VIRY.CZ

Dobrý podvečer včera večer mi z ničoho nič odišiel internet , po malom prieskume som zistil že dačo zablokovalo služby windowsu ktoré sa týkajú sietí (DNS , HTTP , všetky boli zastavené ) , tiež sa spomalil boot systému ( systém na dlhší čas zamrzne na úvodnej obrazovke ) , po pár pokusoch o spustenie nudzoveho režimu ( počítač resetnutý počas bootovania ) mi windows ponúkol možnost opravy a obnovy z restore pointu čo som aj spravil , vyzerá že to pomohlo , ale neverím že by to mohlo byt az tak jednoduché a preto prikladám logy z RSITU ...


Logfile of random's system information tool 1.08 (written by random/random)
Run by Jan Farkas at 2010-11-10 16:27:22
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 16 GB (11%) free of 148 GB
Total RAM: 3066 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:28:04, on 10. 11. 2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Users\JANFAR~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Windows\ehome\ehtray.exe
D:\Program Files\Steam\Steam.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ICQ7.2\ICQ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\soffice.exe
C:\Users\Jan Farkas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Jan Farkas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jan Farkas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jan Farkas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jan Farkas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jan Farkas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jan Farkas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Users\Jan Farkas\Downloads\RSIT.exe
C:\Program Files\trend micro\Jan Farkas.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5630
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5630
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jan Farkas\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [SODCPreLoad] D:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe C:\Users\Jan Farkas\IBM\Lotus\Symphony\.sodc\
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEA7D3BF-D8FF-4C67-80D2-1E52F99EC23D}: NameServer = 80.81.224.130,10.1.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate1c9f6588b6b284) (gupdate1c9f6588b6b284) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\BinarySense\HDDlife 3\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Partner Service - Google Inc. - c:\programdata\partner\partner.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12557 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3690851227-2635793869-1137812997-1003Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3690851227-2635793869-1137812997-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-23 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2010-04-01 1241960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
Partner BHO Class - C:\ProgramData\Partner\partner.dll [2010-10-30 157168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2010-10-30 2562872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-06-26 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\ctbr.dll [2010-04-01 1241960]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2010-10-30 2562872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"BkupTray"=C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-06 34040]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-05-21 6144000]
"PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-02-22 1037608]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-06-10 870920]
"ePower_DMC"=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-04-30 397312]
"eRecoveryService"= []
"WarReg_PopUp"=C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]
"ioCentre"=C:\Genius\ioCentre\gTaskBar.exe [2007-04-13 61440]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-04-09 2176512]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-03-24 2145000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-09-24 40368]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-09-30 98304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"Google Update"=C:\Users\Jan Farkas\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-30 133104]
"Steam"=d:\program files\steam\steam.exe [2010-08-24 1242448]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-04-09 3037696]
"SandboxieControl"=C:\Program Files\Sandboxie\SbieCtrl.exe [2010-07-04 398568]
"SODCPreLoad"=D:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe [2009-10-25 40960]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2010-10-27 133432]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Jan Farkas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
CurseClientStartup.ccip

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-11-10 16:27:25 ----D---- C:\Program Files\trend micro
2010-11-10 16:27:22 ----D---- C:\rsit
2010-11-04 22:42:21 ----D---- C:\ProgramData\Media Center Programs
2010-10-30 18:12:26 ----D---- C:\ProgramData\Google
2010-10-30 18:11:14 ----D---- C:\ProgramData\Partner
2010-10-30 00:53:53 ----ASH---- C:\hiberfil.sys
2010-10-30 00:52:36 ----D---- C:\ProgramData\ATI
2010-10-30 00:49:48 ----D---- C:\Program Files\ATI
2010-10-30 00:48:59 ----D---- C:\Program Files\ATI Technologies
2010-10-27 12:08:31 ----AT---- C:\Windows\system32\SIntfNT.dll
2010-10-27 12:08:31 ----AT---- C:\Windows\system32\SIntf32.dll
2010-10-27 12:08:31 ----AT---- C:\Windows\system32\SIntf16.dll
2010-10-27 11:55:09 ----A---- C:\Windows\DIIUnin.pif
2010-10-27 11:55:09 ----A---- C:\Windows\DIIUnin.exe
2010-10-27 10:52:53 ----A---- C:\Windows\system32\gameux.dll
2010-10-27 10:52:34 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-10-27 10:52:30 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-10-18 00:12:14 ----D---- C:\Program Files\NVIDIA Corporation
2010-10-15 21:08:39 ----D---- C:\Fraps
2010-10-13 18:13:14 ----A---- C:\Windows\system32\wmp.dll
2010-10-13 18:12:54 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-13 18:09:11 ----A---- C:\Windows\system32\srvsvc.dll
2010-10-13 18:09:10 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-10-13 18:09:09 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-10-13 18:09:09 ----A---- C:\Windows\system32\drivers\srv.sys
2010-10-13 18:09:08 ----A---- C:\Windows\system32\netevent.dll
2010-10-13 18:08:17 ----A---- C:\Windows\system32\schannel.dll
2010-10-13 18:08:07 ----A---- C:\Windows\system32\ole32.dll
2010-10-13 18:07:58 ----A---- C:\Windows\system32\t2embed.dll
2010-10-13 18:07:39 ----A---- C:\Windows\system32\mshtml.dll
2010-10-13 18:07:35 ----A---- C:\Windows\system32\ieframe.dll
2010-10-13 18:07:31 ----A---- C:\Windows\system32\msfeeds.dll
2010-10-13 18:07:30 ----A---- C:\Windows\system32\licmgr10.dll
2010-10-13 18:07:28 ----A---- C:\Windows\system32\urlmon.dll
2010-10-13 18:07:26 ----A---- C:\Windows\system32\mshtmled.dll
2010-10-13 18:07:25 ----A---- C:\Windows\system32\wininet.dll
2010-10-13 18:07:19 ----A---- C:\Windows\system32\mstime.dll
2010-10-13 18:07:18 ----A---- C:\Windows\system32\iertutil.dll
2010-10-13 18:07:15 ----A---- C:\Windows\system32\iedkcs32.dll
2010-10-13 18:07:13 ----A---- C:\Windows\system32\occache.dll
2010-10-13 18:07:13 ----A---- C:\Windows\system32\ieui.dll
2010-10-13 18:07:12 ----A---- C:\Windows\system32\ieUnatt.exe
2010-10-13 18:07:12 ----A---- C:\Windows\system32\iepeers.dll
2010-10-13 18:07:10 ----A---- C:\Windows\system32\iesysprep.dll
2010-10-13 18:07:08 ----A---- C:\Windows\system32\iesetup.dll
2010-10-13 18:07:07 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-10-13 18:07:07 ----A---- C:\Windows\system32\iernonce.dll
2010-10-13 18:07:06 ----A---- C:\Windows\system32\msfeedssync.exe
2010-10-13 18:07:06 ----A---- C:\Windows\system32\jsproxy.dll
2010-10-13 18:07:06 ----A---- C:\Windows\system32\ie4uinit.exe
2010-10-13 18:06:56 ----A---- C:\Windows\system32\mfc40.dll
2010-10-13 18:06:52 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-13 18:06:40 ----A---- C:\Windows\system32\win32k.sys
2010-10-13 18:06:22 ----A---- C:\Windows\system32\msshsq.dll
2010-10-13 18:06:10 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-13 18:05:51 ----A---- C:\Windows\system32\comctl32.dll

