VIRY.CZ

Logfile of random's system information tool 1.08 (written by random/random)
Run by Acer at 2010-07-30 16:26:19
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 120 GB (50%) free of 238 GB
Total RAM: 3838 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:26:25, on 30.7.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\ICQ7.0\ICQ.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Acer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_m3201
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_m3201
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_m3201
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files (x86)\Get Styles\enlbrdr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Ubisoft register.lnk = C:\Program Files (x86)\UBISOFT\Register\schedule.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files (x86)\Get Styles\ct.htm
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files (x86)\Get Styles\ct.htm
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {574940E0-1B7A-4881-8FA3-1E809714B156} - C:\Users\Acer\AppData\LocalLow\Microńoft\redir.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\Hry\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10904 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
"C:\Program Files\Alwil Software\Avast4\ashServ.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskeng.exe {06300CF6-79D4-411F-9CCA-EF976EAE7551}
"C:\Windows\system32\Dwm.exe"
taskeng.exe {68438B10-EC15-496F-9C27-D280D3A1E953}
C:\Windows\Explorer.EXE
"C:\Program Files\Windows Defender\MSASCui.exe" -hide
"C:\Windows\RAVCpl64.exe"
"C:\Program Files\Acer\Empowering Technology\SysMonitor.exe"
"C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe" boot
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe"
"C:\Windows\ehome\ehtray.exe"
"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
C:\Windows\ehome\ehmsas.exe -Embedding
"C:\Program Files (x86)\ICQ7.0\ICQ.exe" silent loginmode=4
"C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
"C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe"
"C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe"
"C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe"
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe"
"C:\Program Files\Acer\Empowering Technology\Service\ETService.exe"
"C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
"C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe"
"D:\Hry\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe"
"C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-0b680a7e-81a8-4621-a23d-79267854adf0 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-258676ea-9155-4b5d-8cdf-a19bc9872535 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-59140483-fd54-4136-9aa5-2ef916723530 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:a2e99764-cc47-429e-ba33-12fc3aa60bc4
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
C:\Windows\System32\mobsync.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
taskeng.exe {A825037A-B36E-4A55-B8AE-353AB3042A6B}
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 640 644 652 65536 648
"C:\Users\Acer\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{EF0051FF-9400-4879-AAFE-2E40988C46C6}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll [2008-07-29 378416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-07-13 371888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll [2010-06-02 322104]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
GdfrDUEn Class - C:\Program Files (x86)\Get Styles\enlbrdr.dll [2010-02-11 185856]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-13 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-06-02 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll [2008-07-29 181296]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-07-13 371888]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-07-29 142896]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-13 278192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1584184]
"RtHDVCpl"=C:\Windows\RAVCpl64.exe [2008-05-20 6296064]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]
"Acer Empowering Technology Monitor"=C:\Program Files\Acer\Empowering Technology\SysMonitor.exe [2008-08-19 319488]
"EmpoweringTechnology"=C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe [2008-08-19 323584]
"eDataSecurity Loader"=C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe [2008-07-29 561200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-09-21 68856]
"SpywareTerminatorUpdate"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-04-14 3037696]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe [2008-07-17 490952]
"ICQ"=C:\Program Files (x86)\ICQ7.0\ICQ.exe [2010-06-08 133368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"PCMMediaSharing"=C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2008-05-20 204908]
"BkupTray"=C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-25 28672]
"eRecoveryService"= []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2010-01-14 37888]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-07-06 98304]

C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Ubisoft register.lnk - C:\Program Files (x86)\UBISOFT\Register\schedule.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-07-30 16:26:19 ----D---- C:\rsit
2010-07-30 16:26:19 ----D---- C:\Program Files\trend micro
2010-07-29 18:12:02 ----D---- C:\ProgramData\ATI
2010-07-29 18:07:59 ----SHD---- C:\Config.Msi
2010-07-07 04:30:08 ----A---- C:\Windows\system32\drivers\atikmdag.sys
2010-07-07 04:16:20 ----A---- C:\Windows\system32\atio6axx.dll
2010-07-07 03:55:08 ----A---- C:\Windows\SYSWOW64\atioglxx.dll
2010-07-07 03:54:16 ----A---- C:\Windows\system32\atiapfxx.exe
2010-07-07 03:54:08 ----A---- C:\Windows\SYSWOW64\aticfx32.dll
2010-07-07 03:53:20 ----A---- C:\Windows\system32\aticfx64.dll
2010-07-07 03:51:26 ----A---- C:\Windows\system32\atieclxx.exe
2010-07-07 03:50:54 ----A---- C:\Windows\system32\atiesrxx.exe
2010-07-07 03:49:48 ----A---- C:\Windows\system32\atitmm64.dll
2010-07-07 03:49:36 ----A---- C:\Windows\system32\atipdl64.dll
2010-07-07 03:49:28 ----A---- C:\Windows\SYSWOW64\atipdlxx.dll
2010-07-07 03:49:18 ----A---- C:\Windows\SYSWOW64\Oemdspif.dll
2010-07-07 03:49:14 ----A---- C:\Windows\system32\atimuixx.dll
2010-07-07 03:49:10 ----A---- C:\Windows\system32\atiedu64.dll
2010-07-07 03:49:06 ----A---- C:\Windows\SYSWOW64\ati2edxx.dll
2010-07-07 03:46:26 ----A---- C:\Windows\SYSWOW64\atidxx32.dll
2010-07-07 03:37:36 ----A---- C:\Windows\system32\atidxx64.dll
2010-07-07 03:30:12 ----A---- C:\Windows\system32\atiumd6a.dll
2010-07-07 03:29:26 ----A---- C:\Windows\system32\aticalrt64.dll
2010-07-07 03:29:24 ----A---- C:\Windows\SYSWOW64\aticalrt.dll
2010-07-07 03:29:16 ----A---- C:\Windows\system32\aticalcl64.dll
2010-07-07 03:29:14 ----A---- C:\Windows\SYSWOW64\aticalcl.dll
2010-07-07 03:29:06 ----A---- C:\Windows\system32\aticaldd64.dll
2010-07-07 03:28:20 ----A---- C:\Windows\SYSWOW64\atiumdag.dll
2010-07-07 03:27:58 ----A---- C:\Windows\SYSWOW64\aticaldd.dll
2010-07-07 03:23:14 ----A---- C:\Windows\SYSWOW64\atiumdva.dll
2010-07-07 03:16:02 ----A---- C:\Windows\SYSWOW64\atiadlxy.dll
2010-07-07 03:15:54 ----A---- C:\Windows\system32\atig6pxx.dll
2010-07-07 03:15:50 ----A---- C:\Windows\SYSWOW64\atiglpxx.dll
2010-07-07 03:15:50 ----A---- C:\Windows\system32\atiglpxx.dll
2010-07-07 03:15:48 ----A---- C:\Windows\system32\atig6txx.dll
2010-07-07 03:15:46 ----A---- C:\Windows\SYSWOW64\atigktxx.dll
2010-07-07 03:15:42 ----A---- C:\Windows\system32\drivers\atikmpag.sys
2010-07-07 03:15:04 ----A---- C:\Windows\system32\atiuxp64.dll
2010-07-07 03:14:58 ----A---- C:\Windows\SYSWOW64\atiuxpag.dll
2010-07-07 03:14:44 ----A---- C:\Windows\SYSWOW64\atiu9pag.dll
2010-07-07 03:14:16 ----A---- C:\Windows\system32\drivers\ati2erec.dll
2010-07-07 03:11:12 ----A---- C:\Windows\system32\atimpc64.dll
2010-07-07 03:11:12 ----A---- C:\Windows\system32\amdpcom64.dll
2010-07-07 03:11:06 ----A---- C:\Windows\SYSWOW64\atimpc32.dll
2010-07-07 03:11:06 ----A---- C:\Windows\SYSWOW64\amdpcom32.dll
2010-07-06 20:42:23 ----D---- C:\léto

