F8
Device \Driver\iaStor \Device\Ide\iaStor0 [888D3D30] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 85A1A1F8
Device \Driver\atapi \Device\Ide\IdePort1 85A1A1F8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [888D3D30] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\volmgr \Device\HarddiskVolume3 8507C1F8
Device \Driver\cdrom \Device\CdRom1 8735E1F8
Device \Driver\cdrom \Device\CdRom2 8735E1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{7BC127C6-B6B9-4ABD-914A-3559C323DF4A} 907271F8
Device \Driver\netbt \Device\NetBt_Wins_Export 907271F8
Device \Driver\netbt \Device\NetBT_Tcpip_{E6E864E8-CDF9-489F-BF0B-3B630839F38A} 907271F8
Device \Driver\sptd \Device\4185789240 spjm.sys
Device \Driver\Smb \Device\NetbiosSmb 907231F8
Device \Driver\netbt \Device\NetBT_Tcpip_{C3C0345B-989F-4BE0-BC01-97F1709E0E37} 907271F8
Device \Driver\iScsiPrt \Device\RaidPort0 8748B1F8

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\PCI_PNP3224 \Device\0000005d spjm.sys
Device \Driver\usbuhci \Device\USBFDO-0 8739F500
Device \Driver\usbuhci \Device\USBFDO-1 8739F500
Device \Driver\usbehci \Device\USBFDO-2 873391F8
Device \Driver\usbuhci \Device\USBFDO-3 8739F500
Device \Driver\usbuhci \Device\USBFDO-4 8739F500
Device \Driver\usbuhci \Device\USBFDO-5 8739F500
Device \Driver\usbehci \Device\USBFDO-6 873391F8
Device \Driver\aer9f5ut \Device\Scsi\aer9f5ut1Port4Path0Target0Lun0 874451F8
Device \Driver\aer9f5ut \Device\Scsi\aer9f5ut1 874451F8
Device \Driver\aer9f5ut \Device\Scsi\aer9f5ut1Port4Path0Target1Lun0 874451F8
Device \FileSystem\fastfat \Fat 907E3500

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)

Device \FileSystem\cdfs \Cdfs 853201F8

---- Threads - GMER 1.0.15 ----

Thread System [4:444] 901D425E
Thread System [4:456] 9037B3B4
Thread System [4:460] 902E7698

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1e6e509
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1e6e509@001a753d5c63 0x97 0xA5 0x8A 0x32 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1e6e509@000ea6f2d28b 0x75 0x1A 0x87 0x09 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1e6e509@00233a07f4c0 0xE6 0x54 0x45 0x24 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF3 0xDB 0x1A 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x81 0xFF 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBF 0x0F 0x15 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x86 0x6A 0xBD 0xDB ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1e6e509 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1e6e509@001a753d5c63 0x97 0xA5 0x8A 0x32 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1e6e509@000ea6f2d28b 0x75 0x1A 0x87 0x09 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1e6e509@00233a07f4c0 0xE6 0x54 0x45 0x24 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF3 0xDB 0x1A 0x80 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x81 0xFF 0xE8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBF 0x0F 0x15 0xE8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x86 0x6A 0xBD 0xDB ...

