VIRY.CZ

Dobrý den,

prosím o radu. MBAM mi nalezl škodlivé kódy v registrech. Nevím co mohu smazat. Především se mi jedná o Infikované hodnoty v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Metropolis, který mi asi spouští při startu PC okno RunDLL s hláškou, že nebyl nalezen soubor sshnas21.dll. Ten mi naštěstí zachtil NOD32 a uložil do karantény. Moc děkuji za odpověď.

Připojuji log MBAM:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5683

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

6.2.2011 12:34:23
mbam-log-2011-02-06 (12-34-01).txt

Typ kontroly: Rychlý test
Testované objekty: 156434
Uplynulý čas: 4 minut, 31 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 8
Infikované hodnoty v registru: 1
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\AdVantage (Adware.Vomba) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\CE8SIIFGSU (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\VXEG3ZNNE5 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Z30KYPG3WS (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.

Infikované hodnoty v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Metropolis (Trojan.FakeAlert) -> Value: Metropolis -> No action taken.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)



Dále připojuji LOG z RSIT:

Logfile of random's system information tool 1.08 (written by random/random)
Run by MAMINKA at 2011-02-05 17:23:40
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 64 GB (44%) free of 143 GB
Total RAM: 2047 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:23:50, on 5.2.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ICQ7.2\ICQ.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\totalcmd\TOTALCMD.EXE
E:\Install\RSIT skener na viry\RSIT.exe
C:\Program Files\trend micro\MAMINKA.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Users\MAMINKA\AppData\Roaming\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Users\MAMINKA\AppData\Roaming\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Standby] "c:\Program Files\Common Files\Corel\Standby\Standby.exe" -START
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Metropolis] rundll32.exe C:\Windows\system32\sshnas21.dll,GetHandle
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Users\MAMINKA\AppData\Roaming\LangSoft\WebIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Users\MAMINKA\AppData\Roaming\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Users\MAMINKA\AppData\Roaming\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Users\MAMINKA\AppData\Roaming\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Users\MAMINKA\AppData\Roaming\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Users\MAMINKA\AppData\Roaming\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Users\MAMINKA\AppData\Roaming\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Users\MAMINKA\AppData\Roaming\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Users\MAMINKA\AppData\Roaming\LangSoft\WebIE.dll
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} (CryptSignX Control) - http://adisepo.mfcr.cz/adistc/adis/idpr ... x_1015.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{508F1222-51AC-408A-B9CF-05E2DC109E96}: NameServer = 192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MacDrive 8 service (MacDrive8Service) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 12337 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{40F58076-F3E6-4A59-B17D-F6A783B6079F}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Users\MAMINKA\AppData\Roaming\LangSoft\WebIE.dll [2009-11-12 794676]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2007-08-21 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Users\MAMINKA\AppData\Roaming\LangSoft\WebIE.dll [2009-11-12 794676]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-05-08 174872]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-23 4423680]
"IaNvSrv"=C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe [2007-05-08 33048]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-03-01 857648]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
""= []
"Skytel"=C:\Windows\Skytel.exe [2007-03-16 1822720]
"Spamihilator"=C:\Program Files\Spamihilator\spamihilator.exe [2008-12-23 1321984]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-03-31 2145000]
"WD Drive Manager"=C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [2008-05-16 430080]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-07-02 13789728]
"Standby"=c:\Program Files\Common Files\Corel\Standby\Standby.exe [2010-05-17 105632]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-12-20 443728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2011-01-05 133432]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"Metropolis"=C:\Windows\system32\sshnas21.dll,GetHandle []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-02-05 17:23:40 ----D---- C:\rsit
2011-02-05 17:23:40 ----D---- C:\Program Files\trend micro
2011-02-05 10:14:46 ----D---- C:\Users\MAMINKA\AppData\Roaming\Malwarebytes
2011-02-05 10:14:36 ----D---- C:\ProgramData\Malwarebytes
2011-02-05 10:14:36 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-02-05 10:14:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-02-05 10:14:32 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-02-04 19:20:06 ----D---- C:\bd_logs
2011-02-04 17:53:41 ----SHD---- C:\Config.Msi
2011-01-12 12:24:44 ----A---- C:\Windows\system32\odbc32.dll
2011-01-12 12:24:28 ----A---- C:\Windows\system32\sdclt.exe