======List of files/folders modified in the last 1 months======

2010-07-30 16:26:25 ----D---- C:\Windows\Temp
2010-07-30 16:26:25 ----D---- C:\Windows\Prefetch
2010-07-30 16:26:19 ----RD---- C:\Program Files
2010-07-30 15:20:28 ----D---- C:\Users\Acer\AppData\Roaming\uTorrent
2010-07-30 14:23:26 ----D---- C:\ProgramData\Spyware Terminator
2010-07-30 08:35:12 ----D---- C:\Windows
2010-07-29 22:24:03 ----D---- C:\Users\Acer\AppData\Roaming\Skype
2010-07-29 19:24:18 ----D---- C:\Users\Acer\AppData\Roaming\skypePM
2010-07-29 18:18:04 ----D---- C:\Users\Acer\AppData\Roaming\esmska
2010-07-29 18:12:02 ----HD---- C:\ProgramData
2010-07-29 18:11:19 ----D---- C:\Windows\System32
2010-07-29 18:09:42 ----SHD---- C:\Windows\Installer
2010-07-29 18:09:33 ----D---- C:\Program Files\ATI Technologies
2010-07-29 18:09:24 ----D---- C:\Program Files (x86)\ATI Technologies
2010-07-29 18:08:19 ----RSD---- C:\Windows\assembly
2010-07-29 18:08:19 ----D---- C:\Windows\SysWOW64
2010-07-29 18:07:34 ----D---- C:\Windows\system32\drivers
2010-07-29 18:07:32 ----D---- C:\Windows\system32\catroot
2010-07-29 18:07:31 ----D---- C:\Windows\inf
2010-07-29 18:07:28 ----SHD---- C:\System Volume Information
2010-07-26 22:26:44 ----D---- C:\MP3 MAMKA
2010-07-23 16:48:31 ----D---- C:\OBRÁZKY
2010-07-22 20:10:40 ----D---- C:\Pájush MP3
2010-07-17 19:14:43 ----D---- C:\Windows\system32\catroot2
2010-07-15 08:26:58 ----D---- C:\Windows\Debug
2010-07-15 07:32:57 ----D---- C:\Windows\winsxs
2010-07-14 22:31:28 ----D---- C:\Program Files\Windows Mail
2010-07-14 22:31:28 ----D---- C:\Program Files (x86)\Windows Mail
2010-07-14 22:31:18 ----D---- C:\ProgramData\Microsoft Help
2010-07-14 09:43:03 ----D---- C:\Users\Acer\AppData\Roaming\Spyware Terminator
2010-07-09 18:06:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-09 17:52:19 ----D---- C:\MP3
2010-07-07 03:51:30 ----A---- C:\Windows\system32\ATIDEMGX.dll
2010-07-07 03:24:34 ----A---- C:\Windows\system32\coinst.dll
2010-07-07 03:22:26 ----A---- C:\Windows\system32\atiumd64.dll
2010-07-07 03:16:06 ----A---- C:\Windows\system32\atiadlxx.dll
2010-07-07 03:14:50 ----A---- C:\Windows\system32\atiu9p64.dll
2010-07-07 03:14:28 ----A---- C:\Windows\system32\atitmp64.dll
2010-07-06 22:09:55 ----D---- C:\tatinkoff
2010-07-02 22:18:43 ----A---- C:\Windows\system32\mrt.exe
2010-07-01 16:38:04 ----D---- C:\Program Files (x86)\Spyware Terminator

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ahcix64s;ahcix64s; C:\Windows\system32\drivers\ahcix64s.sys [2008-04-02 215568]
R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2008-04-28 16400]
R0 BTHidEnum;Bluetooth HID Enumerator; C:\Windows\System32\Drivers\vbtenum.sys [2007-03-05 24976]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\Windows\System32\Drivers\BTHidMgr.sys [2007-03-05 49680]
R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2008-07-29 22064]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-11-08 868848]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-31 16384]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 27216]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 89680]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 53840]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 22096]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 65616]
R2 int15;int15; \??\C:\Windows\SysWOW64\drivers\int15_64.sys [2008-08-19 17952]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-07-29 21040]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-07-29 60976]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-07-07 7195648]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-07-07 265728]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-06 122384]
R3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2007-05-11 38160]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 37648]
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 25360]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2008-05-20 1458080]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\Drivers\NTIDrvr.sys [2008-01-31 16384]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 11264]
R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 47120]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 63248]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2009-09-11 26248]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2009-09-11 76552]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 108544]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys [2007-12-28 391680]
S3 ak3b5xj5;ak3b5xj5; C:\Windows\system32\drivers\ak3b5xj5.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-07-07 7195648]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-05-09 44688]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 26112]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 115712]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 276480]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 34304]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 6144]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 275456]
S3 ITEIO.SYS;ITEIO.SYS; \??\c:\Windows\System32\drivers\ITEIO.sys [2008-02-25 13144]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 11008]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 7936]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 178176]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2009-09-11 41096]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2009-09-11 15880]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 46592]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 8704]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 438328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service; C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-20 269448]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-07-07 203264]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-07-29 500784]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R2 PnkBstrA;PunkBuster; D:\Hry\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe [2007-08-15 63040]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [2008-06-13 241734]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe [2010-04-14 488960]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-26 135664]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 27648]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-12 182768]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S4 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 27648]

-----------------EOF-----------------

Dobrý den, na logu se pracuje.

Jdeme na to.

1) OTMoveit3

Stáhněte OTM3 na Plochu.
Spusťte ho dvojklikem na OTM.exe, pokud to nepůjde, zkuste to s adminskými právy.

Do levého okna 'Paste Instructions for Items to be Moved' vkopírujte následující skript:

Kód: Vybrat vše

:files
%systemroot%\system32\*.tmp.dll /s
%systemroot%\*.tmp /s
%TMP%\*.*
%ALLUSERSPROFILE%\Data aplikací\TEMP\*.*
C:\Program Files (x86)\ICQ6Toolbar
C:\Program Files (x86)\Get Styles
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

:reg
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.cz"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0BF43445-2F28-4351-9252-17FE6E806AA0}=-
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
"{0BF43445-2F28-4351-9252-17FE6E806AA0}"=-
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"eRecoveryService"=-
"SunJavaUpdateSched"=-
"Adobe Reader Speed Launcher"=-
C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ubisoft register.lnk

:services
ICQ Service

:commands
[emptytemp]
[emptyflash]

Poté klikněte na červené tlačítko 'MoveIt!'.
V zeleném okně vpravo by se měl zobrazit log, ten vkopírujete sem do fóra.
Pokud se zobrazí hláška k restartování, klikněte na 'Yes'.
Po restartu se log otevře sám, nebo ho najdete v C:\_OTM\MovedFiles

2) VirusTotal

Otestujte na VirusTotal soubory:
Kód: Vybrat vše
```
C:\Windows\SysWOW64\drivers\int15_64.sys
```
Jednoduše tam vkopírujete cesty, co jsem napsal do code.
Jestliže Vám to napíše, že soubor byl již testován, nechte ho otestovat znovu.
Poté sem vložíte linky (odkazy) na jednotlivé testy.

3) Fixnutí v HJT

Spusťte přejmenované HijackThis - C:\Program Files\Trend Micro\HijackThis\jmeno_uzivatele.exe
Následně klikněte na 'Do a system scan only'.

U níže uvedených položek udělejte fajfku do čtverečku a poté klikněte na 'Fix Checked'.