---- Files - GMER 1.0.15 ----

File C:\RRbackups\C 0 bytes
File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\backups.dat 8192 bytes
File C:\RRbackups\common\bmgrmode.dat 29 bytes
File C:\RRbackups\common\css.dat 8192 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 8192 bytes
File C:\RRbackups\common\restore.log 110 bytes
File C:\RRbackups\common\rr.log 68972 bytes
File C:\RRbackups\common\rr_bcdenum.dat 3769 bytes
File C:\RRbackups\common\SAM 98304 bytes
File C:\RRbackups\common\secpolicy.dat 24576 bytes
File C:\RRbackups\common\settings.dat 32768 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\tvtcmn.dat 8192 bytes
File C:\RRbackups\common\tvtns.bin 23 bytes
File C:\RRbackups\common\usersids.dat 12480 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3710777502-3298855474-964073315-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3710777502-3298855474-964073315-500\a077ead69703e3bf1fd373a3c9376faa_91e85be3-3e4d-484e-a632-d36d5d4e0158 77 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3710777502-3298855474-964073315-500\a18ca4003deb042bbee7a40f15e1970b_91e85be3-3e4d-484e-a632-d36d5d4e0158 54 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1067765355-367813283-2874104705-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1067765355-367813283-2874104705-500\d499eb81-9f5d-4358-9a35-57f79220dffe 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1067765355-367813283-2874104705-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-3710777502-3298855474-964073315-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-3710777502-3298855474-964073315-500\44253173-c48e-4b00-80d7-f7565ea42e33 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-3710777502-3298855474-964073315-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Default 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-1067765355-367813283-2874104705-500 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-1067765355-367813283-2874104705-500\d499eb81-9f5d-4358-9a35-57f79220dffe 388 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-1067765355-367813283-2874104705-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect\S-1-5-21-1067765355-367813283-2874104705-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect\S-1-5-21-1067765355-367813283-2874104705-500\d499eb81-9f5d-4358-9a35-57f79220dffe 388 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect\S-1-5-21-1067765355-367813283-2874104705-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Maitréja 0 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Lenovo\Client Security Solution\config.ini 61 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Lenovo\Client Security Solution\cssversion.dat 1908 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Lenovo\Client Security Solution\encobject.dat 11256 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Lenovo\Client Security Solution\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Lenovo\Client Security Solution\Maitréja.pwm 7108 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Lenovo\Client Security Solution\Maitréja.pwm.bak 7140 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Lenovo\Client Security Solution\pwmaction.dat 600 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Lenovo\Client Security Solution\swkeys.dat 6372 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Lenovo\Client Security Solution\symkeys.dat 1968 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Lenovo\Client Security Solution(249) 0 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Lenovo\Client Security Solution(249)\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Lenovo\Client Security Solution(249)\cssversion.dat 1908 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Lenovo\Client Security Solution(249)\encobject.dat 11256 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Lenovo\Client Security Solution(249)\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Lenovo\Client Security Solution(249)\Maitréja.pwm 7140 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Lenovo\Client Security Solution(249)\Maitréja.pwm.bak 6154 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Lenovo\Client Security Solution(249)\pwmaction.dat 600 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Lenovo\Client Security Solution(249)\swkeys.dat 6372 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Lenovo\Client Security Solution(249)\symkeys.dat 1968 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3710777502-3298855474-964073315-1003 0 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3710777502-3298855474-964073315-1003\0ee846592eab0a6560fb1d4131f457fb_91e85be3-3e4d-484e-a632-d36d5d4e0158 1705 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3710777502-3298855474-964073315-1003\533145ef011ddf5ca3983e2545a902b4_91e85be3-3e4d-484e-a632-d36d5d4e0158 