======List of files/folders modified in the last 1 months======

2011-02-05 17:23:50 ----D---- C:\Windows\Prefetch
2011-02-05 17:23:43 ----D---- C:\Windows\Temp
2011-02-05 17:23:40 ----RD---- C:\Program Files
2011-02-05 17:21:33 ----D---- C:\Users\MAMINKA\AppData\Roaming\Free Download Manager
2011-02-05 17:19:25 ----D---- C:\Users\MAMINKA\AppData\Roaming\Spamihilator
2011-02-05 10:41:44 ----SHD---- C:\System Volume Information
2011-02-05 10:14:36 ----HD---- C:\ProgramData
2011-02-05 10:14:36 ----D---- C:\Windows\system32\drivers
2011-02-05 10:01:23 ----D---- C:\Windows\System32
2011-02-05 10:01:23 ----D---- C:\Windows\inf
2011-02-05 10:01:23 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-05 09:59:43 ----D---- C:\Users\MAMINKA\AppData\Roaming\ICQ
2011-02-04 19:56:00 ----A---- C:\Windows\system32\acovcnt.exe
2011-02-04 18:00:41 ----D---- C:\ProgramData\Adobe
2011-02-04 17:55:39 ----SD---- C:\Users\MAMINKA\AppData\Roaming\Microsoft
2011-02-04 17:55:39 ----D---- C:\Users\MAMINKA\AppData\Roaming\Adobe
2011-02-04 17:55:33 ----SHD---- C:\Windows\Installer
2011-02-04 17:54:30 ----D---- C:\Program Files\Common Files\Adobe
2011-02-04 17:54:21 ----D---- C:\Program Files\Adobe
2011-02-04 17:54:08 ----D---- C:\Windows\winsxs
2011-02-04 17:45:33 ----D---- C:\Windows\system32\catroot2
2011-02-04 17:40:37 ----D---- C:\Downloads
2011-01-30 13:42:30 ----D---- C:\Windows
2011-01-30 13:42:29 ----D---- C:\Windows\Tasks
2011-01-30 13:31:29 ----D---- C:\Windows\system32\Tasks
2011-01-15 11:48:05 ----A---- C:\Windows\system32\mrt.exe
2011-01-15 11:47:30 ----D---- C:\ProgramData\Microsoft Help
2011-01-12 12:24:14 ----D---- C:\Windows\system32\catroot
2011-01-10 12:13:27 ----D---- C:\Program Files\ICQ7.2
2011-01-09 10:43:12 ----SD---- C:\Windows\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AsDsm;AsDsm; C:\Windows\system32\drivers\AsDsm.sys [2007-04-25 27504]
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller; C:\Windows\system32\DRIVERS\iaNvStor.sys [2007-05-04 208896]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-02-12 277784]
R0 JGOGO;JMicron Hot-Plug Driver; C:\Windows\system32\DRIVERS\JGOGO.sys [2006-02-07 6912]
R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2007-04-11 48000]
R0 MDFSYSNT;MacDrive file system driver; C:\Windows\system32\drivers\MDFSYSNT.sys [2009-09-28 259176]
R0 MDPMGRNT;MacDrive partition driver; C:\Windows\system32\drivers\MDPMGRNT.sys [2009-07-31 27488]
R0 PxHelp20;PxHelp20; C:\Windows\system32\Drivers\PxHelp20.sys [2006-10-18 36624]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2008-03-11 114048]
R0 timounter;Acronis True Image Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2008-03-11 395744]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-03-31 114984]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2009-07-31 229208]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-02-05 11632]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-03-31 134024]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-03-31 96896]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-24 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-22 37376]
R2 tifsfilter;Acronis True Image FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys [2008-03-11 39264]
R3 BthAvrcp;Bluetooth AVRCP Profile; C:\Windows\system32\DRIVERS\BthAvrcp.sys [2007-10-06 12800]
R3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-26 1761696]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2007-04-21 47616]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 Ltn_hyd7700pc;TV tuner device ; C:\Windows\System32\Drivers\Ltn_hyd7700pc.sys [2007-05-18 374144]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-19 18432]
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-07-02 9786752]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam; C:\Windows\System32\Drivers\StkCMini.sys [2007-05-30 1260672]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-03-01 182456]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
S2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2006-11-16 15216]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\atl01v32.sys [2007-03-15 48128]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HDUSB;HDUSB; C:\Windows\system32\DRIVERS\HDUSB.sys [2007-08-07 12800]
S3 LgBttPort;LGE Bluetooth TransPort; C:\Windows\system32\DRIVERS\lgbtport.sys []
S3 lgbusenum;LG Bluetooth Bus Enumerator; C:\Windows\system32\DRIVERS\lgbtbus.sys []
S3 LGVMODEM;LGE Virtual Modem; C:\Windows\system32\DRIVERS\lgvmodem.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 NETw4v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-30 2219520]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pwdrvio;pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [2009-09-04 16456]
S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys [2009-09-04 11088]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2006-11-02 41064]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2006-10-17 230944]
R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2007-05-18 73728]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-06 94208]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-05-15 94208]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-31 810120]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-04-16 647168]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-05-08 355096]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MacDrive8Service;MacDrive 8 service; C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2009-09-23 150528]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-02 211488]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-04-16 327680]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2006-12-29 123248]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service; C:\Windows\System32\StkCSrv.exe [2007-04-19 24576]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2010-05-03 604488]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-05-16 102400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-03-31 33560]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2010-05-03 361288]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

Zdravim a pekny den preji

Nalezy MBAMu muzete smazat

Poprosim i o druhy log z rsit s nazvem info.txt, je ulozen v c:\rsit

Zatím moc děkuji. Ale u zavirovaného PC budu až večer, takže druhý log zašlu večer.