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - - (no file)
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files (x86)\Get Styles\ct.htm
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files (x86)\Get Styles\ct.htm
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe

Pokud by tam nějaká položka nebyla, vynechte ji.

4) Nový RSIT log

zde log z OTM
All processes killed
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.

virustotal
Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2010.08.06.01 2010.08.06 -
AntiVir 8.2.4.32 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.06 -
Avast 4.8.1351.0 2010.08.05 -
Avast5 5.0.332.0 2010.08.05 -
AVG 9.0.0.851 2010.08.05 -
BitDefender 7.2 2010.08.06 -
CAT-QuickHeal 11.00 2010.08.06 -
ClamAV 0.96.0.3-git 2010.08.06 -
Comodo 5664 2010.08.06 -
DrWeb 5.0.2.03300 2010.08.06 -
Emsisoft 5.0.0.36 2010.08.06 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7769 2010.08.06 -
F-Prot 4.6.1.107 2010.08.05 -
F-Secure 9.0.15370.0 2010.08.06 -
Fortinet 4.1.143.0 2010.08.06 -
GData 21 2010.08.06 -
Ikarus T3.1.1.84.0 2010.08.06 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.06 -
McAfee 5.400.0.1158 2010.08.06 -
McAfee-GW-Edition 2010.1 2010.08.06 -
Microsoft 1.6004 2010.08.06 -
NOD32 5345 2010.08.05 -
Norman 6.05.11 2010.08.06 -
nProtect 2010-08-06.01 2010.08.06 -
Panda 10.0.2.7 2010.08.06 -
PCTools 7.0.3.5 2010.08.04 -
Prevx 3.0 2010.08.06 -
Rising 22.59.04.04 2010.08.06 -
Sophos 4.56.0 2010.08.06 -
Sunbelt 6693 2010.08.06 -
SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
Symantec 20101.1.1.7 2010.08.06 -
TheHacker 6.5.2.1.334 2010.08.06 -
TrendMicro 9.120.0.1004 2010.08.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.06 -
VirusBuster 5.0.27.0 2010.08.05 -
Rozšiřující informace
File size: 17952 bytes
MD5...: 8c7fa71cb1ebcd3ede8958d27b1bf0b4
SHA1..: 9cc0b2c8326ad0ea819c1904d835bd034cd3b912
SHA256: 04243a34af13b89dabe4c4d24204438094aa36a83591092e1251ad67e623c10f
ssdeep: 192:NPqxLLYp7xdUQG3JkQNfTgPgD9OBpqqTBKb7yowJL/aMjGwP7oZgjlSMt5+e
bMWO:NPCoxQNfk457YJLWd6jvPbfA
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x4771c36f (Wed Dec 26 02:58:55 2007)
machinetype.......: 0x8664 (AMD64)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1a15 0x1c00 5.79 0f8384a065b9d72800176719d63a76c2
.rdata 0x3000 0x124 0x200 2.93 0a74ea80208a496c67d3a80a2c51b26f
.data 0x4000 0x101c8 0x200 0.63 6a8ea502f041ec36a1d5280ba57c9254
.pdata 0x15000 0x60 0x200 0.85 3a90a0816aa046b7d979b3cf722774a5
INIT 0x16000 0x176 0x200 3.56 71645d698fad5de4c514d98591a82a63
.rsrc 0x17000 0x338 0x400 2.72 a70c8919c0a3e5b0642b3de6e3cf6ada

( 1 imports )
> ntoskrnl.exe: DbgPrint, IofCompleteRequest, IoDeleteDevice, IoDeleteSymbolicLink, RtlInitUnicodeString, MmMapLockedPagesSpecifyCache, RtlCopyMemory, MmUnmapIoSpace, MmMapIoSpace, IoCreateSymbolicLink, IoCreateDevice

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Acer, Inc.
copyright....: CopyRight @ Acer solutions
product......: int15
description..: int15
original name: int15
internal name: int15
file version.: 1.00.0001,0001 built by: WinDDK
comments.....: n/a
signers......: Acer Incorporated
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 5:14 AM 12/26/2007
verified.....: -

LOG
Logfile of random's system information tool 1.08 (written by random/random)
Run by Acer at 2010-08-06 10:57:45
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 134 GB (56%) free of 238 GB
Total RAM: 3838 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:57:48, on 6.8.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Acer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_m3201
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_m3201
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_m3201
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Ubisoft register.lnk = C:\Program Files (x86)\UBISOFT\Register\schedule.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files (x86)\Get Styles\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files (x86)\Get Styles\ct.htm (file missing)
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {574940E0-1B7A-4881-8FA3-1E809714B156} - C:\Users\Acer\AppData\LocalLow\Microńoft\redir.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\Hry\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9443 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
"C:\Program Files\Alwil Software\Avast4\ashServ.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe"
taskeng.exe {8468FB16-337F-47B7-B225-A57584C9221C}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe"
taskeng.exe {E6EDB097-3C15-4D58-91C2-1EAC4BF91E86}
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe"
"C:\Program Files\Acer\Empowering Technology\Service\ETService.exe"
"C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe"
"C:\Program Files\Windows Defender\MSASCui.exe" -hide
"C:\Windows\RAVCpl64.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
"C:\Program Files\Acer\Empowering Technology\SysMonitor.exe"
"C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe"
"C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe" boot
"C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe"
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe"
"C:\Windows\ehome\ehtray.exe"
"D:\Hry\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe"
"C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\ehome\ehmsas.exe -Embedding
"C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-cce37a23-9b2f-40b1-a5d5-e16a98944f2f -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-998922d8-a4fe-4eaa-ba0b-9a46a47ee6e1 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-3e1a14b2-04ad-4953-ac58-edb264872922 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:26e17796-edfe-4ab5-8491-a1051d3bcadb
"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
taskeng.exe {D5F6F21A-36C5-414E-8A63-8114F86569AF}
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe17_ Global\UsGthrCtrlFltPipeMssGthrPipe17 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 640 644 652 65536 648
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Acer\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{EF0051FF-9400-4879-AAFE-2E40988C46C6}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll [2008-07-29 378416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-07-13 371888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll [2010-06-02 322104]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-13 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-06-02 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll [2008-07-29 181296]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-07-13 371888]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-07-29 142896]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-13 278192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1584184]
"RtHDVCpl"=C:\Windows\RAVCpl64.exe [2008-05-20 6296064]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]
"Acer Empowering Technology Monitor"=C:\Program Files\Acer\Empowering Technology\SysMonitor.exe [2008-08-19 319488]
"EmpoweringTechnology"=C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe [2008-08-19 323584]
"eDataSecurity Loader"=C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe [2008-07-29 561200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240]
"SpywareTerminatorUpdate"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-04-14 3037696]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe [2008-07-17 490952]
"ICQ"=C:\Program Files (x86)\ICQ7.0\ICQ.exe [2010-06-08 133368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"PCMMediaSharing"=C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2008-05-20 204908]
"BkupTray"=C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-25 28672]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2010-01-14 37888]