2079 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3710777502-3298855474-964073315-1003\6b29ae44e85efac3c72ff4d1865d73f1_91e85be3-3e4d-484e-a632-d36d5d4e0158 53 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3710777502-3298855474-964073315-1003\83aa4cc77f591dfc2374580bbd95f6ba_91e85be3-3e4d-484e-a632-d36d5d4e0158 45 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3710777502-3298855474-964073315-1003\8f71098770f72c7a67cd8f1151619865_91e85be3-3e4d-484e-a632-d36d5d4e0158 54 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3710777502-3298855474-964073315-1003\932a2db58c237abd381d22df4c63a04a_91e85be3-3e4d-484e-a632-d36d5d4e0158 87 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3710777502-3298855474-964073315-1003\a077ead69703e3bf1fd373a3c9376faa_91e85be3-3e4d-484e-a632-d36d5d4e0158 77 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\Protect\S-1-5-21-1067765355-367813283-2874104705-500 0 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\Protect\S-1-5-21-1067765355-367813283-2874104705-500\d499eb81-9f5d-4358-9a35-57f79220dffe 388 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\Protect\S-1-5-21-1067765355-367813283-2874104705-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\Protect\S-1-5-21-3710777502-3298855474-964073315-1003 0 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\Protect\S-1-5-21-3710777502-3298855474-964073315-1003\23c0a2a2-b0e8-45c6-ad4b-5e343a4f7576 388 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\Protect\S-1-5-21-3710777502-3298855474-964073315-1003\2a39e66e-78fb-45ac-9d2c-1cd3f6bbd8fe 388 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\Protect\S-1-5-21-3710777502-3298855474-964073315-1003\499538fe-3670-426c-a49d-1ca351984b0f 388 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\Protect\S-1-5-21-3710777502-3298855474-964073315-1003\65eee397-0522-4bc4-8327-cdb386f89e99 388 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\Protect\S-1-5-21-3710777502-3298855474-964073315-1003\94213784-7129-4afe-8104-615573cce383 388 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\Protect\S-1-5-21-3710777502-3298855474-964073315-1003\d6149562-4e01-42e1-a3ad-e3ad2bb6ff1e 388 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\Protect\S-1-5-21-3710777502-3298855474-964073315-1003\e9deddb5-2227-462f-a075-da098977e2f8 388 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\Protect\S-1-5-21-3710777502-3298855474-964073315-1003\f32d8d0f-b937-4448-95cd-91c32947d7cc 388 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\Protect\S-1-5-21-3710777502-3298855474-964073315-1003\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Maitréja\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\ProgramData 0 bytes
File C:\RRbackups\ProgramData\Lenovo 0 bytes
File C:\RRbackups\ProgramData\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\ProgramData\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\ProgramData\Lenovo\Client Security Solution\encobject.dat 1608 bytes
File C:\RRbackups\ProgramData\Lenovo\Client Security Solution\swkeys.dat 6372 bytes
File C:\RRbackups\ProgramData\Lenovo\Client Security Solution\symkeys.dat 656 bytes
File C:\RRbackups\ProgramData\Microsoft 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a077ead69703e3bf1fd373a3c9376faa_91e85be3-3e4d-484e-a632-d36d5d4e0158 905 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6b29ae44e85efac3c72ff4d1865d73f1_91e85be3-3e4d-484e-a632-d36d5d4e0158 53 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_91e85be3-3e4d-484e-a632-d36d5d4e0158 47 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_91e85be3-3e4d-484e-a632-d36d5d4e0158 54 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\b973ec0ff915c48a18fe09064ce3a22d_91e85be3-3e4d-484e-a632-d36d5d4e0158 56 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_91e85be3-3e4d-484e-a632-d36d5d4e0158 897 bytes

---- EOF - GMER 1.0.15 ----

Log z Gmeru je ok, uvidíme co mbam. Budu tu zase až večer

Tak Mbam nenašel žádné infikované soubory.
Jedinej problém se vyskytl během instalace- "MBAM_ERROR_UPDATING(12029, 0, WinHttpSendRequest)" - což si vysvětluju jako, že nebyl schopen stáhnout aktuální verzi db, což je dalším důkazem stávajícího problému- většina aplikací se neprokouše na net... Zbývá skype, dropbox, safari a windows update (o kterých vim).

Já nikde žádný problém nevidím. Můžete zkusit obnovu systému?

VIRY.CZ

Nevyžádaný firewall

Nevyžádaný firewall

pokračování logu

Re: Nevyžádaný firewall

Re: Nevyžádaný firewall

Re: Nevyžádaný firewall

Re: Nevyžádaný firewall

Re: Nevyžádaný firewall

Re: Nevyžádaný firewall

Re: Nevyžádaný firewall

Re: Nevyžádaný firewall

Re: Nevyžádaný firewall

Re: Nevyžádaný firewall

Re: Nevyžádaný firewall

Re: Nevyžádaný firewall

Re: Nevyžádaný firewall