Dobra tedy, budu jej vyhlizet

Připojuji druhý log, prosím o kontrolu:

info.txt logfile of random's system information tool 1.08 2011-02-05 17:23:55

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
602XML Filler-->MsiExec.exe /X{691A9CA1-1029-48DB-99D3-779A144E35D6}
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Acronis True Image Home-->MsiExec.exe /X{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Reader X - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AA0000000001}
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {0A1FAC46-B899-421D-B1A2-470896DC45DB}
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {E68DD413-B834-4923-8181-0A03B7555187}
Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ashampoo Photo Optimizer 2.02-->"C:\Program Files\Ashampoo\Ashampoo Photo Optimizer 2\unins000.exe"
ASUS Data Security Manager-->C:\Program Files\InstallShield Installation Information\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}\SETUP.exe -runfromtemp -l0x0009 -removeonly
ASUS InstantFun-->MsiExec.exe /I{57B15AD4-8C9D-4164-82BB-E33D8644E757}
ASUS Live Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\setup.exe" -l0x9
ASUS Splendid Video Enhancement Technology-->C:\Program Files\InstallShield Installation Information\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}\SETUP.exe -runfromtemp -l0x0009 -removeonly
ASUS Wireless Router WL-520GU Manuals-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9308EDF4-04C9-4806-81CA-3AF0EC104E75}\setup.exe" -l0x5
ASUS Wireless Router WL-520GU Utilities-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B835DEF8-26A7-4E9B-B9F8-8D56F385DEAA}\Setup.exe" -l0x5
Asus_Camera_ScreenSaver-->"C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe"
ATK Generic Function Service-->C:\Program Files\InstallShield Installation Information\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\SETUP.exe -runfromtemp -l0x0009 -removeonly
ATK Hotkey-->C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\SETUP.exe -runfromtemp -l0x0009 -removeonly
ATK Media-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\SETUP.EXE" -l0x9
ATKOSD2-->C:\Program Files\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\SETUP.exe -runfromtemp -l0x0009 -removeonly
Attansic Ethernet Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\SETUP.exe" -l0x9 -removeonly
Balíček ovladače systému Windows - Handan (HDUSB) Handan USB Devices (07/08/2007 1.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /d /u C:\Windows\System32\DriverStore\FileRepository\hdusb.inf_6592e195\hdusb.inf
Balíček ovladače systému Windows - Nokia Modem (10/27/2008 3.9)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_544c8e16\nokia_bluetooth.inf
Balíček ovladače systému Windows - Nokia Modem (10/27/2008 7.01.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_0e4dd4bb\nokbtmdm.inf
Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Balíček ovladače systému Windows - YUAN (mod7700) Media (04/19/2007 2.3.2.7)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPINST.EXE /d /u C:\Windows\system32\DRVSTORE\dvb7700all_BD0AFDEE490AAAC9E13B3E18DDE757E82D819DB3\dvb7700all.inf
BFile-->"C:\Program Files\BFile\unins000.exe"
BlueVoda Website Builder 11.4 S-->C:\Windows\iun6002.exe "C:\Program Files\BlueVoda Website Builder\irunin.ini"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BS.Player FREE powered by AdVantage-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
Contents-->MsiExec.exe /I{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}
Corel DVD MovieFactory 7 SE-->C:\Program Files\InstallShield Installation Information\{50F68032-B5B7-4513-9116-C978DBD8F27A}\setup.exe -runfromtemp -l0x0409
Corel VideoStudio Pro X3-->c:\Program Files\Corel\Corel VideoStudio Pro X3\Setup\{F072CA07-A781-45E4-9975-C033A73019CF}\SetupARP.exe /arp
CrystalDiskInfo 3.0.3-->"C:\Program Files\CrystalDiskInfo\unins000.exe"
DeviceIO-->MsiExec.exe /I{F4E9851F-765E-40B7-9859-237C2724E62C}
Doplněk Microsoft Save as PDF or XPS pro aplikace sady Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-0405-0000-0000000FF1CE}
Free Download Manager 2.5-->"C:\Program Files\Free Download Manager\unins000.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP LaserJet M1005-->C:\Program Files\Agilent-HP\{c6794dee-3197-4df6-9cc2-b1335158cc56}\uninstall.exe SYSTEM "C:\Program Files\Agilent-HP\{c6794dee-3197-4df6-9cc2-b1335158cc56}"
HP OrderReminder-->"C:\Program Files\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe" hp_LaserJet_1018
ICA-->MsiExec.exe /I{F072CA07-A781-45E4-9975-C033A73019CF}
ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe
ICQ7.2-->"C:\Program Files\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
ImageMixer3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{751910E3-ECF1-44D0-BF3F-2936A4424514}\setup.exe" -l0x9 UNINSTALL -removeonly
InfoMapa - Home Edition - mapa Prahy a ČR 2009 pro CHIP-->MsiExec.exe /X{7181DB32-CD68-4AF9-98A8-4DAACB48842A}
Intel(R) PROSet/Wireless Software-->C:\Windows\Installer\iProInst.exe
Intel® Turbo Memory and Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
IPM_VS_Pro-->MsiExec.exe /I{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}
ITECIR Driver-->C:\Program Files\InstallShield Installation Information\{FCED9B62-34FF-4C15-8A23-F65221F7874D}\SETUP.exe -runfromtemp -l0x0009 -removeonly
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
JMB36X Raid Configurer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\SETUP.exe" -l0x9 -removeonly
K-Lite Mega Codec Pack 4.1.7-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LG MC USB U330 driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}\setup.exe" -l0x5 -removeonly
LG USB Modem Drivers-->MsiExec.exe /X{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}