C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Ubisoft register.lnk - C:\Program Files (x86)\UBISOFT\Register\schedule.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-06 10:38:22 ----D---- C:\_OTM
2010-08-05 20:54:11 ----A---- C:\Windows\system32\shell32.dll
2010-08-05 20:54:08 ----A---- C:\Windows\SYSWOW64\shell32.dll
2010-07-30 17:28:03 ----SHD---- C:\Config.Msi
2010-07-30 16:26:19 ----D---- C:\rsit
2010-07-30 16:26:19 ----D---- C:\Program Files\trend micro
2010-07-07 04:30:08 ----A---- C:\Windows\system32\drivers\atikmdag.sys
2010-07-07 04:16:20 ----A---- C:\Windows\system32\atio6axx.dll
2010-07-07 03:55:08 ----A---- C:\Windows\SYSWOW64\atioglxx.dll
2010-07-07 03:54:16 ----A---- C:\Windows\system32\atiapfxx.exe
2010-07-07 03:54:08 ----A---- C:\Windows\SYSWOW64\aticfx32.dll
2010-07-07 03:53:20 ----A---- C:\Windows\system32\aticfx64.dll
2010-07-07 03:51:26 ----A---- C:\Windows\system32\atieclxx.exe
2010-07-07 03:50:54 ----A---- C:\Windows\system32\atiesrxx.exe
2010-07-07 03:49:48 ----A---- C:\Windows\system32\atitmm64.dll
2010-07-07 03:49:36 ----A---- C:\Windows\system32\atipdl64.dll
2010-07-07 03:49:28 ----A---- C:\Windows\SYSWOW64\atipdlxx.dll
2010-07-07 03:49:18 ----A---- C:\Windows\SYSWOW64\Oemdspif.dll
2010-07-07 03:49:14 ----A---- C:\Windows\system32\atimuixx.dll
2010-07-07 03:49:10 ----A---- C:\Windows\system32\atiedu64.dll
2010-07-07 03:49:06 ----A---- C:\Windows\SYSWOW64\ati2edxx.dll
2010-07-07 03:46:26 ----A---- C:\Windows\SYSWOW64\atidxx32.dll
2010-07-07 03:37:36 ----A---- C:\Windows\system32\atidxx64.dll
2010-07-07 03:30:12 ----A---- C:\Windows\system32\atiumd6a.dll
2010-07-07 03:29:26 ----A---- C:\Windows\system32\aticalrt64.dll
2010-07-07 03:29:24 ----A---- C:\Windows\SYSWOW64\aticalrt.dll
2010-07-07 03:29:16 ----A---- C:\Windows\system32\aticalcl64.dll
2010-07-07 03:29:14 ----A---- C:\Windows\SYSWOW64\aticalcl.dll
2010-07-07 03:29:06 ----A---- C:\Windows\system32\aticaldd64.dll
2010-07-07 03:28:20 ----A---- C:\Windows\SYSWOW64\atiumdag.dll
2010-07-07 03:27:58 ----A---- C:\Windows\SYSWOW64\aticaldd.dll
2010-07-07 03:23:14 ----A---- C:\Windows\SYSWOW64\atiumdva.dll
2010-07-07 03:16:02 ----A---- C:\Windows\SYSWOW64\atiadlxy.dll
2010-07-07 03:15:54 ----A---- C:\Windows\system32\atig6pxx.dll
2010-07-07 03:15:50 ----A---- C:\Windows\SYSWOW64\atiglpxx.dll
2010-07-07 03:15:50 ----A---- C:\Windows\system32\atiglpxx.dll
2010-07-07 03:15:48 ----A---- C:\Windows\system32\atig6txx.dll
2010-07-07 03:15:46 ----A---- C:\Windows\SYSWOW64\atigktxx.dll
2010-07-07 03:15:42 ----A---- C:\Windows\system32\drivers\atikmpag.sys
2010-07-07 03:15:04 ----A---- C:\Windows\system32\atiuxp64.dll
2010-07-07 03:14:58 ----A---- C:\Windows\SYSWOW64\atiuxpag.dll
2010-07-07 03:14:44 ----A---- C:\Windows\SYSWOW64\atiu9pag.dll
2010-07-07 03:14:16 ----A---- C:\Windows\system32\drivers\ati2erec.dll
2010-07-07 03:11:12 ----A---- C:\Windows\system32\atimpc64.dll
2010-07-07 03:11:12 ----A---- C:\Windows\system32\amdpcom64.dll
2010-07-07 03:11:06 ----A---- C:\Windows\SYSWOW64\atimpc32.dll
2010-07-07 03:11:06 ----A---- C:\Windows\SYSWOW64\amdpcom32.dll

======List of files/folders modified in the last 1 months======

2010-08-06 10:57:46 ----D---- C:\Windows\Temp
2010-08-06 10:57:46 ----D---- C:\Windows\Prefetch
2010-08-06 10:49:16 ----D---- C:\Windows
2010-08-06 10:39:39 ----RD---- C:\Program Files (x86)
2010-08-06 10:39:39 ----D---- C:\Windows\Tasks
2010-08-06 10:38:29 ----D---- C:\Windows\SysWOW64
2010-08-06 10:38:23 ----D---- C:\Users\Acer\AppData\Roaming\Skype
2010-08-06 10:13:41 ----D---- C:\ProgramData\Spyware Terminator
2010-08-06 09:01:24 ----D---- C:\Users\Acer\AppData\Roaming\esmska
2010-08-06 08:44:39 ----D---- C:\Users\Acer\AppData\Roaming\skypePM
2010-08-06 07:00:51 ----D---- C:\Windows\System32
2010-08-05 22:53:05 ----D---- C:\Windows\winsxs
2010-08-05 22:52:42 ----SHD---- C:\System Volume Information
2010-08-05 20:51:48 ----D---- C:\Windows\system32\catroot
2010-08-02 21:32:38 ----D---- C:\Users\Acer\AppData\Roaming\uTorrent
2010-08-02 15:33:15 ----D---- C:\Users\Acer\AppData\Roaming\Spyware Terminator
2010-08-02 12:20:44 ----D---- C:\tatinkoff
2010-07-30 17:28:19 ----SHD---- C:\Windows\Installer
2010-07-30 17:28:19 ----RD---- C:\Program Files
2010-07-30 17:28:04 ----HD---- C:\ProgramData
2010-07-30 17:27:43 ----D---- C:\Windows\system32\drivers
2010-07-30 17:27:43 ----D---- C:\Windows\inf
2010-07-30 17:26:51 ----D---- C:\Windows\system32\catroot2
2010-07-30 16:33:27 ----D---- C:\Windows\SYSWOW64\drivers
2010-07-29 18:08:19 ----RSD---- C:\Windows\assembly
2010-07-26 22:26:44 ----D---- C:\MP3 MAMKA
2010-07-23 16:48:31 ----D---- C:\OBRÁZKY
2010-07-22 20:10:40 ----D---- C:\Pájush MP3
2010-07-15 08:26:58 ----D---- C:\Windows\Debug
2010-07-14 22:31:28 ----D---- C:\Program Files\Windows Mail
2010-07-14 22:31:28 ----D---- C:\Program Files (x86)\Windows Mail
2010-07-14 22:31:18 ----D---- C:\ProgramData\Microsoft Help
2010-07-09 18:06:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-09 17:52:19 ----D---- C:\MP3
2010-07-09 17:52:19 ----D---- C:\léto

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ahcix64s;ahcix64s; C:\Windows\system32\drivers\ahcix64s.sys [2008-04-02 215568]
R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2008-04-28 16400]
R0 BTHidEnum;Bluetooth HID Enumerator; C:\Windows\System32\Drivers\vbtenum.sys [2007-03-05 24976]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\Windows\System32\Drivers\BTHidMgr.sys [2007-03-05 49680]
R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2008-07-29 22064]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-11-08 868848]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-31 16384]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 27216]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 89680]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 53840]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 22096]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 65616]
R2 int15;int15; \??\C:\Windows\SysWOW64\drivers\int15_64.sys [2008-08-19 17952]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-07-29 21040]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-07-29 60976]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-03-03 6402560]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-03-03 188928]
R3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2007-05-11 38160]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 37648]
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 25360]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 275456]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2008-05-20 1458080]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\Drivers\NTIDrvr.sys [2008-01-31 16384]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 11264]
R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 47120]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 63248]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2009-09-11 26248]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2009-09-11 76552]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 108544]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys [2007-12-28 391680]
S3 a18rggbd;a18rggbd; C:\Windows\system32\drivers\a18rggbd.sys []
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-03-03 6402560]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-05-09 44688]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 26112]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 115712]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 276480]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 34304]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 6144]
S3 ITEIO.SYS;ITEIO.SYS; \??\c:\Windows\System32\drivers\ITEIO.sys [2008-02-25 13144]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 11008]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 7936]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 178176]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2009-09-11 41096]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2009-09-11 15880]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 46592]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 8704]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 438328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service; C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-20 269448]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-03-03 202752]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-07-29 500784]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe []
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R2 PnkBstrA;PunkBuster; D:\Hry\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe [2007-08-15 63040]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [2008-06-13 241734]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe [2010-04-14 488960]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-26 135664]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 27648]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-12 182768]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S4 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 27648]

-----------------EOF-----------------

Je to celý log z OTM? Přijde mi krátký, a zdá se mi že skript neproběhl úspěšně.
A udělal jste krok číslo 3?

jj, udelal jsem vse jak bylo napsano

0K, doděláme to. :]

1) Reg soubor

Spusťte Poznámkový blok [Start → Spustit → notepad → Enter].