======List of files/folders modified in the last 1 months======

2010-11-11 01:20:35 ----D---- C:\Windows\system32\config
2010-11-11 01:20:30 ----D---- C:\Windows\system32\Tasks
2010-11-11 01:20:30 ----D---- C:\Windows\system32\spool
2010-11-11 01:20:30 ----D---- C:\Windows\system32\Msdtc
2010-11-11 01:20:30 ----D---- C:\Windows\system32\catroot2
2010-11-11 01:20:30 ----D---- C:\Windows\System32
2010-11-11 01:20:30 ----D---- C:\Windows\inf
2010-11-11 01:20:30 ----D---- C:\Windows
2010-11-11 01:20:30 ----D---- C:\Users\Jan Farkas\AppData\Roaming\Spyware Terminator
2010-11-11 01:20:30 ----D---- C:\ProgramData\Spyware Terminator
2010-11-11 01:20:30 ----D---- C:\Program Files\Crawler
2010-11-11 01:20:30 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-11-11 01:20:29 ----D---- C:\Windows\system32\wbem
2010-11-11 01:20:29 ----D---- C:\Windows\registration
2010-11-11 01:19:03 ----SHD---- C:\System Volume Information
2010-11-11 01:18:05 ----D---- C:\Windows\system32\LogFiles
2010-11-10 16:28:04 ----D---- C:\Windows\Temp
2010-11-10 16:27:25 ----RD---- C:\Program Files
2010-11-10 16:25:34 ----D---- C:\Windows\Tasks
2010-11-10 16:21:50 ----AD---- C:\ProgramData\TEMP
2010-11-10 16:13:32 ----D---- C:\Users\Jan Farkas\AppData\Roaming\ICQ
2010-11-10 01:26:46 ----D---- C:\Program Files\Spyware Terminator
2010-11-10 00:16:36 ----D---- C:\Windows\Debug
2010-11-09 19:17:32 ----D---- C:\Users\Jan Farkas\AppData\Roaming\Mumble
2010-11-09 16:09:43 ----D---- C:\World of Warcraft
2010-11-08 20:32:17 ----D---- C:\Users\Jan Farkas\AppData\Roaming\vlc
2010-11-08 20:32:01 ----D---- C:\Users\Jan Farkas\AppData\Roaming\dvdcss
2010-11-04 22:42:21 ----HD---- C:\ProgramData
2010-11-04 22:32:32 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-04 20:02:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-11-04 16:58:37 ----D---- C:\Windows\Minidump
2010-11-01 11:12:45 ----D---- C:\Program Files\Google
2010-10-31 22:37:38 ----D---- C:\Program Files\ICQ7.2
2010-10-30 18:13:09 ----D---- C:\Elements
2010-10-30 18:13:08 ----D---- C:\Windows\system32\OEM
2010-10-30 18:12:48 ----D---- C:\Acer
2010-10-30 18:12:36 ----SHD---- C:\Windows\Installer
2010-10-30 18:10:58 ----D---- C:\Program Files\Mozilla Firefox
2010-10-30 18:03:28 ----D---- C:\Windows\Prefetch
2010-10-30 01:20:32 ----D---- C:\Windows\system32\drivers
2010-10-30 01:20:16 ----D---- C:\Windows\system32\catroot
2010-10-30 00:58:41 ----A---- C:\Windows\Sandboxie.ini
2010-10-28 18:25:34 ----D---- C:\Windows\winsxs
2010-10-28 18:25:34 ----D---- C:\Windows\AppPatch
2010-10-25 21:25:56 ----D---- C:\StarCraft II
2010-10-19 10:41:44 ----N---- C:\Windows\system32\MpSigStub.exe
2010-10-18 22:00:38 ----D---- C:\Users\Jan Farkas\AppData\Roaming\uTorrent
2010-10-18 00:12:11 ----D---- C:\Program Files\Common Files
2010-10-18 00:09:02 ----RSD---- C:\Windows\assembly
2010-10-14 15:01:27 ----D---- C:\Windows\rescache
2010-10-14 10:32:35 ----D---- C:\Windows\system32\sk-SK
2010-10-14 10:32:35 ----D---- C:\Program Files\Windows Media Player
2010-10-14 10:32:34 ----D---- C:\Windows\system32\en-US
2010-10-14 10:32:33 ----D---- C:\Program Files\Internet Explorer
2010-10-14 10:32:31 ----D---- C:\Windows\system32\migration
2010-10-14 04:00:00 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-08-06 691696]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-31 13824]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-03-24 114984]
R1 nltdi;nltdi; \??\C:\Windows\system32\drivers\nltdi.sys [2010-03-25 82360]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2010-04-09 142592]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-03-24 133512]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-03-24 96896]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-03-21 15392]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-29 8192]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-09-29 6472192]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-09-29 228352]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 gHidPnp;USB Device Enhanced Function Driver; C:\Windows\System32\Drivers\gHidPnp.Sys [2007-04-13 16384]
R3 gMouUsb;USB Mouse Device Drv; C:\Windows\system32\DRIVERS\gMouUsb.sys [2007-03-13 9856]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-22 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-22 207360]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-05-21 2143136]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-31 14848]
R3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2media.sys [2008-04-15 51160]
R3 O2SDRDR;O2SDRDR; C:\Windows\system32\DRIVERS\o2sd.sys [2008-04-08 43736]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [2010-07-04 119016]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-02-22 198064]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-12-22 659968]
S3 aqjf4nkd;aqjf4nkd; C:\Windows\system32\drivers\aqjf4nkd.sys []
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-09-29 6472192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-02-14 80424]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-07-16 80936]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-16 16168]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver; C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-02-20 41120]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\Windows\system32\drivers\RTL2832UBDA.sys [2009-02-20 74912]
S3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\Windows\System32\Drivers\RTL2832UUSB.sys [2009-02-20 32288]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys [2007-12-26 17968]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-05-02 8064]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872]
S3 usbser;Nokia USB Serial Port; C:\Windows\system32\DRIVERS\usbser.sys [2009-04-11 27648]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-09-29 176128]
R2 BcmSqlStartupSvc;Spúšacia služba produktu Business Contact Manager SQL Server; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-24 810120]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-10-16 860160]
R2 HDDlife HDD Access service;HDDlife HDD Access service; C:\Program Files\BinarySense\HDDlife 3\hldasvc.exe [2008-02-15 832760]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
R2 nlsvc;NetLimiter; C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe [2010-03-25 495616]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [2007-02-13 65536]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-10-16 466944]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2010-07-04 75496]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-04-09 488960]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-29 386560]
R3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1c9f6588b6b284;Služba Google Update (gupdate1c9f6588b6b284); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-26 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-26 183280]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-03-24 33560]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Partner Service;Partner Service; c:\programdata\partner\partner.exe [2010-10-30 110576]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-06-30 316664]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2006-04-14 240416]

-----------------EOF-----------------




za kontrolu a prípadnú pomoc dakujem

este doplnam info z rsitu ( do prvého prispevku sa nevošlo )