LifeFrame2-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
MacDrive 8-->MsiExec.exe /X{53CE99DF-C3D1-41AE-ACD7-2964347AC4FF}
MainConcept MCE Encoder-->MsiExec.exe /I{DA9EBAAE-57E5-44D2-B496-8771CD924C68}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MCE Software Encoder 1.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7655E113-C306-11D9-A373-0050BAE317E1}\SETUP.EXE" -uninstall
mCore-->MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 3.5 Language Pack SP1 - csy-->MsiExec.exe /I{DD73CA82-EA82-38AA-863D-9A24A018DC96}
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - csy\setup.exe
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {E12F9D31-4025-4BC6-B1B2-AB262C5580B0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2007-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {294B4278-CF7B-40B9-86A1-2D3FF0C2C524}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {10EC59E5-9BCE-4884-BB1A-E28627220232}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Virtual PC 2007-->MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MLE-->MsiExec.exe /I{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.6.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NB Probe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\setup.exe" -l0x9
Nero 8-->MsiExec.exe /X{6F8A555E-F2E1-415D-AD8A-67C0A7671029}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}
Nokia PC Suite-->C:\ProgramData\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_cze_web.exe
Nokia PC Suite-->MsiExec.exe /I{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
Odinstalovat LG PC Suite III-->"C:\Program Files\LG Electronics\LG PC Suite III\unins000.exe"
OpenOffice.org 3.0-->MsiExec.exe /I{BE8BE32F-F595-4693-9F82-1E0A5A047BB6}
Partition Wizard Home Edition 4.1-->"C:\Program Files\Partition Wizard Home Edition 4.1\unins000.exe"
PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD}
Power4Gear eXtreme-->C:\Program Files\InstallShield Installation Information\{8CFEBE9C-F29F-4C49-80E0-7106970F8734}\setup.exe -runfromtemp -l0x0009 -removeonly
PowerForPhone-->C:\Program Files\InstallShield Installation Information\{FC3D290D-79BE-44B7-ABF9-FDD110925930}\setup.exe -runfromtemp -l0x0009 -removeonly
PureHD-->MsiExec.exe /I{F8423392-2296-4748-9B66-344432459632}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x5 -removeonly
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\SETUP.EXE" -l0x9 anything
Scan To-->MsiExec.exe /I{9356940C-B360-4EF4-BE6C-BD488350AB17}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2289158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16}
Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3DED0A62-44C8-4E00-A785-5212F297A9D9}
Security Update for Microsoft Office Publisher 2007 (KB2284697)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3A4CDE54-2403-483D-8D9A-15E3264410DF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Security Update for Windows Media Encoder (KB2447961)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={6139D160-F916-4708-953E-68B213BE6B7A} /qb
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Security Update for Windows Media Encoder (KB979332)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={950E24CA-CA7E-4606-8F0D-DEDBC94F2A1E} /qb
Setup-->MsiExec.exe /I{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}
Share-->MsiExec.exe /I{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SmartSound Common Data-->"C:\Program Files\InstallShield Installation Information\{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}\setup.exe" -runfromtemp -l0x0409 -removeonly
SmartSound Common Data-->MsiExec.exe /I{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}
SmartSound Quicktracks 5-->"C:\Program Files\InstallShield Installation Information\{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}\setup.exe" -runfromtemp -l0x0409 -removeonly
SmartSound Quicktracks 5-->MsiExec.exe /I{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}
Spamihilator-->"C:\Program Files\Spamihilator\uninstall.exe"
Stellarium 0.9.1-->"C:\Program Files\Stellarium\unins000.exe"
Sweet Home 3D version 2.4-->"C:\Program Files\Sweet Home 3D\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office Outlook 2007 (KB2412171)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {752A0B7C-BD24-4362-AC86-AB63FEE6F46F}
Update for Outlook 2007 Junk Email Filter (KB2483110)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {592B47F5-D305-431A-9781-ED6CBB44FA8B}
USB downloader-->C:\Windows\IsUninst.exe -f"C:\Program Files\HANDAN\USB downloader\Uninst.isu"
USB2.0 1.3M WebCam-->C:\Windows\StkUnist.exe
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VIO-->MsiExec.exe /I{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}
VistaFeaturePack-->C:\Program Files\InstallShield Installation Information\{D7E04009-B191-4E9D-9D2D-1BBE57BD8A42}\setup.exe -runfromtemp -l0x0409
Visual C++ CRT 9.0 SP1-->MsiExec.exe /I{EC25B803-4BDB-47F7-B877-FCE7D7966C0F}
VSClassic-->MsiExec.exe /I{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}
VSPro-->MsiExec.exe /I{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WD Drive Manager (x86)-->MsiExec.exe /X{E934E2A2-BE3B-4C1A-A3D9-753FFB2B38B4}
WinDjView 1.0.3-->C:\Program Files\WinDjView\uninstall.exe
Windows Driver Package - ITE Tech.Inc. (itecir) HIDClass (04/20/2007 5.0.0001.2)-->C:\PROGRA~1\DIFX\F46A63020E122F0A\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\itecir.inf_05ecfc6d\itecir.inf
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinFlash-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe" -l0x9
Wireless Console 2-->C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\SETUP.exe -runfromtemp -l0x0009 -removeonly
Youtube Downloader HD v. 2.1.4-->"C:\Program Files\Youtube Downloader HD\unins000.exe"