Do něj vkopírujte následující text:

Kód: Vybrat vše

Windows Registry Editor Version 5.00 

[HKLM\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"=-

[HKLM\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{14CD42DD-ABCD-3586-DCAB-40E3693E3737}]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\{14CD42DD-ABCD-3586-DCAB-40E3693E3737}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{88EB38EF-4D2C-436D-ABD3-56B232674062}]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\{88EB38EF-4D2C-436D-ABD3-56B232674062}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0BF43445-2F28-4351-9252-17FE6E806AA0}"=-

Uložte tento soubor například na Plochu jako oprava.reg (vizte obrázek).
Dvojklikem tento soubor spusťte.
Potvrďte přidání informací do registrů kliknutím na 'Ano'.
Restartujte PC a po restartu tento soubor smažte.

2) VirusTotal

Otestujte na VirusTotal soubory:

Kód: Vybrat vše

C:\Users\Acer\AppData\LocalLow\Microńoft\redir.dll

Jednoduše tam vkopírujete cesty, co jsem napsal do code.
Jestliže Vám to napíše, že soubor byl již testován, nechte ho otestovat znovu.
Poté sem vložíte linky (odkazy) na jednotlivé testy.

3) Mazání služby přes CMD

Spusťte Příkazový řádek [Start → Spustit → cmd → Enter].
Do něho napište následující příkazy:
Kód: Vybrat vše
```
sc stop ICQ Service
sc delete ICQ Service
```
Po každém příkaze stiskněte Enter.

4) Bat soubor

Spusťte Poznámkový blok [Start → Spustit → notepad → Enter].

Do něho vkopírujte následující text:

Kód: Vybrat vše

del "C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ubisoft register.lnk"

Uložte soubor například na Plochu jako del.bat [vizte obrázek] a dvojklikem jej spusťte.
Mělo by jen na chvíli probliknout černé okénko.
Po použití tento soubor smažte.

5) Malwarebytes' Anti-Malware

Stáhněte MbAM a postupujte podle popisu.
Zatím nic nemažte, MbAM má občas falešné detekce.
Poté mi sem vložte log ve formě textu.

6) Restartujte PC, nechte znovu proběhnout RSIT a vložte mi z něj log

A k logu z RSIT přiložte samozřjmě také log z MbAM.

Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2010.08.08.00 2010.08.07 -
AntiVir 8.2.4.34 2010.08.08 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.07 -
Avast 4.8.1351.0 2010.08.08 -
Avast5 5.0.332.0 2010.08.08 -
AVG 9.0.0.851 2010.08.08 -
BitDefender 7.2 2010.08.08 -
CAT-QuickHeal 11.00 2010.08.07 -
ClamAV 0.96.0.3-git 2010.08.08 -
Comodo 5679 2010.08.08 -
DrWeb 5.0.2.03300 2010.08.08 -
Emsisoft 5.0.0.36 2010.08.08 -
eSafe 7.0.17.0 2010.08.08 -
eTrust-Vet 36.1.7773 2010.08.07 -
F-Prot 4.6.1.107 2010.08.07 -
F-Secure 9.0.15370.0 2010.08.07 -
Fortinet 4.1.143.0 2010.08.08 -
GData 21 2010.08.08 -
Ikarus T3.1.1.84.0 2010.08.08 -
Jiangmin 13.0.900 2010.08.07 -
Kaspersky 7.0.0.125 2010.08.08 -
McAfee 5.400.0.1158 2010.08.08 -
McAfee-GW-Edition 2010.1 2010.08.08 Heuristic.BehavesLike.Win32.Trojan.H
Microsoft 1.6004 2010.08.08 -
NOD32 5349 2010.08.07 -
Norman 6.05.11 2010.08.08 -
nProtect 2010-08-08.01 2010.08.08 -
Panda 10.0.2.7 2010.08.08 -
PCTools 7.0.3.5 2010.08.08 -
Prevx 3.0 2010.08.08 -
Rising 22.59.05.04 2010.08.07 -
Sophos 4.56.0 2010.08.08 -
Sunbelt 6701 2010.08.08 -
SUPERAntiSpyware 4.40.0.1006 2010.08.08 -
Symantec 20101.1.1.7 2010.08.08 -
TheHacker 6.5.2.1.338 2010.08.08 -
TrendMicro 9.120.0.1004 2010.08.08 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.08 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.08 -
VirusBuster 5.0.27.0 2010.08.08 -
Rozšiřující informace
File size: 221184 bytes
MD5...: d7a1a23c193f66b76519886c91426b7b
SHA1..: 6acf4a9478ecbddb99ba8dad19a5a8511fb9a7b8
SHA256: 8be6837127d3b913c5bfaab85bac0ff4b559ccc7ddd62063f31298509cf68c2d
ssdeep: 3072:1Fw/nhRtaM2EHqOB0yBOpazNghs1Rn25inT4KdzBLjytIybbx8uy4QcMAgA
MUhR:AvZ2EKW0g2sP25iTpjLutZx8Jl5U
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1560c
timedatestamp.....: 0x4b6ac3f0 (Thu Feb 04 12:56:16 2010)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x254ed 0x25600 6.65 ca5b87440407eec76601a5dbd7883bcc
.rdata 0x27000 0x9927 0x9a00 4.79 3b09d12d692590a4537dcf1f83d463e3
.data 0x31000 0x3b7c 0x1e00 3.92 fde2a2c7a385e9d98a96902a40d81364
.rsrc 0x35000 0x1078 0x1200 4.51 08930164d067c8ce3edc2f389597a1d9
.reloc 0x37000 0x3b14 0x3c00 5.06 a6f8ae49de5180169e259e636517c9ec