info.txt logfile of random's system information tool 1.08 2010-11-10 16:28:13

======Uninstall list======

-->MsiExec /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
µTorrent CZ 1.8.5 (build 17414)-->"D:\Users\Jan Farkas\AppData\Roaming\uTorrent\unins000.exe"
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-041B-0000-0000000FF1CE} /uninstall {B1A00287-698E-48D0-8C8F-A3387C2B8C45}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-041B-0000-0000000FF1CE} /uninstall {B1A00287-698E-48D0-8C8F-A3387C2B8C45}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-041B-0000-0000000FF1CE} /uninstall {B1A00287-698E-48D0-8C8F-A3387C2B8C45}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-041B-0000-0000000FF1CE} /uninstall {B1A00287-698E-48D0-8C8F-A3387C2B8C45}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-041B-0000-0000000FF1CE} /uninstall {B1A00287-698E-48D0-8C8F-A3387C2B8C45}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-041B-0000-0000000FF1CE} /uninstall {B1A00287-698E-48D0-8C8F-A3387C2B8C45}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {3C3813E1-C370-4F32-9639-8B43C7C780CD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040E-0000-0000000FF1CE} /uninstall {685D17E5-D868-4A77-B58E-255DEBA78262}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {F67648A4-713E-4298-BBAD-A83D8283B0F3}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-041B-0000-0000000FF1CE} /uninstall {FE295FA2-72FC-4859-85B3-0E6685DB13A4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Acer Crystal Eye Webcam 2.0.8-->C:\Program Files\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x001b -removeonly
Acer ePower Management-->"C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -runfromtemp -l0x001b -removeonly
Acer eRecovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x001b -removeonly
Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x1b -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain plugin
Adobe Reader 8.2.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A82000000003}
Apple Application Support-->MsiExec.exe /I{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft TotalMedia 3.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74292F90-895A-4FC6-A692-9641532B1B63}\Setup.exe" -l0x9
ATI Catalyst Install Manager-->msiexec /q/x{B98A55FE-758D-4828-D398-F7196D6D5DD3} REBOOT=ReallySuppress
Avanquest update-->"C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{A64A5576-D862-44F8-89DC-2B17FCC9B86E}
Business Contact Manager for Outlook 2007 SP1-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {7fdab897-38ab-4a51-b2bf-e6374b1cc04f}
Business Contact Manager for Outlook 2007 SP1-->MsiExec.exe /X{7FDAB897-38AB-4A51-B2BF-E6374B1CC04F}
Call of Duty(R) 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
CDisplay 1.8-->"D:\Program Files\CDisplay\unins000.exe"
Centrum zariadení Windows Mobile-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Codec Pack - All In 1 6.0.3.0-->C:\Windows\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Command & Conquer 3 Tiberium Wars™ Demo-->MsiExec.exe /I{39F7653F-3E82-4FED-9EE5-6B9253EA57E3}
Crawler Toolbar with Web Security Guard-->C:\PROGRA~1\Crawler\CToolbar.exe uninst
Dark Messiah of Might and Magic-->C:\Program Files\InstallShield Installation Information\{47BF68F4-D0C5-462E-B8A0-87B030458D71}\setup.exe -runfromtemp -l0x0005 -removeonly
Diablo II-->C:\Windows\DIIUnin.exe C:\Windows\DIIUnin.dat
DVB-T USB DEVICE-->C:\Program Files\InstallShield Installation Information\{5F32D89B-D3A0-4562-AC03-F6DE4614AE1A}\Setup.exe -runfromtemp -l0x001b -removeonly
Fraps-->"C:\Fraps\uninstall.exe"
Google Earth-->MsiExec.exe /X{4286E640-B5FB-11DF-AC4B-005056C00008}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe -U -Ic:\Release\Foxconn\51338\AcrZUn32z.inf
HDDlife 3.1 Vista Gadget-->MsiExec.exe /X{E342EC62-0D79-489D-948D-0DAFA2423955}
Heroes of Might and Magic V Collector Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DDB68A90-340C-42B9-B42B-D2CBED1B91DC}\setup.exe" -l0x9
Heroes of Might and Magic® III-->C:\Windows\IsUninst.exe -f"C:\Program Files\3DO\Heroes3\Uninst.isu" -c"C:\Program Files\3DO\Heroes3\uninst.dll
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IBM Lotus Symphony-->MsiExec.exe /X{757debef-635e-4076-b82b-dac22feb3c9c}
ICQ7.2-->"C:\Program Files\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
Intel PROSet Wireless-->Intel PROSet Wireless
InterVideo WinDVD 8-->C:\Program Files\InstallShield Installation Information\{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}\setup.exe -runfromtemp -l0x041b
ioCentre-->C:\Program Files\InstallShield Installation Information\{A2B4621B-CEB9-4E44-95FD-3500D4DB3727}\Setup.exe -runfromtemp -l0x0005 -removeonly
Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Launch Manager-->C:\Windows\UNINST32.EXE LManager.UNI
Mass Effect 2-->"C:\Mass Effect 2\Uninstall\unins000.exe"
Mass Effect-->C:\Program Files\InstallShield Installation Information\{6365F76B-1FBF-449A-9075-5A78B924DE17}\setup.exe -runfromtemp -l0x0005 -removeonly
Medieval II Total War-->C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 1.1 Czech Language Pack-->MsiExec.exe /X{5E65E94D-69F2-4850-9E93-6459C53A0F50}
Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A4041B-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0015-041B-0000-0000000FF1CE}
Microsoft Office Excel MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0016-041B-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001A-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0018-041B-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2007-->MsiExec.exe /X{90120000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2007-->MsiExec.exe /X{90120000-002C-041B-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0019-041B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2007-->MsiExec.exe /X{90120000-006E-041B-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001B-041B-0000-0000000FF1CE}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Mumble and Murmur-->D:\Program Files\Mumble\Uninstall.exe
Need for Speed™ Most Wanted-->D:\Program Files\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe
Need For Speed™ World-->"D:\Program Files\Electronic Arts\Need For Speed World\unins000.exe"
NetLimiter 2 Monitor (remove only)-->"C:\Program Files\NetLimiter 2 Monitor\nl2uninst.exe"
NodEnabler 3.0-->D:\Program Files\ESET\ESET Smart Security\NodEnabler\Uninstall.exe
Nokia Connectivity Cable Driver-->RUNDLL32.EXE nsesetup.dll,DoNTUninst
NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x041b
NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x041b
NTI Shadow-->"C:\Program Files\InstallShield Installation Information\{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}\setup.exe" -removeonly
NTI Shadow-->C:\Program Files\InstallShield Installation Information\{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}\setup.exe -runfromtemp -l0x041b
NVIDIA PhysX-->MsiExec.exe /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
O2Micro Flash Memory Card Reader Driver (x86)-->MsiExec.exe /X{548AF5C1-54E3-4B74-A3E5-D5E6CB7D487C}
OpenOffice.org 3.0-->MsiExec.exe /I{24D55FAF-2AFE-46F9-8BE5-AB829C4442F4}
Overlord II - DEMO-->C:\Program Files\InstallShield Installation Information\{BEFBFA98-AC1C-427F-8257-2E513FAF52B4}\setup.exe -runfromtemp -l0x0009 -removeonly
PCEditor 1.2.58-->"C:\Program Files\Relook PCEditor\unins000.exe"
Portal-->"D:\Program Files\Steam\steam.exe" steam://uninstall/400
Prince of Persia Písky času-->"C:\Program Files\UBISOFT\Prince of Persia The Sands of Time\uninstall.exe"
PSPad editor-->"C:\Program Files\PSPad editor\Uninst\unins000.exe"
QuickTime-->MsiExec.exe /I{E7004147-2CCA-431C-AA05-2AB166B9785D}
RadLight 4.0 FINAL-->C:\Program Files\RadLight Company\RadLight 4.0\uninst.exe
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Rise of Nations Gold-->"C:\Program Files\Rise of Nations Gold\unins000.exe"
Sandboxie 3.46-->"C:\Windows\Installer\SandboxieInstall32.exe" /remove
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0005 -removeonly
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
StarCraft II-->C:\Program Files\Common Files\Blizzard Entertainment\StarCraft II\Uninstall.exe
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Súčasti Microsoft Office Small Business Connectivity-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab-->MsiExec.exe /I{9E1BAB75-EB78-440D-94C0-A3857BE2E733}
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Ubisoft Game Launcher-->"C:\Program Files\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Ventrilo Mix-->MsiExec.exe /X{5D309203-37B7-498A-B2CA-838E9FFD562B}
VLC media player 1.0.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
WIDCOMM Bluetooth Software 6.0.1.6300-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Mobile Device Center Driver Update-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
WinRAR archivátor-->C:\Program Files\WinRAR\uninstall.exe
World in Conflict-->C:\Program Files\InstallShield Installation Information\{F11ADC64-C89E-47F4-A0B3-3665FF859397}\setup.exe -runfromtemp -l0x0009 -removeonly
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

======Security center information======

AS: Windows Defender
AS: Spyware Terminator

======System event log======

Computer Name: Jan_Farkas_Ntb
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x1'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: Žiadny takýto hostiteľ nie je známy. (0x80072AF9)
Record Number: 127546
Source Name: Microsoft-Windows-Time-Service
Time Written: 20100426161414.000000-000
Event Type: Warning
User:

Computer Name: Jan_Farkas_Ntb
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x1'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: Žiadny takýto hostiteľ nie je známy. (0x80072AF9)
Record Number: 127537
Source Name: Microsoft-Windows-Time-Service
Time Written: 20100426152914.000000-000
Event Type: Warning
User:

Computer Name: Jan_Farkas_Ntb
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x1'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: Žiadny takýto hostiteľ nie je známy. (0x80072AF9)
Record Number: 127530
Source Name: Microsoft-Windows-Time-Service
Time Written: 20100426151414.000000-000
Event Type: Warning
User:

Computer Name: Jan_Farkas_Ntb
Event Code: 7039
Message: Pri spúšťaní služby HDDlife HDD Access service sa pripojil proces služby, ktorý nebol spustený správcom ovládania služieb. Správca ovládania služieb spustil proces 4028, no pripojil sa proces 4036.