======System event log======

Computer Name: Smart
Event Code: 7036
Message: Stav služby Podpora rozhraní NetBIOS nad protokolem TCP/IP byl změněn na: Spuštěno
Record Number: 251500
Source Name: Service Control Manager
Time Written: 20100621200953.000000-000
Event Type: Informace
User:

Computer Name: Smart
Event Code: 7036
Message: Stav služby Platforma WDF (Windows Driver Foundation) – platforma ovladače v uživatelském režimu byl změněn na: Spuštěno
Record Number: 251499
Source Name: Service Control Manager
Time Written: 20100621200953.000000-000
Event Type: Informace
User:

Computer Name: Smart
Event Code: 7036
Message: Stav služby Služba Vstupní panel počítače Tablet PC byl změněn na: Spuštěno
Record Number: 251498
Source Name: Service Control Manager
Time Written: 20100621200953.000000-000
Event Type: Informace
User:

Computer Name: Smart
Event Code: 7036
Message: Stav služby Správce zabezpečení účtů byl změněn na: Spuštěno
Record Number: 251497
Source Name: Service Control Manager
Time Written: 20100621200953.000000-000
Event Type: Informace
User:

Computer Name: Smart
Event Code: 7036
Message: Stav služby Správce relací správce oken plochy byl změněn na: Spuštěno
Record Number: 251496
Source Name: Service Control Manager
Time Written: 20100621200953.000000-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: Smart
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 7496
Source Name: Microsoft-Windows-WMI
Time Written: 20080423102507.000000-000
Event Type: Informace
User:

Computer Name: Smart
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 7495
Source Name: Microsoft-Windows-WMI
Time Written: 20080423102506.000000-000
Event Type: Informace
User:

Computer Name: Smart
Event Code: 0
Message:
Record Number: 7494
Source Name: RegSrvc
Time Written: 20080423102506.000000-000
Event Type: Informace
User:

Computer Name: Smart
Event Code: 0
Message:
Record Number: 7493
Source Name: Nero BackItUp Scheduler 3
Time Written: 20080423102506.000000-000
Event Type: Informace
User:

Computer Name: Smart
Event Code: 4
Message: The LightScribe Service started successfully.
Record Number: 7492
Source Name: LightScribeService
Time Written: 20080423102505.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: Smart
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SMART$
Doména účtu: NEJDE.NET
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x348
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 79576
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100303230002.618000-000
Event Type: Úspěch auditu
User:

Computer Name: Smart
Event Code: 4648
Message: Došlo k pokusu o přihlášení pomocí explicitního pověření.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SMART$
Doména účtu: NEJDE.NET
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Účet, jehož pověření bylo použito:
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Cílový server:
Název cílového serveru: localhost
Další informace: localhost

Informace o procesu:
ID procesu: 0x348
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Síťová adresa: -
Port: -

Tato událost je generována, pokud se proces pokusí přihlásit k účtu explicitním zadáním pověření tohoto účtu. K tomu nejčastěji dochází v dávkových konfiguracích, například naplánovaných úlohách, nebo při použití příkazu RUNAS.
Record Number: 79575
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100303230002.618000-000
Event Type: Úspěch auditu
User:

Computer Name: Smart
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 79574
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100303230001.938000-000
Event Type: Úspěch auditu
User:

Computer Name: Smart
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SMART$
Doména účtu: NEJDE.NET
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x348
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 79573
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100303230001.938000-000
Event Type: Úspěch auditu
User:

Computer Name: Smart
Event Code: 4648
Message: Došlo k pokusu o přihlášení pomocí explicitního pověření.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SMART$
Doména účtu: NEJDE.NET
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Účet, jehož pověření bylo použito:
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Cílový server:
Název cílového serveru: localhost
Další informace: localhost

Informace o procesu:
ID procesu: 0x348
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Síťová adresa: -
Port: -

Tato událost je generována, pokud se proces pokusí přihlásit k účtu explicitním zadáním pověření tohoto účtu. K tomu nejčastěji dochází v dávkových konfiguracích, například naplánovaných úlohách, nebo při použití příkazu RUNAS.
Record Number: 79572
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100303230001.938000-000
Event Type: Úspěch auditu
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ulead Systems\MPEG
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"configsetroot"=%SystemRoot%\ConfigSetRoot
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Zatím děkuji provedu zase až budu u zavirovaného PC dnes večer.

Ok

Připojuji log z combofix a prosím o kontrolu . Zatím za všechny rady moc děkuji. PC běží bez hlášek.

ComboFix 11-02-08.02 - MAMINKA 08.02.2011 20:34:56.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2047.1047 [GMT 1:00]
Spuštěný z: e:\install\ComboFix\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\hdusb.sys
c:\windows\UA000106.DLL

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_HDUSB


((((((((((((((((((((((((( Soubory vytvořené od 2011-01-08 do 2011-02-08 )))))))))))))))))))))))))))))))
.

2011-02-08 19:51 . 2011-02-08 20:01 -------- d-----w- c:\users\MAMINKA\AppData\Local\temp
2011-02-08 19:51 . 2011-02-08 19:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-08 11:45 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F416D5B4-3CF5-4D40-9095-8DE3D9E0BAAB}\mpengine.dll
2011-02-05 16:23 . 2011-02-05 16:23 -------- d-----w- C:\rsit
2011-02-05 16:23 . 2011-02-05 16:23 -------- d-----w- c:\program files\trend micro
2011-02-05 09:14 . 2011-02-05 09:14 -------- d-----w- c:\users\MAMINKA\AppData\Roaming\Malwarebytes
2011-02-05 09:14 . 2011-02-05 09:14 -------- d-----w- c:\programdata\Malwarebytes
2011-02-05 09:14 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-05 09:14 . 2011-02-08 19:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-05 09:14 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-04 18:20 . 2011-02-04 18:21 -------- d-----w- C:\bd_logs
2011-01-12 11:24 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 11:24 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 11:24 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 11:24 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 11:24 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 11:24 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 11:24 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-08 20:01 . 2007-10-06 06:03 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-01-04 19:22 . 2010-12-01 19:24 5018 --sha-w- c:\programdata\KGyGaAvL.sys
2010-12-01 19:24 . 2010-12-01 19:24 88 --sh--r- c:\programdata\2103A9DFCD.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-08 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 4423680]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-08 33048]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"Skytel"="Skytel.exe" [2007-03-16 1822720]
"Spamihilator"="c:\program files\Spamihilator\spamihilator.exe" [2008-12-23 1321984]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-16 430080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-02 13789728]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2010-05-17 105632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Free Uploader Oe Integration"=c:\program files\Free Download Manager\FUM\fumoei.exe
"Free Upload Manager"="c:\program files\Free Download Manager\fum\fum.exe" -autorun
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"Skype"="c:\program files\Skype\\Phone\Skype.exe" /nosplash /minimized
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"SMSERIAL"=c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
"ASUS Camera ScreenSaver"=c:\windows\ASScrProlog.exe
"ASUS Screen Saver Protector"=c:\windows\ASScrPro.exe
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" /auto
"OrderReminder"=c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe
"HPUsageTracking"=c:\program files\Hewlett-Packard\HP UT\bin\hppusg.exe "c:\program files\Hewlett-Packard\HP UT\"
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"PowerForPhone"=c:\program files\PowerForPhone\PowerForPhone.exe
"AcronisTimounterMonitor"=c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01v32.sys [2007-03-15 48128]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2009-09-04 16456]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2009-09-04 11088]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2007-05-04 208896]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive partition driver; [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-31 114984]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-31 134024]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-31 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-03-31 96896]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2009-09-23 150528]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2007-04-19 24576]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-05-16 102400]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2007-10-06 12800]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-04-20 47616]
S3 Ltn_hyd7700pc;TV tuner device ;c:\windows\system32\Drivers\Ltn_hyd7700pc.sys [2007-05-18 374144]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-05-30 1260672]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2011-02-08 c:\windows\Tasks\User_Feed_Synchronization-{40F58076-F3E6-4A59-B17D-F6A783B6079F}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\users\MAMINKA\AppData\Roaming\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\users\MAMINKA\AppData\Roaming\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\users\MAMINKA\AppData\Roaming\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\users\MAMINKA\AppData\Roaming\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\users\MAMINKA\AppData\Roaming\LangSoft\WebIE.dll
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\Free Download Manager\FUM\fumiebtn.dll
TCP: {508F1222-51AC-408A-B9CF-05E2DC109E96} = 192.168.0.1
DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} - hxxp://adisepo.mfcr.cz/adistc/adis/idpr_pub/xspa/bin/cryptsignx_1015.cab
FF - ProfilePath - c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-08 21:04
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