( 10 imports )
> WININET.dll: HttpOpenRequestA, InternetConnectW, InternetConnectA
> KERNEL32.dll: TerminateProcess, CloseHandle, OpenProcess, HeapAlloc, HeapFree, WideCharToMultiByte, GetLastError, WaitForSingleObject, GetProcessHeap, InitializeCriticalSection, DeleteCriticalSection, MultiByteToWideChar, lstrlenA, lstrlenW, LoadResource, SizeofResource, LockResource, ExpandEnvironmentStringsW, CreateDirectoryW, FindResourceW, FreeResource, GetVolumeInformationW, FindResourceExW, HeapReAlloc, GetVersion, GetModuleHandleW, InterlockedIncrement, InterlockedDecrement, GetCurrentThread, GetModuleFileNameW, DisableThreadLibraryCalls, FreeLibrary, LoadLibraryExW, GetThreadLocale, SetThreadLocale, VirtualQuery, GetModuleHandleA, VirtualProtect, InterlockedCompareExchange, ResumeThread, GetThreadContext, SetThreadContext, SuspendThread, VirtualAlloc, SetHandleCount, GetConsoleMode, GetConsoleCP, LCMapStringA, LCMapStringW, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, GetModuleFileNameA, GetStdHandle, WriteFile, ExitProcess, GetProcAddress, LoadLibraryA, GetCurrentProcessId, GetCurrentThreadId, FlushInstructionCache, RaiseException, LeaveCriticalSection, EnterCriticalSection, CreateThread, GetCurrentProcess, SetLastError, GetEnvironmentStrings, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, lstrcmpiW, Sleep, HeapCreate, CreateFileA, ReadFile, SetEndOfFile, FlushFileBuffers, SetStdHandle, WriteConsoleW, RtlUnwind, GetCommandLineA, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, HeapSize, HeapDestroy, VirtualFree, IsProcessorFeaturePresent, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, SetFilePointer, GetConsoleOutputCP, WriteConsoleA, CreateFileW, GetStringTypeW, GetStringTypeA, GetLocaleInfoA
> USER32.dll: SetWindowLongW, CharNextW, PostQuitMessage, MessageBoxW, CreateWindowExW, LoadCursorW, GetClassInfoExW, RegisterClassExW, FindWindowExW, SendMessageW, DispatchMessageW, TranslateMessage, GetMessageW, CallWindowProcW, DefWindowProcW, GetWindowLongW, UnregisterClassA
> ADVAPI32.dll: RegEnumKeyExW, RegDeleteValueW, RegQueryInfoKeyW, RegOpenKeyExW, RegDeleteKeyW, RegSetValueExW, RegQueryValueExW, RegCreateKeyExW, RegCloseKey, GetSidSubAuthority, GetSidSubAuthorityCount, GetSidIdentifierAuthority, IsValidSid, GetTokenInformation, OpenProcessToken
> SHELL32.dll: ShellExecuteW
> ole32.dll: StringFromGUID2, CoTaskMemAlloc, CoTaskMemRealloc, CoTaskMemFree, CoMarshalInterThreadInterfaceInStream, CoGetInterfaceAndReleaseStream, CoCreateInstance, CoUninitialize, CoInitialize, CLSIDFromProgID
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -
> SHLWAPI.dll: PathStripPathW, StrDupW
> WS2_32.dll: -, -, WSAEventSelect, WSASetEvent, WSACreateEvent, WSARecv, WSAGetOverlappedResult, WSASend, WSAResetEvent, WSAEnumNetworkEvents, WSAConnect, -, WSASocketW, WSACloseEvent, -, FreeAddrInfoW, GetAddrInfoW, -
> detoured.dll: Detoured

( 5 exports )
DllCanUnloadNow, DllGetClassObject, DllInstall, DllRegisterServer, DllUnregisterServer
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: DirectShow filter (59.7%)
Windows OCX File (36.5%)
Win32 Executable Generic (2.5%)
Generic Win/DOS Executable (0.5%)
DOS Executable Generic (0.5%)
sigcheck:
publisher....: n/a
copyright....: Copyright (C) 2010
product......: redir Dynamic Link Library
description..: redir Dynamic Link Library
original name: redir.dll
internal name: redir
file version.: 1, 0, 0, 1
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Log mbam:
Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verze databáze: 4406

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

8.8.2010 16:10:57
mbam-log-2010-08-08 (16-10-57).txt

Typ skenu: Rychlý sken
Skenované objekty: 132076
Uplynulý čas: 4 minuta(y), 1 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Log RSIT
Logfile of random's system information tool 1.08 (written by random/random)
Run by Acer at 2010-08-08 16:20:13
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 120 GB (51%) free of 238 GB
Total RAM: 3838 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:20:18, on 8.8.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\ICQ7.0\ICQ.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Program Files\trend micro\Acer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_m3201
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_m3201
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_m3201
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files (x86)\Get Styles\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files (x86)\Get Styles\ct.htm (file missing)
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {574940E0-1B7A-4881-8FA3-1E809714B156} - C:\Users\Acer\AppData\LocalLow\Microńoft\redir.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\Hry\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9549 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe"
"C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe"
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe"
"C:\Program Files\Acer\Empowering Technology\Service\ETService.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe"
"C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe"
"D:\Hry\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe"
"C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-b7e9f11f-a069-4d82-9be8-0e26ae6c8ad3 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-8db616d8-2c91-4f64-8800-758fb89e34c9 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-09697a1b-f4b0-46fd-aab5-8187871576cb -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:e493970a-8972-4b18-85bf-148d77c0af1a
taskeng.exe {6B30EB11-F0A3-4CB9-A8ED-2E9C5648895A}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {3CFF1654-BAAB-4EF8-9B43-2B2915E8F9BA}
"C:\Program Files\Windows Defender\MSASCui.exe" -hide
"C:\Windows\RAVCpl64.exe"
C:\Windows\System32\mobsync.exe -Embedding
"C:\Program Files\Acer\Empowering Technology\SysMonitor.exe"
"C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe" boot
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe"
"C:\Windows\ehome\ehtray.exe"
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
"C:\Program Files (x86)\ICQ7.0\ICQ.exe" silent loginmode=4
"C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe"
C:\Windows\ehome\ehmsas.exe -Embedding
"C:\Users\Acer\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{EF0051FF-9400-4879-AAFE-2E40988C46C6}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll [2008-07-29 378416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-07-13 371888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll [2010-06-02 322104]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-13 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-06-02 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll [2008-07-29 181296]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-07-13 371888]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-07-29 142896]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-13 278192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1584184]
"RtHDVCpl"=C:\Windows\RAVCpl64.exe [2008-05-20 6296064]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]
"Acer Empowering Technology Monitor"=C:\Program Files\Acer\Empowering Technology\SysMonitor.exe [2008-08-19 319488]
"EmpoweringTechnology"=C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe [2008-08-19 323584]
"eDataSecurity Loader"=C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe [2008-07-29 561200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240]
"SpywareTerminatorUpdate"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-04-14 3037696]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe [2008-07-17 490952]
"ICQ"=C:\Program Files (x86)\ICQ7.0\ICQ.exe [2010-06-08 133368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"PCMMediaSharing"=C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2008-05-20 204908]
"BkupTray"=C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-25 28672]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2010-01-14 37888]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-08 16:06:23 ----D---- C:\Users\Acer\AppData\Roaming\Malwarebytes
2010-08-08 16:06:15 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys
2010-08-08 16:06:14 ----D---- C:\ProgramData\Malwarebytes
2010-08-08 16:06:14 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-08-08 16:06:14 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-08-06 11:07:18 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2010-08-06 11:07:09 ----A---- C:\Windows\system32\drivers\aswSP.sys
2010-08-06 11:07:06 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2010-08-06 11:07:05 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2010-08-06 11:07:03 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2010-08-06 11:06:11 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2010-08-06 11:05:53 ----D---- C:\ProgramData\Alwil Software
2010-08-06 10:38:22 ----D---- C:\_OTM
2010-08-05 20:54:11 ----A---- C:\Windows\system32\shell32.dll
2010-08-05 20:54:08 ----A---- C:\Windows\SYSWOW64\shell32.dll
2010-07-30 16:26:19 ----D---- C:\rsit
2010-07-30 16:26:19 ----D---- C:\Program Files\trend micro