Ak je táto služba nakonfigurovaná na spúšťanie v režime ladenia, toto správanie je očakávané.
Record Number: 127460
Source Name: Service Control Manager
Time Written: 20100426142927.000000-000
Event Type: Warning
User:

Computer Name: Jan_Farkas_Ntb
Event Code: 7000
Message: Spustenie služby Parallel port driver zlyhalo kvôli nasledujúcej chybe:
Služba sa nedá spustiť, pretože je vypnutá, alebo nemá priradené žiadne zapnuté zariadenia.
Record Number: 127446
Source Name: Service Control Manager
Time Written: 20100426142927.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Jan_Farkas_Ntb
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Record Number: 988
Source Name: Microsoft-Windows-WMI
Time Written: 20090626172109.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Jan_Farkas_Ntb
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Record Number: 987
Source Name: Microsoft-Windows-WMI
Time Written: 20090626172109.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Jan_Farkas_Ntb
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 986
Source Name: Microsoft-Windows-WMI
Time Written: 20090626172106.000000-000
Event Type: Error
User:

Computer Name: Jan_Farkas_Ntb
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 981
Source Name: Microsoft-Windows-Search
Time Written: 20090626172102.000000-000
Event Type: Warning
User:

Computer Name: WIN-POFI9FS2BI8
Event Code: 1036
Message: InitializePrintProvider failed for provider inetpp.dll. This can occur because of system instability or a lack of system resources.
Record Number: 968
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20090626171457.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: Jan_Farkas_Ntb
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Error Code: 2
Record Number: 22182
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091208143126.942128-000
Event Type: Audit Failure
User:

Computer Name: Jan_Farkas_Ntb
Event Code: 5024
Message: The Windows Firewall Service has started successfully.
Record Number: 22181
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091208143124.071728-000
Event Type: Audit Success
User:

Computer Name: Jan_Farkas_Ntb
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x6c9c0
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 22180
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091208143121.638128-000
Event Type: Audit Success
User:

Computer Name: Jan_Farkas_Ntb
Event Code: 5033
Message: The Windows Firewall Driver has started successfully.
Record Number: 22179
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091208143119.454128-000
Event Type: Audit Success
User:

Computer Name: Jan_Farkas_Ntb
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 22178
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091208143113.962928-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\QuickTime\QTSystem\;D:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"Pathtem"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\90\Tools\binn\
"NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\;
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Zdravim a pekny podvecer preji

Vzhledem k tomu, ze pouzivate nelegalni SW se nedivim, ze jste navstevnikem naseho fora
Dle pravidel fora (viz zde a a zde bod c.3 ) se vsak nelegalnim SW nezabyvame, jelikoz nelegalni programy jsou vetsinou zdrojem haveti. Navic tim porusujete i autorska prava a pachate trestny cin
Obstarejte si proto legalni ochranu Vaseho PC (antivir+firewall), pote sem vlozte novy log z RSITu a CKScanneru - viz nize.

Osobne Vam doporucuji kombinaci Avast+ZoneAlarm. Prehled antiviru mate ZDE a firewallu TADY.

Log z RSITu - viz muj podpis
Stahnete na plochu CKScanner

• Spustte a kliknete na Search for files
• Po dokonceni skenu kliknete na Save List to File a nasledne OK
• Na plose se Vam vytvori log s nazvem ckfiles.txt, jeho obsah mi sem vlozte

hmm a mozem vediet naco narazate ako na nelegalny software ?

Co treba takove zabezpeceni PC (jako je antivirus) - to mate legalni Dale pak ten kopec her - vsechny jsou zakoupene

Logfile of random's system information tool 1.08 (written by random/random)
Run by Jan Farkas at 2010-11-10 18:19:26
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 18 GB (12%) free of 148 GB
Total RAM: 3066 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:19:41, on 10. 11. 2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
D:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\soffice.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\JANFAR~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Jan Farkas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jan Farkas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jan Farkas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jan Farkas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jan Farkas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jan Farkas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Users\Jan Farkas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jan Farkas\Downloads\avira_antivir_personal_en.exe
C:\Users\JANFAR~1\AppData\Local\Temp\RarSFX0\presetup.exe
C:\Users\JANFAR~1\AppData\Local\Temp\RarSFX0\setup.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avconfig.exe
c:\program files\avira\antivir desktop\avcenter.exe
c:\program files\avira\antivir desktop\avscan.exe
C:\Users\Jan Farkas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jan Farkas\Downloads\RSIT.exe
C:\Program Files\trend micro\Jan Farkas.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5630
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5630
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jan Farkas\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [SODCPreLoad] D:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe C:\Users\Jan Farkas\IBM\Lotus\Symphony\.sodc\
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEA7D3BF-D8FF-4C67-80D2-1E52F99EC23D}: NameServer = 80.81.224.130,10.1.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate1c9f6588b6b284) (gupdate1c9f6588b6b284) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\BinarySense\HDDlife 3\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Partner Service - Google Inc. - c:\programdata\partner\partner.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12854 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3690851227-2635793869-1137812997-1003Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3690851227-2635793869-1137812997-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-23 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2010-04-01 1241960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
Partner BHO Class - C:\ProgramData\Partner\partner.dll [2010-10-30 157168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2010-10-30 2562872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-06-26 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\ctbr.dll [2010-04-01 1241960]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2010-10-30 2562872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"BkupTray"=C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-06 34040]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-05-21 6144000]
"PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-02-22 1037608]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-06-10 870920]
"ePower_DMC"=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-04-30 397312]
"eRecoveryService"= []
"WarReg_PopUp"=C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]
"ioCentre"=C:\Genius\ioCentre\gTaskBar.exe [2007-04-13 61440]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-04-09 2176512]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-09-24 40368]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-09-30 98304]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-08-02 281768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"Google Update"=C:\Users\Jan Farkas\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-30 133104]
"Steam"=d:\program files\steam\steam.exe [2010-08-24 1242448]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-04-09 3037696]
"SandboxieControl"=C:\Program Files\Sandboxie\SbieCtrl.exe [2010-07-04 398568]
"SODCPreLoad"=D:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe [2009-10-25 40960]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2010-10-27 133432]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Jan Farkas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
CurseClientStartup.ccip