C:\ADSM_PData_0150

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(5728)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
c:\program files\Mediafour\MacDrive 8\MDVolumeIcons.dll
c:\program files\Mediafour\MacDrive 8\MACDRAPI.DLL
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\HP1005MC.EXE
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\conime.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATKOSD2\ATKOSD2.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\servicing\TrustedInstaller.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2011-02-08 21:09:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-08 20:09

Před spuštěním: Volných bajtů: 67 231 035 392
Po spuštění: Volných bajtů: 66 903 920 640

- - End Of File - - DD1E23E8D1387EB091E624DF179E9BA8

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  File::
  c:\programdata\2103A9DFCD.sys
  
  Driver::
  2103A9DFCD
  ICQ Service
  
  Folder::
  c:\program files\ICQ6Toolbar
  c:\windows\Tasks\User_Feed_Synchronization-{40F58076-F3E6-4A59-B17D-F6A783B6079F}.job
  
  Firefox::
  FF - ProfilePath - c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\
  FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.7&q=
  FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
  FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "ICQ"=-
  "WMPNSCFG"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Adobe Reader Speed Launcher"=-
  "Adobe ARM"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
  "DisableMonitoring"=dword:00000000
  [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
  [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Zatím děkuji provedu zase večer.

jj jasny

Tak vše proběhlo OK . Připojuji druhý log z ComboFix:

ComboFix 11-02-08.02 - MAMINKA 09.02.2011 19:48:03.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2047.915 [GMT 1:00]
Spuštěný z: e:\install\ComboFix\ComboFix.exe
Použité ovládací přepínače :: c:\users\MAMINKA\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\programdata\2103A9DFCD.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\ICQ6Toolbar\voucher.bmp
c:\program files\ICQ6Toolbar\voucher2.bmp
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components\ITB_History.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\user.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\icqtoolbar.jar
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\install.rdf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\manifest.mf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.rsa
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.sf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.gif
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.src
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.xml
c:\programdata\2103A9DFCD.sys
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components\ITB_History.js
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\prefs.js
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\user.js
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome.manifest
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\about.dtd
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\about.xul
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\autocomplete.xml
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\exitobserver.js
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\globals.js
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\highlight.js
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtabs.css
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtabs.js
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtoolbar.js
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtoolbar.xul
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\bgLarge.gif
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\bgSmall.gif
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\buttonBlue.gif
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\buttonGreen.gif
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\searchLogo.gif
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\localfileupdate.js
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\menu-button.xml
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab.html
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_bg.html
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_cz.html
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_de.html
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_en.html
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_es.html
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_fr.html
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_he.html
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_it.html
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_ru.html
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_sk.html
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_tr.html
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_uk.html
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\options.js
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\options.xul
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\parsegamesxml.js
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\parsemenuxml.js
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\peoplesearch.js
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\peoplesearch.xul
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\prefutils.js
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\search.js
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\splitter.xml
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\statistics.js
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\tabcontext.js
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\utilities.js
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\voucher.js
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\zoom.js
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\icq_locale.dtd
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\itb.properties
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\itb_options.dtd
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\options.properties
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\icq_locale.dtd
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\itb.properties
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\itb_options.dtd
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\options.properties
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\icq_locale.dtd
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\itb.properties
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\itb_options.dtd
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\options.properties
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\icq_locale.dtd
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\itb.properties
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\itb_options.dtd
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\options.properties
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\icq_locale.dtd
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\itb.properties
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\itb_options.dtd
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\options.properties
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\icq_locale.dtd
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\itb.properties
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\itb_options.dtd
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\options.properties
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\icq_locale.dtd
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\itb.properties
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\itb_options.dtd
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\options.properties
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\icq_locale.dtd
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\itb.properties
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\itb_options.dtd
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\options.properties
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\icq_locale.dtd
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\itb.properties
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\itb_options.dtd
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\options.properties
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\icq_locale.dtd
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\itb.properties
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\itb_options.dtd
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\options.properties
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\icq_locale.dtd
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\itb.properties
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\itb_options.dtd
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\options.properties
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\about.css
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\abt.png
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\ain.png
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\ang.png
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\default.css
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\dis.png
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\dropmarker.css
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\hide.png
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\icons.png
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\logo_small.gif
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\more_vouchers_r.png
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\more_vouchers_y.png
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\options.css
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\peoplesearch.css
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\voucher_bg.png
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\voucher_bg_y.png
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\install.rdf
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\manifest.mf
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.rsa
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.sf
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.gif
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.src
c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.xml

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ICQ Service


((((((((((((((((((((((((( Soubory vytvořené od 2011-01-09 do 2011-02-09 )))))))))))))))))))))))))))))))
.

2011-02-09 19:05 . 2011-02-09 19:14 -------- d-----w- c:\users\MAMINKA\AppData\Local\temp
2011-02-09 19:05 . 2011-02-09 19:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-08 11:45 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F416D5B4-3CF5-4D40-9095-8DE3D9E0BAAB}\mpengine.dll
2011-02-05 16:23 . 2011-02-05 16:23 -------- d-----w- C:\rsit
2011-02-05 16:23 . 2011-02-05 16:23 -------- d-----w- c:\program files\trend micro
2011-02-05 09:14 . 2011-02-05 09:14 -------- d-----w- c:\users\MAMINKA\AppData\Roaming\Malwarebytes
2011-02-05 09:14 . 2011-02-05 09:14 -------- d-----w- c:\programdata\Malwarebytes
2011-02-05 09:14 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-05 09:14 . 2011-02-08 19:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-05 09:14 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-04 18:20 . 2011-02-04 18:21 -------- d-----w- C:\bd_logs
2011-01-12 11:24 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 11:24 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 11:24 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 11:24 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 11:24 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 11:24 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 11:24 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 19:14 . 2007-10-06 06:03 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-01-04 19:22 . 2010-12-01 19:24 5018 --sha-w- c:\programdata\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-08 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 4423680]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-08 33048]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"Skytel"="Skytel.exe" [2007-03-16 1822720]
"Spamihilator"="c:\program files\Spamihilator\spamihilator.exe" [2008-12-23 1321984]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-16 430080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-02 13789728]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2010-05-17 105632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Free Uploader Oe Integration"=c:\program files\Free Download Manager\FUM\fumoei.exe
"Free Upload Manager"="c:\program files\Free Download Manager\fum\fum.exe" -autorun
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"Skype"="c:\program files\Skype\\Phone\Skype.exe" /nosplash /minimized
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"SMSERIAL"=c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
"ASUS Camera ScreenSaver"=c:\windows\ASScrProlog.exe
"ASUS Screen Saver Protector"=c:\windows\ASScrPro.exe
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" /auto
"OrderReminder"=c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe
"HPUsageTracking"=c:\program files\Hewlett-Packard\HP UT\bin\hppusg.exe "c:\program files\Hewlett-Packard\HP UT\"
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"PowerForPhone"=c:\program files\PowerForPhone\PowerForPhone.exe
"AcronisTimounterMonitor"=c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01v32.sys [2007-03-15 48128]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2009-09-04 16456]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2009-09-04 11088]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2007-05-04 208896]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive partition driver; [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-31 114984]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-31 134024]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-31 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-03-31 96896]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2009-09-23 150528]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2007-04-19 24576]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-05-16 102400]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2007-10-06 12800]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-04-20 47616]
S3 Ltn_hyd7700pc;TV tuner device ;c:\windows\system32\Drivers\Ltn_hyd7700pc.sys [2007-05-18 374144]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-05-30 1260672]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2011-02-09 c:\windows\Tasks\User_Feed_Synchronization-{40F58076-F3E6-4A59-B17D-F6A783B6079F}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\users\MAMINKA\AppData\Roaming\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\users\MAMINKA\AppData\Roaming\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\users\MAMINKA\AppData\Roaming\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\users\MAMINKA\AppData\Roaming\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\users\MAMINKA\AppData\Roaming\LangSoft\WebIE.dll
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\Free Download Manager\FUM\fumiebtn.dll
TCP: {508F1222-51AC-408A-B9CF-05E2DC109E96} = 192.168.0.1
DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} - hxxp://adisepo.mfcr.cz/adistc/adis/idpr_pub/xspa/bin/cryptsignx_1015.cab
FF - ProfilePath - c:\users\MAMINKA\AppData\Roaming\Mozilla\Firefox\Profiles\088nxp34.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-09 20:14
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(1652)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\windows\system32\WLANExt.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\HP1005MC.EXE
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\windows\System32\TUProgSt.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATKOSD2\ATKOSD2.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\windows\system32\conime.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\DllHost.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2011-02-09 20:21:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-09 19:21
ComboFix2.txt 2011-02-08 20:09

Před spuštěním: Volných bajtů: 67 540 008 960
Po spuštění: Volných bajtů: 66 691 723 264

- - End Of File - - AA08C769B35EF8D7BF1FAA50FA11C915

Jak se chova PC

Prověřil jsem snad vše a PC se chová dobře. Moc děkuju za vyřešení problému . Je dobré, že existujou takoví lidičky, jako jste vy.