======List of files/folders modified in the last 1 months======

2010-08-08 16:20:18 ----D---- C:\Windows\Prefetch
2010-08-08 16:20:13 ----D---- C:\Windows\Temp
2010-08-08 16:06:15 ----D---- C:\Windows\SYSWOW64\drivers
2010-08-08 16:06:14 ----RD---- C:\Program Files (x86)
2010-08-08 16:06:14 ----HD---- C:\ProgramData
2010-08-08 16:06:14 ----D---- C:\Windows\system32\drivers
2010-08-08 15:45:25 ----D---- C:\Users\Acer\AppData\Roaming\Skype
2010-08-08 12:51:02 ----D---- C:\Users\Acer\AppData\Roaming\skypePM
2010-08-06 23:01:42 ----D---- C:\Users\Acer\AppData\Roaming\uTorrent
2010-08-06 20:07:22 ----D---- C:\Pájush MP3
2010-08-06 11:47:57 ----SHD---- C:\System Volume Information
2010-08-06 11:07:00 ----SHD---- C:\Windows\Installer
2010-08-06 11:06:58 ----D---- C:\Windows\winsxs
2010-08-06 11:06:11 ----D---- C:\Windows\SysWOW64
2010-08-06 11:06:11 ----D---- C:\Windows
2010-08-06 11:05:53 ----D---- C:\Program Files\Alwil Software
2010-08-06 11:02:27 ----D---- C:\Windows\System32
2010-08-06 10:39:39 ----D---- C:\Windows\Tasks
2010-08-06 10:13:41 ----D---- C:\ProgramData\Spyware Terminator
2010-08-06 09:01:24 ----D---- C:\Users\Acer\AppData\Roaming\esmska
2010-08-05 20:51:48 ----D---- C:\Windows\system32\catroot
2010-08-02 15:33:15 ----D---- C:\Users\Acer\AppData\Roaming\Spyware Terminator
2010-08-02 12:20:44 ----D---- C:\tatinkoff
2010-07-30 17:28:19 ----RD---- C:\Program Files
2010-07-30 17:27:43 ----D---- C:\Windows\inf
2010-07-30 17:26:51 ----D---- C:\Windows\system32\catroot2
2010-07-29 18:08:19 ----RSD---- C:\Windows\assembly
2010-07-26 22:26:44 ----D---- C:\MP3 MAMKA
2010-07-23 16:48:31 ----D---- C:\OBRÁZKY
2010-07-15 08:26:58 ----D---- C:\Windows\Debug
2010-07-14 22:31:28 ----D---- C:\Program Files\Windows Mail
2010-07-14 22:31:28 ----D---- C:\Program Files (x86)\Windows Mail
2010-07-14 22:31:18 ----D---- C:\ProgramData\Microsoft Help
2010-07-09 18:06:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-09 17:52:19 ----D---- C:\MP3
2010-07-09 17:52:19 ----D---- C:\léto

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ahcix64s;ahcix64s; C:\Windows\system32\drivers\ahcix64s.sys [2008-04-02 215568]
R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2008-04-28 16400]
R0 BTHidEnum;Bluetooth HID Enumerator; C:\Windows\System32\Drivers\vbtenum.sys [2007-03-05 24976]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\Windows\System32\Drivers\BTHidMgr.sys [2007-03-05 49680]
R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2008-07-29 22064]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-11-08 868848]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-31 16384]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-06-28 28752]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-06-28 121936]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-06-28 51280]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-06-28 20048]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-06-28 61008]
R2 int15;int15; \??\C:\Windows\SysWOW64\drivers\int15_64.sys [2008-08-19 17952]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-07-29 21040]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-07-29 60976]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-03-03 6402560]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-03-03 188928]
R3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2007-05-11 38160]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 37648]
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 25360]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 275456]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2008-05-20 1458080]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\Drivers\NTIDrvr.sys [2008-01-31 16384]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 11264]
R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 47120]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 63248]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2009-09-11 26248]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2009-09-11 76552]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 108544]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys [2007-12-28 391680]
S3 a0ot6kr9;a0ot6kr9; C:\Windows\system32\drivers\a0ot6kr9.sys []
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-03-03 6402560]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-05-09 44688]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 26112]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 115712]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 276480]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 34304]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 6144]
S3 ITEIO.SYS;ITEIO.SYS; \??\c:\Windows\System32\drivers\ITEIO.sys [2008-02-25 13144]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 11008]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 7936]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 178176]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2009-09-11 41096]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2009-09-11 15880]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 46592]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 8704]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 438328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service; C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-20 269448]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-03-03 202752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-07-29 500784]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R2 PnkBstrA;PunkBuster; D:\Hry\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe [2007-08-15 63040]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [2008-06-13 241734]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe [2010-04-14 488960]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-26 135664]
S2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 27648]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-12 182768]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S4 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 27648]

-----------------EOF-----------------

0K. Dočistíme.

1) OTCleaner

Stáhněte OTC a dvojklikem ho spusťte.
Vyskočí okénko, kde kliknete na 'CleanUp!'.
Potvrdíte kliknutím na 'Yes'.
Poté se ještě zeptá, zda chcete restartovat PC - to proveďte opět kliknutím na 'Yes'.

2) CCleaner

Stáhněte si program jménem CCleaner.
Normálně nainstalujte, jen dávejte pozor a odškrtněte položku 'Instalovat Yahoo! Toolbar'.
Spusťte ho.
- Záložka Čistič → nechte zatrženo vše, jak je, a klikněte na 'Spustit CCleaner'.
- Záložka Registry → klikněte na 'Hledej problémy'. Vyhledá problémy v registru, až dokončí analyzování, klikněte na 'Opravit vybrané problémy'. Nabídne Vám vytvoření zálohy - pro jistotu ji vytvořte a uložte například na Plochu.
CCleaner doporučuji používat pravidelně, celkem rapidně dokáže zrychlit PC.

3) Defragmentace

Defragmentujte disk.
Lze to udělat několika způsoby ↓
- Přes defragmentaci integrovanou ve Windows [Start → Spustit → dfrg.msc → Enter]. Toto není příliš účinný způsob.
- Přes jednoduchý a přehledný program jménem Defraggler.
- Přes geniální program, který se nemusí instalovat a je hodně jednoduchý - JKDefrag.

4) FileHippo.com UpdateChecker

Abyste měl/a přehled o aktualizacích, doporučuji stáhnout program FileHippo.com UpdateChecker.
- Běžně ho nainstalujte.
- Spouštějte ho například jednou až dvakrát týdně.
- Přehledně zobrazí všechny programy, které jsou neaktualizované, nabídne stažení novější verze (což doporučuji).
- Dávejte si pozor,co dané aplikace instalují 's sebou' → například zbytečné toolbary (lišty).
  - Proto se nevyplatí bezmyšlenkovitě klikat na 'Next', popřípadě 'Další'.

5) Nový RSIT log

+ Jak se chová PC?

Logfile of random's system information tool 1.08 (written by random/random)
Run by Acer at 2010-08-09 18:03:59
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 123 GB (52%) free of 238 GB
Total RAM: 3838 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:04:02, on 9.8.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files\trend micro\Acer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_m3201
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_m3201
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_m3201
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files (x86)\Get Styles\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files (x86)\Get Styles\ct.htm (file missing)
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {574940E0-1B7A-4881-8FA3-1E809714B156} - C:\Users\Acer\AppData\LocalLow\Microńoft\redir.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\Hry\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9529 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskeng.exe {56BC4D20-A3BA-4AC9-95CF-A5EBA49375B8}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {407B5FB8-9950-4D8C-8854-57E4380AA36E}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files\Windows Defender\MSASCui.exe" -hide
"C:\Windows\RAVCpl64.exe"
"C:\Program Files\Acer\Empowering Technology\SysMonitor.exe"
"C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe" boot
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe"
"C:\Windows\ehome\ehtray.exe"
C:\Windows\ehome\ehmsas.exe -Embedding
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
"C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
"C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe"
"C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe"
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe"
"C:\Program Files\Acer\Empowering Technology\Service\ETService.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
"C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe"
"C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe"
"D:\Hry\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe"
"C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-41f1eb31-cf01-4d17-a6c5-a211f7591f5c -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-2686a4b9-897e-4424-a4a5-38ff3982e593 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-4996653e-e36f-4f10-a015-61a14bc8da22 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:9ed9646f-6c30-40ff-ba48-4407bc8413d4
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
"C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe" /SILENT
"C:\Users\Acer\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 640 644 652 65536 648