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-11-10 18:15:50 ----A---- C:\Windows\system32\drivers\ssmdrv.sys
2010-11-10 18:15:46 ----A---- C:\Windows\system32\drivers\avipbb.sys
2010-11-10 18:15:46 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2010-11-10 18:15:44 ----D---- C:\ProgramData\Avira
2010-11-10 18:15:44 ----D---- C:\Program Files\Avira
2010-11-10 18:06:11 ----SHD---- C:\Config.Msi
2010-11-10 17:39:04 ----A---- C:\Windows\system32\javaws.exe
2010-11-10 17:39:04 ----A---- C:\Windows\system32\javaw.exe
2010-11-10 17:39:04 ----A---- C:\Windows\system32\java.exe
2010-11-10 16:27:25 ----D---- C:\Program Files\trend micro
2010-11-10 16:27:22 ----D---- C:\rsit
2010-11-04 22:42:21 ----D---- C:\ProgramData\Media Center Programs
2010-10-30 18:12:26 ----D---- C:\ProgramData\Google
2010-10-30 18:11:14 ----D---- C:\ProgramData\Partner
2010-10-30 00:53:53 ----ASH---- C:\hiberfil.sys
2010-10-30 00:52:36 ----D---- C:\ProgramData\ATI
2010-10-30 00:49:48 ----D---- C:\Program Files\ATI
2010-10-30 00:48:59 ----D---- C:\Program Files\ATI Technologies
2010-10-27 12:08:31 ----AT---- C:\Windows\system32\SIntfNT.dll
2010-10-27 12:08:31 ----AT---- C:\Windows\system32\SIntf32.dll
2010-10-27 12:08:31 ----AT---- C:\Windows\system32\SIntf16.dll
2010-10-27 10:52:53 ----A---- C:\Windows\system32\gameux.dll
2010-10-27 10:52:34 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-10-27 10:52:30 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-10-18 00:12:14 ----D---- C:\Program Files\NVIDIA Corporation
2010-10-15 21:08:39 ----D---- C:\Fraps
2010-10-13 18:13:14 ----A---- C:\Windows\system32\wmp.dll
2010-10-13 18:12:54 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-13 18:09:11 ----A---- C:\Windows\system32\srvsvc.dll
2010-10-13 18:09:10 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-10-13 18:09:09 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-10-13 18:09:09 ----A---- C:\Windows\system32\drivers\srv.sys
2010-10-13 18:09:08 ----A---- C:\Windows\system32\netevent.dll
2010-10-13 18:08:17 ----A---- C:\Windows\system32\schannel.dll
2010-10-13 18:08:07 ----A---- C:\Windows\system32\ole32.dll
2010-10-13 18:07:58 ----A---- C:\Windows\system32\t2embed.dll
2010-10-13 18:07:39 ----A---- C:\Windows\system32\mshtml.dll
2010-10-13 18:07:35 ----A---- C:\Windows\system32\ieframe.dll
2010-10-13 18:07:31 ----A---- C:\Windows\system32\msfeeds.dll
2010-10-13 18:07:30 ----A---- C:\Windows\system32\licmgr10.dll
2010-10-13 18:07:28 ----A---- C:\Windows\system32\urlmon.dll
2010-10-13 18:07:26 ----A---- C:\Windows\system32\mshtmled.dll
2010-10-13 18:07:25 ----A---- C:\Windows\system32\wininet.dll
2010-10-13 18:07:19 ----A---- C:\Windows\system32\mstime.dll
2010-10-13 18:07:18 ----A---- C:\Windows\system32\iertutil.dll
2010-10-13 18:07:15 ----A---- C:\Windows\system32\iedkcs32.dll
2010-10-13 18:07:13 ----A---- C:\Windows\system32\occache.dll
2010-10-13 18:07:13 ----A---- C:\Windows\system32\ieui.dll
2010-10-13 18:07:12 ----A---- C:\Windows\system32\ieUnatt.exe
2010-10-13 18:07:12 ----A---- C:\Windows\system32\iepeers.dll
2010-10-13 18:07:10 ----A---- C:\Windows\system32\iesysprep.dll
2010-10-13 18:07:08 ----A---- C:\Windows\system32\iesetup.dll
2010-10-13 18:07:07 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-10-13 18:07:07 ----A---- C:\Windows\system32\iernonce.dll
2010-10-13 18:07:06 ----A---- C:\Windows\system32\msfeedssync.exe
2010-10-13 18:07:06 ----A---- C:\Windows\system32\jsproxy.dll
2010-10-13 18:07:06 ----A---- C:\Windows\system32\ie4uinit.exe
2010-10-13 18:06:56 ----A---- C:\Windows\system32\mfc40.dll
2010-10-13 18:06:52 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-13 18:06:40 ----A---- C:\Windows\system32\win32k.sys
2010-10-13 18:06:22 ----A---- C:\Windows\system32\msshsq.dll
2010-10-13 18:06:10 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-13 18:05:51 ----A---- C:\Windows\system32\comctl32.dll

======List of files/folders modified in the last 1 months======

2010-11-11 01:20:35 ----D---- C:\Windows\system32\config
2010-11-11 01:20:30 ----D---- C:\Windows\system32\Tasks
2010-11-11 01:20:30 ----D---- C:\Windows\system32\spool
2010-11-11 01:20:30 ----D---- C:\Windows\system32\Msdtc
2010-11-11 01:20:30 ----D---- C:\Windows\system32\catroot2
2010-11-11 01:20:30 ----D---- C:\Windows\inf
2010-11-11 01:20:30 ----D---- C:\Users\Jan Farkas\AppData\Roaming\Spyware Terminator
2010-11-11 01:20:30 ----D---- C:\Program Files\Crawler
2010-11-11 01:20:30 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-11-11 01:20:29 ----D---- C:\Windows\system32\wbem
2010-11-11 01:20:29 ----D---- C:\Windows\registration
2010-11-11 01:18:05 ----D---- C:\Windows\system32\LogFiles
2010-11-10 18:18:21 ----SHD---- C:\System Volume Information
2010-11-10 18:16:45 ----D---- C:\Windows\Temp
2010-11-10 18:15:50 ----D---- C:\Windows\system32\drivers
2010-11-10 18:15:44 ----RD---- C:\Program Files
2010-11-10 18:15:44 ----HD---- C:\ProgramData
2010-11-10 18:14:43 ----D---- C:\Windows\system32\catroot
2010-11-10 18:14:35 ----D---- C:\Windows\winsxs
2010-11-10 18:12:48 ----D---- C:\ProgramData\Spyware Terminator
2010-11-10 18:12:22 ----D---- C:\Users\Jan Farkas\AppData\Roaming\ICQ
2010-11-10 18:11:34 ----D---- C:\Windows\Tasks
2010-11-10 18:06:33 ----SHD---- C:\Windows\Installer
2010-11-10 18:06:19 ----D---- C:\ProgramData\ESET
2010-11-10 18:02:55 ----D---- C:\Windows
2010-11-10 18:02:37 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-10 17:39:04 ----D---- C:\Windows\System32
2010-11-10 17:38:44 ----D---- C:\Program Files\Java
2010-11-10 16:21:50 ----AD---- C:\ProgramData\TEMP
2010-11-10 01:26:46 ----D---- C:\Program Files\Spyware Terminator
2010-11-10 00:16:36 ----D---- C:\Windows\Debug
2010-11-09 19:17:32 ----D---- C:\Users\Jan Farkas\AppData\Roaming\Mumble
2010-11-09 16:09:43 ----D---- C:\World of Warcraft
2010-11-08 20:32:17 ----D---- C:\Users\Jan Farkas\AppData\Roaming\vlc
2010-11-08 20:32:01 ----D---- C:\Users\Jan Farkas\AppData\Roaming\dvdcss
2010-11-04 20:02:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-11-04 16:58:37 ----D---- C:\Windows\Minidump
2010-11-01 11:12:45 ----D---- C:\Program Files\Google
2010-10-31 22:37:38 ----D---- C:\Program Files\ICQ7.2
2010-10-30 18:13:09 ----D---- C:\Elements
2010-10-30 18:13:08 ----D---- C:\Windows\system32\OEM
2010-10-30 18:12:48 ----D---- C:\Acer
2010-10-30 18:10:58 ----D---- C:\Program Files\Mozilla Firefox
2010-10-30 18:03:28 ----D---- C:\Windows\Prefetch
2010-10-30 00:58:41 ----A---- C:\Windows\Sandboxie.ini
2010-10-28 18:25:34 ----D---- C:\Windows\AppPatch
2010-10-25 21:25:56 ----D---- C:\StarCraft II
2010-10-19 10:41:44 ----N---- C:\Windows\system32\MpSigStub.exe
2010-10-18 22:00:38 ----D---- C:\Users\Jan Farkas\AppData\Roaming\uTorrent
2010-10-18 00:12:11 ----D---- C:\Program Files\Common Files
2010-10-18 00:09:02 ----RSD---- C:\Windows\assembly
2010-10-14 15:01:27 ----D---- C:\Windows\rescache
2010-10-14 10:32:35 ----D---- C:\Windows\system32\sk-SK
2010-10-14 10:32:35 ----D---- C:\Program Files\Windows Media Player
2010-10-14 10:32:34 ----D---- C:\Windows\system32\en-US
2010-10-14 10:32:33 ----D---- C:\Program Files\Internet Explorer
2010-10-14 10:32:31 ----D---- C:\Windows\system32\migration
2010-10-14 04:00:00 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-08-06 691696]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-31 13824]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-08-02 126856]
R1 nltdi;nltdi; \??\C:\Windows\system32\drivers\nltdi.sys [2010-03-25 82360]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2010-04-09 142592]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-08-02 60936]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-03-21 15392]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-29 8192]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-09-29 6472192]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-09-29 228352]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 gHidPnp;USB Device Enhanced Function Driver; C:\Windows\System32\Drivers\gHidPnp.Sys [2007-04-13 16384]
R3 gMouUsb;USB Mouse Device Drv; C:\Windows\system32\DRIVERS\gMouUsb.sys [2007-03-13 9856]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-22 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-22 207360]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-05-21 2143136]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-31 14848]
R3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2media.sys [2008-04-15 51160]
R3 O2SDRDR;O2SDRDR; C:\Windows\system32\DRIVERS\o2sd.sys [2008-04-08 43736]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [2010-07-04 119016]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-02-22 198064]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-12-22 659968]
S1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
S2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys []
S3 ai6a4c7r;ai6a4c7r; C:\Windows\system32\drivers\ai6a4c7r.sys []
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-09-29 6472192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-02-14 80424]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-07-16 80936]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-16 16168]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver; C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-02-20 41120]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\Windows\system32\drivers\RTL2832UBDA.sys [2009-02-20 74912]
S3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\Windows\System32\Drivers\RTL2832UUSB.sys [2009-02-20 32288]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys [2007-12-26 17968]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-05-02 8064]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872]
S3 usbser;Nokia USB Serial Port; C:\Windows\system32\DRIVERS\usbser.sys [2009-04-11 27648]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-09-29 176128]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-08-02 267944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
R2 BcmSqlStartupSvc;Spúšacia služba produktu Business Contact Manager SQL Server; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-10-16 860160]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
R2 nlsvc;NetLimiter; C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe [2010-03-25 495616]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [2007-02-13 65536]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-10-16 466944]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2010-07-04 75496]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-04-09 488960]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-29 386560]
R3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1c9f6588b6b284;Služba Google Update (gupdate1c9f6588b6b284); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-26 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-26 183280]
S2 HDDlife HDD Access service;HDDlife HDD Access service; C:\Program Files\BinarySense\HDDlife 3\hldasvc.exe [2008-02-15 832760]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Partner Service;Partner Service; c:\programdata\partner\partner.exe [2010-10-30 110576]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-06-30 316664]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2006-04-14 240416]