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{EF0051FF-9400-4879-AAFE-2E40988C46C6}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll [2008-07-29 378416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-07-13 371888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll [2010-06-02 322104]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-13 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-06-02 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll [2008-07-29 181296]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-07-13 371888]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-07-29 142896]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-13 278192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1584184]
"RtHDVCpl"=C:\Windows\RAVCpl64.exe [2008-05-20 6296064]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]
"Acer Empowering Technology Monitor"=C:\Program Files\Acer\Empowering Technology\SysMonitor.exe [2008-08-19 319488]
"EmpoweringTechnology"=C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe [2008-08-19 323584]
"eDataSecurity Loader"=C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe [2008-07-29 561200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240]
"SpywareTerminatorUpdate"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-04-14 3037696]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe [2008-07-17 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"PCMMediaSharing"=C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2008-05-20 204908]
"BkupTray"=C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-25 28672]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2010-01-14 37888]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-09 18:03:59 ----D---- C:\rsit
2010-08-08 16:06:23 ----D---- C:\Users\Acer\AppData\Roaming\Malwarebytes
2010-08-08 16:06:15 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys
2010-08-08 16:06:14 ----D---- C:\ProgramData\Malwarebytes
2010-08-08 16:06:14 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-08-08 16:06:14 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-08-06 11:07:18 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2010-08-06 11:07:09 ----A---- C:\Windows\system32\drivers\aswSP.sys
2010-08-06 11:07:06 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2010-08-06 11:07:05 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2010-08-06 11:07:03 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2010-08-06 11:06:11 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2010-08-06 11:05:53 ----D---- C:\ProgramData\Alwil Software
2010-08-05 20:54:11 ----A---- C:\Windows\system32\shell32.dll
2010-08-05 20:54:08 ----A---- C:\Windows\SYSWOW64\shell32.dll
2010-07-30 16:26:19 ----D---- C:\Program Files\trend micro

======List of files/folders modified in the last 1 months======

2010-08-09 18:03:47 ----D---- C:\Windows\Temp
2010-08-09 18:03:40 ----D---- C:\Users\Acer\AppData\Roaming\Skype
2010-08-09 17:49:23 ----SHD---- C:\System Volume Information
2010-08-09 17:45:56 ----D---- C:\Windows\Prefetch
2010-08-09 16:41:31 ----D---- C:\Users\Acer\AppData\Roaming\skypePM
2010-08-08 20:49:45 ----D---- C:\Windows
2010-08-08 20:48:47 ----D---- C:\Windows\system32\catroot2
2010-08-08 20:45:37 ----D---- C:\Users\Acer\AppData\Roaming\uTorrent
2010-08-08 16:06:15 ----D---- C:\Windows\SYSWOW64\drivers
2010-08-08 16:06:14 ----RD---- C:\Program Files (x86)
2010-08-08 16:06:14 ----HD---- C:\ProgramData
2010-08-08 16:06:14 ----D---- C:\Windows\system32\drivers
2010-08-06 20:07:22 ----D---- C:\Pájush MP3
2010-08-06 11:07:00 ----SHD---- C:\Windows\Installer
2010-08-06 11:06:58 ----D---- C:\Windows\winsxs
2010-08-06 11:06:11 ----D---- C:\Windows\SysWOW64
2010-08-06 11:05:53 ----D---- C:\Program Files\Alwil Software
2010-08-06 11:02:27 ----D---- C:\Windows\System32
2010-08-06 10:39:39 ----D---- C:\Windows\Tasks
2010-08-06 10:13:41 ----D---- C:\ProgramData\Spyware Terminator
2010-08-06 09:01:24 ----D---- C:\Users\Acer\AppData\Roaming\esmska
2010-08-05 20:51:48 ----D---- C:\Windows\system32\catroot
2010-08-02 15:33:15 ----D---- C:\Users\Acer\AppData\Roaming\Spyware Terminator
2010-08-02 12:20:44 ----D---- C:\tatinkoff
2010-07-30 17:28:19 ----RD---- C:\Program Files
2010-07-30 17:27:43 ----D---- C:\Windows\inf
2010-07-29 18:08:19 ----RSD---- C:\Windows\assembly
2010-07-26 22:26:44 ----D---- C:\MP3 MAMKA
2010-07-23 16:48:31 ----D---- C:\OBRÁZKY
2010-07-15 08:26:58 ----D---- C:\Windows\Debug
2010-07-14 22:31:28 ----D---- C:\Program Files\Windows Mail
2010-07-14 22:31:28 ----D---- C:\Program Files (x86)\Windows Mail
2010-07-14 22:31:18 ----D---- C:\ProgramData\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ahcix64s;ahcix64s; C:\Windows\system32\drivers\ahcix64s.sys [2008-04-02 215568]
R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2008-04-28 16400]
R0 BTHidEnum;Bluetooth HID Enumerator; C:\Windows\System32\Drivers\vbtenum.sys [2007-03-05 24976]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\Windows\System32\Drivers\BTHidMgr.sys [2007-03-05 49680]
R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2008-07-29 22064]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-11-08 868848]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-31 16384]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-06-28 28752]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-06-28 121936]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-06-28 51280]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-06-28 20048]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-06-28 61008]
R2 int15;int15; \??\C:\Windows\SysWOW64\drivers\int15_64.sys [2008-08-19 17952]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-07-29 21040]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-07-29 60976]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-03-03 6402560]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-03-03 188928]
R3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2007-05-11 38160]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 37648]
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 25360]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 275456]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2008-05-20 1458080]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\Drivers\NTIDrvr.sys [2008-01-31 16384]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 11264]
R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 47120]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 63248]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2009-09-11 26248]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2009-09-11 76552]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 108544]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys [2007-12-28 391680]
S3 akvon3l1;akvon3l1; C:\Windows\system32\drivers\akvon3l1.sys []
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-03-03 6402560]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-05-09 44688]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 26112]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 115712]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 276480]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 34304]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 6144]
S3 ITEIO.SYS;ITEIO.SYS; \??\c:\Windows\System32\drivers\ITEIO.sys [2008-02-25 13144]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 11008]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 7936]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 178176]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2009-09-11 41096]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2009-09-11 15880]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 46592]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 8704]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 438328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service; C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-20 269448]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-03-03 202752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-07-29 500784]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R2 PnkBstrA;PunkBuster; D:\Hry\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe [2007-08-15 63040]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [2008-06-13 241734]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe [2010-04-14 488960]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-26 135664]
S2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 27648]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-12 182768]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S4 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 27648]

-----------------EOF-----------------

Na PC nic podivného neregistruji

0K, je to vše, děkuji za spolupráci a na shledanou.

Já děkuji

Není zač.

VIRY.CZ

Prosím,kontrola logu,děkuji

Prosím,kontrola logu,děkuji

Re: Prosím,kontrola logu,děkuji

Re: Prosím,kontrola logu,děkuji

Re: Prosím,kontrola logu,děkuji

Re: Prosím,kontrola logu,děkuji

Re: Prosím,kontrola logu,děkuji

Re: Prosím,kontrola logu,děkuji

Re: Prosím,kontrola logu,děkuji

Re: Prosím,kontrola logu,děkuji

Re: Prosím,kontrola logu,děkuji

Re: Prosím,kontrola logu,děkuji

Re: Prosím,kontrola logu,děkuji

Re: Prosím,kontrola logu,děkuji