-----------------EOF----------------
tu to je ...

este ckfiles
CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----

Dle pohody pres PMku pockam na sken Avirou a pak napisi dalsi postup...

Avira AntiVir Personal
Report file date: 10. novembra 2010 19:13

Scanning for 3033938 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : Jan Farkas
Computer name : JAN_FARKAS_NTB

Version information:
BUILD.DAT : 10.0.0.592 31823 Bytes 9. 8. 2010 11:00:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 2. 8. 2010 15:09:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 1. 4. 2010 12:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 2. 8. 2010 15:10:00
LUKERES.DLL : 10.0.0.1 12648 Bytes 10. 2. 2010 23:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6. 11. 2009 09:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19. 11. 2009 19:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20. 1. 2010 17:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26. 1. 2010 16:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 5. 3. 2010 11:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15. 4. 2010 15:10:03
VBASE006.VDF : 7.10.7.218 2294784 Bytes 2. 6. 2010 15:10:04
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23. 7. 2010 15:10:06
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13. 9. 2010 17:17:38
VBASE009.VDF : 7.10.13.80 2265600 Bytes 2. 11. 2010 17:17:40
VBASE010.VDF : 7.10.13.81 2048 Bytes 2. 11. 2010 17:17:40
VBASE011.VDF : 7.10.13.82 2048 Bytes 2. 11. 2010 17:17:40
VBASE012.VDF : 7.10.13.83 2048 Bytes 2. 11. 2010 17:17:40
VBASE013.VDF : 7.10.13.116 147968 Bytes 4. 11. 2010 17:17:40
VBASE014.VDF : 7.10.13.147 146944 Bytes 7. 11. 2010 17:17:40
VBASE015.VDF : 7.10.13.180 123904 Bytes 9. 11. 2010 17:17:40
VBASE016.VDF : 7.10.13.181 2048 Bytes 9. 11. 2010 17:17:40
VBASE017.VDF : 7.10.13.182 2048 Bytes 9. 11. 2010 17:17:40
VBASE018.VDF : 7.10.13.183 2048 Bytes 9. 11. 2010 17:17:40
VBASE019.VDF : 7.10.13.184 2048 Bytes 9. 11. 2010 17:17:40
VBASE020.VDF : 7.10.13.185 2048 Bytes 9. 11. 2010 17:17:40
VBASE021.VDF : 7.10.13.186 2048 Bytes 9. 11. 2010 17:17:40
VBASE022.VDF : 7.10.13.187 2048 Bytes 9. 11. 2010 17:17:40
VBASE023.VDF : 7.10.13.188 2048 Bytes 9. 11. 2010 17:17:40
VBASE024.VDF : 7.10.13.189 2048 Bytes 9. 11. 2010 17:17:40
VBASE025.VDF : 7.10.13.190 2048 Bytes 9. 11. 2010 17:17:40
VBASE026.VDF : 7.10.13.191 2048 Bytes 9. 11. 2010 17:17:40
VBASE027.VDF : 7.10.13.192 2048 Bytes 9. 11. 2010 17:17:40
VBASE028.VDF : 7.10.13.193 2048 Bytes 9. 11. 2010 17:17:40
VBASE029.VDF : 7.10.13.194 2048 Bytes 9. 11. 2010 17:17:41
VBASE030.VDF : 7.10.13.195 2048 Bytes 9. 11. 2010 17:17:41
VBASE031.VDF : 7.10.13.202 47616 Bytes 10. 11. 2010 17:17:41
Engineversion : 8.2.4.92
AEVDF.DLL : 8.1.2.1 106868 Bytes 2. 8. 2010 15:09:54
AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 10. 11. 2010 17:17:43
AESCN.DLL : 8.1.6.1 127347 Bytes 2. 8. 2010 15:09:53
AESBX.DLL : 8.1.3.1 254324 Bytes 2. 8. 2010 15:09:53
AERDL.DLL : 8.1.9.2 635252 Bytes 10. 11. 2010 17:17:43
AEPACK.DLL : 8.2.3.11 471416 Bytes 10. 11. 2010 17:17:42
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 2. 8. 2010 15:09:52
AEHEUR.DLL : 8.1.2.38 2990455 Bytes 10. 11. 2010 17:17:42
AEHELP.DLL : 8.1.14.0 246134 Bytes 10. 11. 2010 17:17:41
AEGEN.DLL : 8.1.3.24 401781 Bytes 10. 11. 2010 17:17:41
AEEMU.DLL : 8.1.2.0 393588 Bytes 2. 8. 2010 15:09:49
AECORE.DLL : 8.1.17.0 196982 Bytes 10. 11. 2010 17:17:41
AEBB.DLL : 8.1.1.0 53618 Bytes 2. 8. 2010 15:09:48
AVWINLL.DLL : 10.0.0.0 19304 Bytes 2. 8. 2010 15:09:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 2. 8. 2010 15:09:55
AVREP.DLL : 10.0.0.8 62209 Bytes 17. 6. 2010 14:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 2. 8. 2010 15:09:55
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 2. 8. 2010 15:09:56
AVARKT.DLL : 10.0.0.14 227176 Bytes 2. 8. 2010 15:09:54
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 2. 8. 2010 15:09:55
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17. 6. 2010 14:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 2. 8. 2010 15:09:56
NETNT.DLL : 10.0.0.0 11624 Bytes 17. 6. 2010 14:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28. 1. 2010 13:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 2. 8. 2010 15:10:08

Configuration settings for the scan:
Jobname.............................: Scan for Rootkits and active malware
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\rootkit.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high
Deviating risk categories...........: +APPL,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: 10. novembra 2010 19:13

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'chrome.exe' - '38' Module(s) have been scanned
Scan process 'chrome.exe' - '60' Module(s) have been scanned
Scan process 'chrome.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '73' Module(s) have been scanned
Scan process 'avcenter.exe' - '92' Module(s) have been scanned
Scan process 'chrome.exe' - '38' Module(s) have been scanned
Scan process 'chrome.exe' - '38' Module(s) have been scanned
Scan process 'chrome.exe' - '38' Module(s) have been scanned
Scan process 'chrome.exe' - '38' Module(s) have been scanned
Scan process 'chrome.exe' - '38' Module(s) have been scanned
Scan process 'chrome.exe' - '38' Module(s) have been scanned
Scan process 'chrome.exe' - '74' Module(s) have been scanned
Scan process 'ICQ.exe' - '154' Module(s) have been scanned
Scan process 'avgnt.exe' - '55' Module(s) have been scanned
Scan process 'sched.exe' - '56' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'avguard.exe' - '66' Module(s) have been scanned
Scan process 'wuauclt.exe' - '44' Module(s) have been scanned
Scan process 'conime.exe' - '20' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '20' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '34' Module(s) have been scanned
Scan process 'unsecapp.exe' - '27' Module(s) have been scanned
Scan process 'unsecapp.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '63' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '96' Module(s) have been scanned
Scan process 'xaudio.exe' - '14' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '64' Module(s) have been scanned
Scan process 'svchost.exe' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'sp_rsser.exe' - '36' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '23' Module(s) have been scanned
Scan process 'PsiService_2.exe' - '17' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'o2flash.exe' - '15' Module(s) have been scanned
Scan process 'SchedulerSvc.exe' - '40' Module(s) have been scanned
Scan process 'BackupSvc.exe' - '44' Module(s) have been scanned
Scan process 'nlsvc.exe' - '44' Module(s) have been scanned
Scan process 'MobilityService.exe' - '34' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '20' Module(s) have been scanned
Scan process 'iviRegMgr.exe' - '16' Module(s) have been scanned
Scan process 'gTaskSwitch.exe' - '27' Module(s) have been scanned
Scan process 'gDeskMgm.exe' - '26' Module(s) have been scanned
Scan process 'gIMMgm.exe' - '23' Module(s) have been scanned
Scan process 'soffice.exe' - '74' Module(s) have been scanned
Scan process 'ehmsas.exe' - '23' Module(s) have been scanned
Scan process 'ehtray.exe' - '28' Module(s) have been scanned
Scan process 'BTTray.exe' - '55' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '31' Module(s) have been scanned
Scan process 'SpywareTerminatorUpdate.exe' - '70' Module(s) have been scanned
Scan process 'gMGlass.exe' - '23' Module(s) have been scanned
Scan process 'gZoom.exe' - '24' Module(s) have been scanned
Scan process 'gAutoScroll.exe' - '23' Module(s) have been scanned
Scan process 'gAutoPan.exe' - '22' Module(s) have been scanned
Scan process 'gKbdTask.exe' - '35' Module(s) have been scanned
Scan process 'gMouseTask.exe' - '33' Module(s) have been scanned
Scan process 'wmdc.exe' - '37' Module(s) have been scanned
Scan process 'jusched.exe' - '22' Module(s) have been scanned
Scan process 'SpywareTerminatorShield.Exe' - '40' Module(s) have been scanned
Scan process 'EvtEng.exe' - '84' Module(s) have been scanned
Scan process 'ArcCon.ac' - '61' Module(s) have been scanned
Scan process 'ACDaemon.exe' - '48' Module(s) have been scanned
Scan process 'gTaskBar.exe' - '27' Module(s) have been scanned
Scan process 'ePower_DMC.exe' - '54' Module(s) have been scanned
Scan process 'LManager.exe' - '58' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '37' Module(s) have been scanned
Scan process 'PLFSetI.exe' - '33' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '50' Module(s) have been scanned
Scan process 'BkupTray.exe' - '21' Module(s) have been scanned
Scan process 'MSASCui.exe' - '42' Module(s) have been scanned
Scan process 'ETService.exe' - '70' Module(s) have been scanned
Scan process 'taskeng.exe' - '84' Module(s) have been scanned
Scan process 'Agentsvc.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'BcmSqlStartupSvc.exe' - '20' Module(s) have been scanned
Scan process 'ACService.exe' - '24' Module(s) have been scanned
Scan process 'taskeng.exe' - '49' Module(s) have been scanned
Scan process 'svchost.exe' - '61' Module(s) have been scanned
Scan process 'spoolsv.exe' - '82' Module(s) have been scanned
Scan process 'Explorer.EXE' - '174' Module(s) have been scanned
Scan process 'Dwm.exe' - '40' Module(s) have been scanned
Scan process 'WLANExt.exe' - '87' Module(s) have been scanned
Scan process 'svchost.exe' - '98' Module(s) have been scanned
Scan process 'SbieSvc.exe' - '35' Module(s) have been scanned
Scan process 'atieclxx.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '103' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '155' Module(s) have been scanned
Scan process 'svchost.exe' - '119' Module(s) have been scanned
Scan process 'svchost.exe' - '63' Module(s) have been scanned
Scan process 'winlogon.exe' - '30' Module(s) have been scanned
Scan process 'atiesrxx.exe' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '62' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '1849' files ).


Starting the file scan:

Begin scan in 'C:' <ACER>
C:\Program Files\BinarySense\HDDlife 3\HDDlifeNB (2).exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Jan Farkas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5E0L6HE9\Firefox.v3.0.11.SK[1].exe
[WARNING] The file could not be read!
C:\Users\Jan Farkas\AppData\Local\Temp\ubi1CC5.tmp.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Jan Farkas\AppData\Local\Temp\ubi2085.tmp.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Jan Farkas\AppData\Local\Temp\ubi2CD1.tmp.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Jan Farkas\AppData\Local\Temp\ubi2F89.tmp.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Jan Farkas\AppData\Local\Temp\ubi3113.tmp.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Jan Farkas\AppData\Local\Temp\ubi3247.tmp.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Jan Farkas\AppData\Local\Temp\ubi5768.tmp.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Jan Farkas\AppData\Local\Temp\ubi8CDC.tmp.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Jan Farkas\AppData\Local\Temp\ubi9FC0.tmp.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Jan Farkas\AppData\Local\Temp\ubiB08A.tmp.exe
[DETECTION] Contains HEUR/Crypted.E suspicious code

Beginning disinfection:
C:\Users\Jan Farkas\AppData\Local\Temp\ubiB08A.tmp.exe
[DETECTION] Contains HEUR/Crypted.E suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '4988520a.qua'.
C:\Users\Jan Farkas\AppData\Local\Temp\ubi9FC0.tmp.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '511f7dad.qua'.
C:\Users\Jan Farkas\AppData\Local\Temp\ubi8CDC.tmp.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '03402746.qua'.
C:\Users\Jan Farkas\AppData\Local\Temp\ubi5768.tmp.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '65776884.qua'.
C:\Users\Jan Farkas\AppData\Local\Temp\ubi3247.tmp.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '20f345ba.qua'.
C:\Users\Jan Farkas\AppData\Local\Temp\ubi3113.tmp.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5fe877db.qua'.
C:\Users\Jan Farkas\AppData\Local\Temp\ubi2F89.tmp.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '13505b91.qua'.
C:\Users\Jan Farkas\AppData\Local\Temp\ubi2CD1.tmp.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6f481bc1.qua'.
C:\Users\Jan Farkas\AppData\Local\Temp\ubi2085.tmp.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4212348c.qua'.
C:\Users\Jan Farkas\AppData\Local\Temp\ubi1CC5.tmp.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5b7a0f16.qua'.
C:\Program Files\BinarySense\HDDlife 3\HDDlifeNB (2).exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '377b2300.qua'.


End of the scan: 10. novembra 2010 20:45
Used time: 1:30:22 Hour(s)

The scan has been done completely.

26754 Scanned directories
595936 Files were scanned
10 Viruses and/or unwanted programs were found
1 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
11 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
595925 Files not concerned
5764 Archives were scanned
1 Warnings
11 Notes
727275 Objects were scanned with rootkit scan
0 Hidden objects were found

sken z aviry , ( je mozne ze tie subory pochadzaju z nie celkom legalneho zdroja ak je to tak tak sa prosim vyjadrite aspon k RSITU

Dejte mi sem prosim vypis nebo screen karanteny Aviry, at vidim co mazala...

Type: File
Source: C:\Users\Jan Farkas\AppData\Local\Temp\ubi5768.tmp.exe
Status: Infected
Quarantine object: 65776884.qua
Restored: NO
Uploaded to Avira: NO
Operating System: Windows 2000/XP/VISTA Workstation
Search engine: 8.02.04.92
Virus definition file: 7.10.13.202
Detection: Is the TR/Dropper.Gen Trojan
Date/Time: 10. 11. 2010, 20:45


Type: File
Source: C:\Users\Jan Farkas\AppData\Local\Temp\ubi2CD1.tmp.exe
Status: Infected
Quarantine object: 6f481bc1.qua
Restored: NO
Uploaded to Avira: NO
Operating System: Windows 2000/XP/VISTA Workstation
Search engine: 8.02.04.92
Virus definition file: 7.10.13.202
Detection: Is the TR/Dropper.Gen Trojan
Date/Time: 10. 11. 2010, 20:45


Type: File
Source: C:\Users\Jan Farkas\AppData\Local\Temp\ubi3113.tmp.exe
Status: Infected
Quarantine object: 5fe877db.qua
Restored: NO
Uploaded to Avira: NO
Operating System: Windows 2000/XP/VISTA Workstation
Search engine: 8.02.04.92
Virus definition file: 7.10.13.202
Detection: Is the TR/Dropper.Gen Trojan
Date/Time: 10. 11. 2010, 20:45


Type: File
Source: C:\Users\Jan Farkas\AppData\Local\Temp\ubi1CC5.tmp.exe
Status: Infected
Quarantine object: 5b7a0f16.qua
Restored: NO
Uploaded to Avira: NO
Operating System: Windows 2000/XP/VISTA Workstation
Search engine: 8.02.04.92
Virus definition file: 7.10.13.202
Detection: Is the TR/Dropper.Gen Trojan
Date/Time: 10. 11. 2010, 20:45


Type: File
Source: C:\Users\Jan Farkas\AppData\Local\Temp\ubi2085.tmp.exe
Status: Infected
Quarantine object: 4212348c.qua
Restored: NO
Uploaded to Avira: NO
Operating System: Windows 2000/XP/VISTA Workstation
Search engine: 8.02.04.92
Virus definition file: 7.10.13.202
Detection: Is the TR/Dropper.Gen Trojan
Date/Time: 10. 11. 2010, 20:45


Type: File
Source: C:\Users\Jan Farkas\AppData\Local\Temp\ubi2F89.tmp.exe
Status: Infected
Quarantine object: 13505b91.qua
Restored: NO
Uploaded to Avira: NO
Operating System: Windows 2000/XP/VISTA Workstation
Search engine: 8.02.04.92
Virus definition file: 7.10.13.202
Detection: Is the TR/Dropper.Gen Trojan
Date/Time: 10. 11. 2010, 20:45


Type: File
Source: C:\Users\Jan Farkas\AppData\Local\Temp\ubi8CDC.tmp.exe
Status: Infected
Quarantine object: 03402746.qua
Restored: NO
Uploaded to Avira: NO
Operating System: Windows 2000/XP/VISTA Workstation
Search engine: 8.02.04.92
Virus definition file: 7.10.13.202
Detection: Is the TR/Dropper.Gen Trojan
Date/Time: 10. 11. 2010, 20:45


Type: File
Source: C:\Program Files\BinarySense\HDDlife 3\HDDlifeNB (2).exe
Status: Infected
Quarantine object: 377b2300.qua
Restored: NO
Uploaded to Avira: NO
Operating System: Windows 2000/XP/VISTA Workstation
Search engine: 8.02.04.92
Virus definition file: 7.10.13.202
Detection: Is the TR/Dropper.Gen Trojan
Date/Time: 10. 11. 2010, 20:45


Type: File
Source: C:\Users\Jan Farkas\AppData\Local\Temp\ubi3247.tmp.exe
Status: Infected
Quarantine object: 20f345ba.qua
Restored: NO
Uploaded to Avira: NO
Operating System: Windows 2000/XP/VISTA Workstation
Search engine: 8.02.04.92
Virus definition file: 7.10.13.202
Detection: Is the TR/Dropper.Gen Trojan
Date/Time: 10. 11. 2010, 20:45


Type: File
Source: C:\Users\Jan Farkas\AppData\Local\Temp\ubiB08A.tmp.exe
Status: Infected
Quarantine object: 4988520a.qua
Restored: NO
Uploaded to Avira: NO
Operating System: Windows 2000/XP/VISTA Workstation
Search engine: 8.02.04.92
Virus definition file: 7.10.13.202
Detection: Contains HEUR/Crypted.E suspicious code
Date/Time: 10. 11. 2010, 20:45


Type: File
Source: C:\Users\Jan Farkas\AppData\Local\Temp\ubi9FC0.tmp.exe
Status: Infected
Quarantine object: 511f7dad.qua
Restored: NO
Uploaded to Avira: NO
Operating System: Windows 2000/XP/VISTA Workstation
Search engine: 8.02.04.92
Virus definition file: 7.10.13.202
Detection: Is the TR/Dropper.Gen Trojan
Date/Time: 10. 11. 2010, 20:45

Samej bordel v tempu

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• V zadnem pripade ted nerestartujte PC - prisli byste o ucinek RKillu

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

• Provedte aktualizaci - treti zalozka
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

rkill zbehol ,zavrel par veci ( ale napr. ICQ nechal tak ) , ten druhy program vymazal 6000 mb a resetol počítač (po resete ale bootovanie trvalo dost dlho - dlhsie ako obycajne ) , práve prebieha mbam sken ,

Tech 600 MB byly temp soubory a bootovani mohlo byt delsi kvuli mazani temp souboru, ktere je nutne mazat pri restartu...nechte probehnout MBAM a pak sem dejte log...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verzia databázy: 5091

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

10. 11. 2010 22:59:57
mbam-log-2010-11-10 (22-59-57).txt

Typ kontroly: Úplná kontrola (C:\|D:\|)
Objektov kontrolovaných: 371877
Uplynulý čas: 1 hod, 45 min, 45 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 1

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
C:\Windows\System32\ovfsthxffthnqlvibpvmkweeiexhtpsgtbnqbp.dat (Rootkit.TDSS) -> No action taken.

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

• Vyskoci na Vas okenko, do ktereho zkopirujte text nize

• Kód: Vybrat vše

  services.msc

• Kliknete na OK
• Najdete sluzby nize
• Služba Google Update
  Google Software Updater
  Spyware Terminator Realtime Shield Service
• U kazde provedte toto
  • Klik na ni pravym mysidlem a zvolit Vlastnosti
  • Nyní klik na Zastavit
  • Typ spousteni nastavit na Zakazano
  • Potvrdte kliknutim na OK

Stahnete OTM (viz muj podpis)

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :reg
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "eRecoveryService"=-
  "SpywareTerminator"=-
  "Adobe Reader Speed Launcher"=-
  "Adobe ARM"=-
  "SunJavaUpdateSched"=-
  "QuickTime Task"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "Google Update"=-
  "Steam"=-
  "SpywareTerminatorUpdate"=-
  "WMPNSCFG"=-
  "ICQ"=-
  
  :services
  ovfsthxffthnqlvibpvmkweeiexhtpsgtbnqbp
  
  :files
  C:\Windows\System32\ovfsthxffthnqlvibpvmkweeiexhtpsgtbnqbp.dat
  
  C:\Windows\tasks\Google Software Updater.job
  C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
  C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3690851227-2635793869-1137812997-1003Core.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3690851227-2635793869-1137812997-1003UA.job
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp /s
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [CLEARALLRESTOREPOINTS]

• Kliknete na cervene tlacitko MoveIt!
• Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte