VIRY.CZ

Seká mi pc ked otvaram nejake zlozky alebo programy...pomaly nacitava stranky...

Tu je moj RSIT

Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2011-02-17 21:35:26
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 39 GB (33%) free of 120 GB
Total RAM: 3071 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:36:40, on 17.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\svgtred.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Documents and Settings\Administrator\Dokumenty\Stiahnuté\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Zástupce - egui.lnk = C:\Program Files\ESET\ESET Smart Security\egui.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F73A715-6CD0-4D1F-99DA-CA466FF15804}: NameServer = 192.168.0.1
O20 - Winlogon Notify: Aspwdflt - C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: SRS Volume Sync Service (SRS_VolSync_Service) - SRS Labs, Inc. - C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
O23 - Service: svgtred - Unknown owner - C:\WINDOWS\system32\drivers\svgtred.exe

--
End of file - 6513 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"DrvIcon"=C:\Program Files\Vista Drive Icon\DrvIcon.exe [2008-04-13 49152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
"fsm"= []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACMON]
C:\Program Files\ASUS\Splendid\ACMON.exe [2009-06-16 540672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe [2008-03-31 266240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
C:\WINDOWS\AsScrProlog.exe [2010-02-03 47672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-11-30 51768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\WINDOWS\AsScrPro.exe [2010-02-03 3054136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKHOTKEY]
C:\Program Files\ASUS\ATK Hotkey\HControl.exe [2009-04-23 178744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
C:\Program Files\ASUS\ATK Media\DMedia.exe [2008-06-24 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
C:\Program Files\ATKOSD2\ATKOSD2.exe [2008-01-23 7766016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-10-28 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-04-09 2029640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDWare]
C:\Program Files\Elantech\ETDCtrl.exe [2009-04-21 534528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [2009-04-01 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2009-04-30 33619968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6.5\ICQ.exe silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft WinUpdate]
C:\WINDOWS\system32\msupdatgms.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net4Switch]
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe [2007-11-20 1145400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power_Gear]
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2006-07-26 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
E:\Rockstar Games\Gta 4\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe /silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-04-09 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2010-11-17 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 2]
C:\Program Files\Wireless Console 2\wcourier.exe [2007-07-05 1040384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Thoosje Sevenbar.lnk]
C:\Program Files\Thoosje\thoosje sevenbar\Thoosje Sevenbar.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Zástupce - Thoosje Sevenbar.lnk]
C:\Program Files\Thoosje\thoosje sevenbar\Thoosje Sevenbar.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^FancyStart daemon.lnk]
C:\WINDOWS\Installer\{567C654B-7FE9-4970-8323-56E8191D1941}\_71A97E24F422AA49EDBF39.exe [2010-02-03 12862]

C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
Zástupce - egui.lnk - C:\Program Files\ESET\ESET Smart Security\egui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Aspwdflt]
C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll [2008-04-19 1556480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-04-10 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
"notification packages"=scecli
C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Documents and Settings\Administrator\Dokumenty\Stiahnuté\WAW_FULLRIP_KENSHI\Call.of.Duty.World.at.War.Full-Rip.Skullptura\Call of Duty - World at War\CoDWaW.exe"="C:\Documents and Settings\Administrator\Dokumenty\Stiahnuté\WAW_FULLRIP_KENSHI\Call.of.Duty.World.at.War.Full-Rip.Skullptura\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"C:\Documents and Settings\Administrator\Dokumenty\Stiahnuté\WAW_FULLRIP_KENSHI\Call.of.Duty.World.at.War.Full-Rip.Skullptura\Call of Duty - World at War\CoDWaWmp.exe"="C:\Documents and Settings\Administrator\Dokumenty\Stiahnuté\WAW_FULLRIP_KENSHI\Call.of.Duty.World.at.War.Full-Rip.Skullptura\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"E:\Moto GP 08\Launcher.exe"="E:\Moto GP 08\Launcher.exe:*:Enabled:MotoGP 08"
"C:\Program Files\Valve\Half-Life 2\hl2.exe"="C:\Program Files\Valve\Half-Life 2\hl2.exe:*:Enabled:Half-Life_2"
"C:\Program Files\Electronic Arts\Medal of Honor MP Beta\MoHMPUpdater.exe"="C:\Program Files\Electronic Arts\Medal of Honor MP Beta\MoHMPUpdater.exe:*:Enabled:Medal of Honor™ MP Beta"
"E:\Juiced2_HIN.exe"="E:\Juiced2_HIN.exe:*:Enabled:Juiced2_HIN"
"E:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="E:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"E:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="E:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\0.41687047357725493.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\0.41687047357725493.exe:*:Enabled:ldrsoft"
"C:\Documents and Settings\Administrator\Data aplikací\download2\svcnost.exe"="C:\Documents and Settings\Administrator\Data aplikací\download2\svcnost.exe:*:Enabled:ldrsoft"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"E:\Turning.Point.Fall.of.Liberty-RELOADED\Binaries\LTCG-TPGame.exe"="E:\Turning.Point.Fall.of.Liberty-RELOADED\Binaries\LTCG-TPGame.exe:*:Enabled:Turning Point: Fall of Liberty"
"E:\James Cameron's AVATAR - THE GAME\bin\Avatar.exe"="E:\James Cameron's AVATAR - THE GAME\bin\Avatar.exe:*:Enabled:James Cameron's Avatar: The Game"
"E:\Battlefield.Bad.Company.2-RELOADED\BFBC2Updater.exe"="E:\Battlefield.Bad.Company.2-RELOADED\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"E:\Call.Of.Duty.World.At.War-RELOADED\CoDWaW-lanfix 1.5.exe"="E:\Call.Of.Duty.World.At.War-RELOADED\CoDWaW-lanfix 1.5.exe:*:Enabled:Call of Duty(R): World at War Campaign/Coop"
"E:\GTA.IV-ArenaBG\Grand Theft Auto IV\GTAIV.exe"="E:\GTA.IV-ArenaBG\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe"="C:\Program Files\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands"
"C:\Program Files\Electronic Arts\MoHMPUpdater.exe"="C:\Program Files\Electronic Arts\MoHMPUpdater.exe:*:Enabled:Medal of Honor™ MP Open Beta"
"C:\Program Files\Electronic Arts\MoHMPGame.exe"="C:\Program Files\Electronic Arts\MoHMPGame.exe:*:Enabled:Medal of Honor: Multiplayer"
"E:\MOH\Binaries\moh.exe"="E:\MOH\Binaries\moh.exe:*:Enabled:Medal of Honor™"
"C:\Program Files\Ubisoft\The Settlers 7 - Paths to a Kingdom\server.exe"="C:\Program Files\Ubisoft\The Settlers 7 - Paths to a Kingdom\server.exe:*:Enabled:server"
"E:\Assassin's Creed II\AssassinsCreedIIGame.exe"="E:\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:AssassinsCreedIIGame"
"E:\Call of Duty - Black Ops\BlackOpsMP.exe"="E:\Call of Duty - Black Ops\BlackOpsMP.exe:*:Enabled:BlackOpsMP"
"E:\Call of Duty - Black Ops\BlackOps.exe"="E:\Call of Duty - Black Ops\BlackOps.exe:*:Enabled:BlackOps"
"E:\Need For Speed Hot Porsuit\Launcher.exe"="E:\Need For Speed Hot Porsuit\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit"
"E:\Need For Speed Hot Porsuit\NFS11.exe"="E:\Need For Speed Hot Porsuit\NFS11.exe:*:Enabled:Need for Speed(TM) Hot Pursuit Application"
"E:\L4D_FULL_CSMANIA.RU\Left4Dead\hl2.exe"="E:\L4D_FULL_CSMANIA.RU\Left4Dead\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\Moto GP 2\motogp2.exe"="E:\Moto GP 2\motogp2.exe:*:Enabled:motogp2"
"C:\Program Files\Left4Dead2\left4dead2.exe"="C:\Program Files\Left4Dead2\left4dead2.exe:*:Enabled:left4dead2"
"E:\Lord Of The Rings Battle For Middle Earth\game.dat"="E:\Lord Of The Rings Battle For Middle Earth\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"C:\Program Files\MotoGP2\motogp2.exe"="C:\Program Files\MotoGP2\motogp2.exe:*:Enabled:motogp2"
"C:\Program Files\Counter Strike 1.6 Reloaded\hl.exe"="C:\Program Files\Counter Strike 1.6 Reloaded\hl.exe:*:Enabled:Half-Life Launcher"
"E:\Counter Strike 1.6\hl.exe"="E:\Counter Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"E:\Counter-Strike Source\hl2.exe"="E:\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"E:\Brothers in Arms - Hells Highway\Brothers in Arms - Hell's Highway\Binaries\biahh.exe"="E:\Brothers in Arms - Hells Highway\Brothers in Arms - Hell's Highway\Binaries\biahh.exe:*:Enabled:biahh"
"C:\Documents and Settings\Administrator\Plocha\czero\czero\czero.exe"="C:\Documents and Settings\Administrator\Plocha\czero\czero\czero.exe:*:Enabled:Condition Zero Launcher"
"C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\hl.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX1\hl.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX1\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Counter-Strike 1.6 ZCP\hl.exe"="C:\Program Files\Counter-Strike 1.6 ZCP\hl.exe:*:Enabled:Half-Life Launcher"
"E:\DEAD SPACE\Dead Space.exe"="E:\DEAD SPACE\Dead Space.exe:*:Enabled:Dead Space ™"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\0.45489276021653224.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\0.45489276021653224.exe:*:Enabled:ldrsoft"
"C:\Documents and Settings\Administrator\Data aplikací\njxhcjcf1irmxrcffocssphyut1wavh2\csrss.exe"="C:\Documents and Settings\Administrator\Data aplikací\njxhcjcf1irmxrcffocssphyut1wavh2\csrss.exe:*:Enabled:ldrsoft"
"E:\Assassin's Creed II\New Folder\server.exe"="E:\Assassin's Creed II\New Folder\server.exe:*:Enabled:ServerEmuUbi"
"H:\hry\Dragon Age\bin_ship\daorigins.exe"="H:\hry\Dragon Age\bin_ship\daorigins.exe:*:Disabled:Dragon Age: Origins"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2011-02-17 21:16:32 ----D---- C:\WINDOWS\LastGood
2011-02-17 19:46:36 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Spy Defy
2011-02-17 19:45:32 ----D---- C:\Program Files\TopPCTools AntiSpyware
2011-02-16 20:58:22 ----A---- C:\58852.user.js
2011-02-16 15:32:19 ----D---- C:\WINDOWS\A7E07C2B2220441587E3784D5814BC93.TMP
2011-02-16 09:22:46 ----D---- C:\Program Files\Disney Interactive Studios
2011-02-15 16:46:48 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2011-02-15 16:46:37 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-02-15 16:46:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-02-15 16:46:33 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-02-15 16:46:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-02-15 16:41:30 ----D---- C:\rsit
2011-02-15 16:41:30 ----D---- C:\Program Files\trend micro
2011-02-14 15:06:54 ----D---- C:\Documents and Settings\Administrator\Data aplikací\njxhcjcf1irmxrcffocssphyut1wavh2
2011-02-13 19:34:42 ----A---- C:\WINDOWS\system32\drivers\svgtred.exe
2011-02-13 19:34:42 ----A---- C:\WINDOWS\keys.ini
2011-02-12 10:28:05 ----D---- C:\Documents and Settings\Administrator\Data aplikací\DVDVideoSoftIEHelpers
2011-02-12 10:07:34 ----D---- C:\WINDOWS\Sun
2011-02-11 14:09:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2011-02-11 14:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2485376$
2011-02-11 14:09:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2479628$
2011-02-11 14:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2011-02-11 14:06:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2476687$
2011-02-11 14:06:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2482017$
2011-02-11 14:06:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2011-02-11 14:05:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2011-02-10 15:22:38 ----D---- C:\Program Files\Elaborate Bytes
2011-01-31 18:42:13 ----N---- C:\WINDOWS\system32\spmsg.dll
2011-01-30 18:12:56 ----D---- C:\WINDOWS\048298C9A4D3490B9FF9AB023A9238F3.TMP
2011-01-30 17:49:50 ----D---- C:\Program Files\Counter-Strike 1.6 ZCP
2011-01-27 11:25:37 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\SecuROM

======List of files/folders modified in the last 1 months======

2011-02-17 21:36:42 ----D---- C:\WINDOWS\Temp
2011-02-17 21:36:20 ----D---- C:\WINDOWS\Prefetch
2011-02-17 21:20:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-02-17 21:17:38 ----D---- C:\WINDOWS
2011-02-17 21:16:32 ----D---- C:\WINDOWS\system32
2011-02-17 21:16:21 ----D---- C:\WINDOWS\system32\CatRoot2
2011-02-17 21:11:30 ----D---- C:\WINDOWS\system32\config
2011-02-17 21:11:08 ----D---- C:\WINDOWS\system32\wbem
2011-02-17 21:11:07 ----D---- C:\WINDOWS\Registration
2011-02-17 21:10:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-02-17 21:10:40 ----D---- C:\WINDOWS\system32\Restore
2011-02-17 19:45:32 ----D---- C:\Program Files
2011-02-17 18:26:37 ----D---- C:\Documents and Settings\Administrator\Data aplikací\vlc
2011-02-17 18:09:22 ----D---- C:\Program Files\Common Files
2011-02-17 17:57:08 ----D---- C:\WINDOWS\system32\drivers
2011-02-17 16:57:28 ----SHD---- C:\WINDOWS\Installer
2011-02-17 16:56:46 ----D---- C:\Program Files\CCleaner
2011-02-17 16:00:17 ----HD---- C:\Config.Msi
2011-02-17 16:00:10 ----D---- C:\WINDOWS\system32\DirectX
2011-02-17 16:00:09 ----HD---- C:\WINDOWS\inf
2011-02-17 15:59:44 ----RSD---- C:\WINDOWS\assembly
2011-02-17 15:12:40 ----D---- C:\Program Files\Steam
2011-02-17 15:07:56 ----D---- C:\WINDOWS\pss
2011-02-17 15:07:53 ----RSH---- C:\boot.ini
2011-02-17 15:07:53 ----A---- C:\WINDOWS\win.ini
2011-02-17 15:07:53 ----A---- C:\WINDOWS\system.ini
2011-02-17 06:33:54 ----D---- C:\Program Files\Mozilla Firefox
2011-02-17 06:30:18 ----D---- C:\WINDOWS\system32\ias
2011-02-16 16:22:44 ----D---- C:\Documents and Settings\Administrator\Data aplikací\dvdcss
2011-02-16 15:32:10 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-02-16 09:23:03 ----HD---- C:\Program Files\InstallShield Installation Information
2011-02-16 06:51:07 ----D---- C:\WINDOWS\system32\drivers\etc
2011-02-15 18:48:26 ----D---- C:\Documents and Settings\Administrator\Data aplikací\BitTorrent
2011-02-15 18:23:44 ----A---- C:\WINDOWS\NeroDigital.ini
2011-02-15 17:12:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2011-02-15 15:36:35 ----D---- C:\Program Files\Thoosje
2011-02-15 14:08:27 ----D---- C:\Program Files\Winamp
2011-02-15 14:05:29 ----D---- C:\WINDOWS\system32\Side 9 Screensaver dir
2011-02-15 14:01:23 ----D---- C:\Program Files\Google
2011-02-15 14:00:40 ----D---- C:\WINDOWS\Minidump
2011-02-15 13:50:43 ----D---- C:\Program Files\Common Files\Nero
2011-02-15 13:41:16 ----D---- C:\Program Files\Nero
2011-02-13 20:52:39 ----D---- C:\WINDOWS\Debug
2011-02-11 14:06:58 ----A---- C:\WINDOWS\system32\MRT.exe
2011-02-11 14:04:26 ----HD---- C:\WINDOWS\$hf_mig$
2011-02-10 22:19:06 ----D---- C:\WINDOWS\Microsoft.NET
2011-02-10 16:06:05 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Nero
2011-02-10 15:57:42 ----D---- C:\WINDOWS\Cursors
2011-02-10 15:48:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero
2011-02-10 15:45:32 ----D---- C:\WINDOWS\WinSxS
2011-02-01 20:17:23 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2011-02-01 12:28:34 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2011-02-01 12:28:29 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2011-02-01 12:28:27 ----A---- C:\WINDOWS\system32\pbsvc.exe
2011-01-31 18:44:25 ----D---- C:\Program Files\BitTorrent
2011-01-31 18:42:13 ----D---- C:\WINDOWS\system32\CatRoot
2011-01-31 12:05:08 ----D---- C:\Documents and Settings\Administrator\Data aplikací\download2
2011-01-31 11:53:29 ----D---- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2011-01-30 17:48:21 ----D---- C:\Program Files\Share Rapid Uploader
2011-01-29 10:16:36 ----D---- C:\Program Files\Opera
2011-01-23 11:08:24 ----D---- C:\Program Files\Unlocker
2011-01-22 11:12:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Ubisoft
2011-01-22 10:52:55 ----D---- C:\Fraps
2011-01-21 15:44:07 ----A---- C:\WINDOWS\system32\shimgvw.dll
2011-01-21 15:44:07 ----A---- C:\WINDOWS\system32\shell32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AsDsm;AsDsm; C:\WINDOWS\system32\drivers\AsDsm.sys [2007-08-10 29752]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-03-03 48640]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-02-23 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-12-03 20544]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-02-05 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-04-09 107256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-04-09 55768]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-06-09 281760]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-04-09 113960]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-04-09 133000]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-06-09 25888]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2009-02-13 1503840]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer; \??\D:\I386\AsProcOb.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-04-10 3644416]
R3 CRFILTER;USB Mass Storage Filter; C:\WINDOWS\system32\DRIVERS\CRFILTER.sys [2008-04-07 6656]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-04-09 33096]
R3 ETD;ELAN PS/2 Port Input Device; C:\WINDOWS\system32\DRIVERS\ETD.sys [2009-04-21 89856]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 kbfiltr;Keyboard Filter; C:\WINDOWS\system32\DRIVERS\kbfiltr.sys [2008-11-03 13880]
R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2008-02-14 1389056]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2007-08-24 5760]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-14 163584]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2008-08-11 1752704]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound; C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys [2009-04-01 233128]
R3 usbfilter;AMD USB Filter Driver; C:\WINDOWS\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2009-04-28 1131264]
S3 a84gsyxn;a84gsyxn; C:\WINDOWS\system32\drivers\a84gsyxn.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2008-03-31 225280]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-04-10 602112]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-04-09 731840]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-02-01 66872]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
R2 SRS_VolSync_Service;SRS Volume Sync Service; C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [2009-04-07 70880]
R2 svgtred;svgtred; C:\WINDOWS\system32\drivers\svgtred.exe [2011-02-13 77312]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-19 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-04-09 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-11-24 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Zdravím, smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém



Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.


P.S. nedávej logy do CODE, blbě se to čte.

ComboFix 11-02-17.01 - Administrator 18.02.2011 0:21.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.3071.2539 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\filesubmit\182384\182384.zip
c:\program files\filesubmit\182384\182384\VistaRTM.theme
c:\program files\filesubmit\182384\182384\VistaRTM\Shell\Aero\Shellstyle.dll
c:\program files\filesubmit\182384\182384\VistaRTM\Shell\Aero48\shellstyle.dll
c:\program files\filesubmit\182384\182384\VistaRTM\Shell\AeroMax\shellstyle.dll
c:\program files\filesubmit\182384\182384\VistaRTM\Shell\AeroMax48\shellstyle.dll
c:\program files\filesubmit\182384\182384\VistaRTM\Shell\Basic48\Shellstyle.dll
c:\program files\filesubmit\182384\182384\VistaRTM\Shell\NormalColor\Shellstyle.dll
c:\program files\filesubmit\182384\182384\VistaRTM\VistaRTM.msstyles
c:\program files\filesubmit\182640\182640.zip
c:\program files\filesubmit\182640\182640\aero_alfa.jpg
c:\program files\filesubmit\182640\182640\installer_aero_alfa.exe
c:\program files\filesubmit\182640\182640\ReadMe!!.txt
c:\program files\filesubmit\182640\182640\VastDown.co.nr.url
c:\program files\filesubmit\5248\5248.zip
c:\program files\filesubmit\5248\5248\XtremeXP\Readme [XtremeXP].htm
c:\program files\filesubmit\5248\5248\XtremeXP\Shell\Blue\shellstyle.dll
c:\program files\filesubmit\5248\5248\XtremeXP\Shell\NormalColor\shellstyle.dll
c:\program files\filesubmit\5248\5248\XtremeXP\UserAccount.bmp
c:\program files\filesubmit\5248\5248\XtremeXP\XboxUniverse.jpg
c:\program files\filesubmit\5248\5248\XtremeXP\XtremeXP.msstyles
c:\program files\filesubmit\74\74.zip
c:\program files\filesubmit\74\74\Black\Black.msstyles
c:\program files\filesubmit\74\74\Black\shell\normalcolor\shellstyle.dll
c:\program files\filesubmit\78856\78856.zip
c:\program files\filesubmit\78856\78856\Windows Black\CD.ico
c:\program files\filesubmit\78856\78856\Windows Black\Close Folder.ico
c:\program files\filesubmit\78856\78856\Windows Black\Default.ico
c:\program files\filesubmit\78856\78856\Windows Black\Desktop.ico
c:\program files\filesubmit\78856\78856\Windows Black\Drive.ico
c:\program files\filesubmit\78856\78856\Windows Black\Floppy.ico
c:\program files\filesubmit\78856\78856\Windows Black\Must Read.txt
c:\program files\filesubmit\78856\78856\Windows Black\My Computer.ico
c:\program files\filesubmit\78856\78856\Windows Black\My Documents1.ico
c:\program files\filesubmit\78856\78856\Windows Black\My Documents2.ico
c:\program files\filesubmit\78856\78856\Windows Black\My Music.ico
c:\program files\filesubmit\78856\78856\Windows Black\My Pictures.ico
c:\program files\filesubmit\78856\78856\Windows Black\My Video.ico
c:\program files\filesubmit\78856\78856\Windows Black\Network.ico
c:\program files\filesubmit\78856\78856\Windows Black\Open Folder.ico
c:\program files\filesubmit\78856\78856\Windows Black\Recycle Bin(Empty).ico
c:\program files\filesubmit\78856\78856\Windows Black\Recycle Bin(Full).ico
c:\program files\filesubmit\78856\78856\Windows Black\Run.ico
c:\program files\filesubmit\78856\78856\Windows Black\Text.ico
c:\program files\filesubmit\78856\78856\Windows Black\Windows Black.iconset
c:\windows\d.ini
c:\windows\keys.ini
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\twunk_32.exe
c:\windows\usgwmt\BReWErS.dll

.
((((((((((((((((((((((((( Files Created from 2011-01-17 to 2011-02-17 )))))))))))))))))))))))))))))))
.

2011-02-17 20:11 . 2011-02-17 20:11 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-17 18:46 . 2011-02-17 18:46 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Spy Defy
2011-02-17 18:45 . 2011-02-17 18:47 -------- d-----w- c:\program files\TopPCTools AntiSpyware
2011-02-16 14:32 . 2011-02-16 14:32 -------- d-----w- c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP
2011-02-16 11:21 . 2011-02-16 11:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\AliensVsPredator
2011-02-16 08:22 . 2011-02-16 08:22 -------- d-----w- c:\program files\Disney Interactive Studios
2011-02-15 15:46 . 2011-02-15 15:46 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2011-02-15 15:46 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-15 15:46 . 2011-02-15 15:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-02-15 15:46 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-15 15:46 . 2011-02-15 15:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-15 15:41 . 2011-02-17 20:36 -------- d-----w- c:\program files\trend micro
2011-02-15 15:41 . 2011-02-15 15:41 -------- d-----w- C:\rsit
2011-02-15 12:56 . 2011-02-15 12:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\uTorrentBar
2011-02-14 14:06 . 2011-02-15 16:09 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\njxhcjcf1irmxrcffocssphyut1wavh2
2011-02-13 18:34 . 2011-02-13 18:34 77312 ----a-w- c:\windows\system32\drivers\svgtred.exe
2011-02-12 09:28 . 2011-02-12 09:28 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\DVDVideoSoftIEHelpers
2011-02-12 09:07 . 2011-02-12 09:07 -------- d-----w- c:\windows\Sun
2011-02-11 14:34 . 2011-02-11 14:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Nero_AG
2011-02-10 14:22 . 2011-02-15 13:55 -------- d-----w- c:\program files\Elaborate Bytes
2011-01-30 17:12 . 2011-01-30 17:13 -------- d-----w- c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
2011-01-30 16:49 . 2011-02-17 17:48 -------- d-----w- c:\program files\Counter-Strike 1.6 ZCP
2011-01-29 21:47 . 2003-09-03 01:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2011-01-29 21:47 . 2011-01-29 21:47 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2011-01-29 21:47 . 2011-01-29 21:47 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2011-01-29 21:47 . 2003-09-03 01:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2011-01-29 21:47 . 2003-09-03 01:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2011-01-29 21:47 . 2003-09-03 01:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2011-01-29 21:47 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2011-01-27 10:25 . 2011-01-27 10:25 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\SecuROM
2011-01-21 14:44 . 2011-01-21 14:44 440320 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-01 19:17 . 2010-12-25 13:29 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-02-01 11:28 . 2010-02-07 17:06 22328 -c--a-w- c:\documents and settings\Administrator\Data aplikací\PnkBstrK.sys
2011-02-01 11:28 . 2010-02-07 17:06 22328 -c--a-w- c:\documents and settings\Administrator\Data aplikací\PnkBstrK.sys
2011-02-01 11:28 . 2010-02-07 17:06 22328 -c--a-w- c:\documents and settings\Administrator\Data aplikací\PnkBstrK.sys
2011-02-01 11:28 . 2010-02-07 17:06 22328 -c--a-w- c:\documents and settings\Administrator\Data aplikací\PnkBstrK.sys
2011-02-01 11:28 . 2010-02-07 16:44 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-02-01 11:28 . 2010-02-07 16:44 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-01 11:28 . 2010-02-07 16:44 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-02-01 11:28 . 2010-02-07 17:06 669184 ----a-w- c:\windows\system32\pbsvc.exe
2011-01-21 14:44 . 2004-08-17 13:49 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-11 14:19 . 2011-01-11 14:19 140288 ----a-w- c:\windows\system32\COMDLG32.htm
2011-01-07 14:09 . 2004-08-17 13:48 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2004-08-17 13:44 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-24 08:15 . 2010-12-24 08:15 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-12-22 12:34 . 2004-08-17 13:49 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 22:14 . 2004-08-17 13:49 668160 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 22:14 . 2004-08-03 20:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-12-20 22:14 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 22:13 . 2004-08-17 13:44 370176 ----a-w- c:\windows\system32\html.iec
2010-12-20 17:25 . 2004-08-17 13:49 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-09 15:15 . 2004-08-17 13:48 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2004-08-17 15:45 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2004-08-17 13:45 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2004-08-17 13:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-22 16:00 . 2010-12-09 22:47 394240 ----a-w- c:\windows\system32\madCHook.dll
.

------- Sigcheck -------

[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe
[7] 2004-08-17 . E9F9CD3C7F2E56505A0AC166580120E3 . 111104 . . [5.4.3790.2180] . . c:\windows\$NtServicePackUninstall$\wuauclt.exe

[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . D008D88ED7D047B78A504986DF5647EE . 832512 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2004-08-17 . 63E527C26AC3059EAD766C6C11746D07 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 16:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]
Z stupce - egui.lnk - c:\program files\ESET\ESET Smart Security\egui.exe [2009-4-9 2029640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Aspwdflt]
2008-04-19 22:11 1556480 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Thoosje Sevenbar.lnk]
path=c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\Thoosje Sevenbar.lnk
backup=c:\windows\pss\Thoosje Sevenbar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Zástupce - Thoosje Sevenbar.lnk]
path=c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\Zástupce - Thoosje Sevenbar.lnk
backup=c:\windows\pss\Zástupce - Thoosje Sevenbar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^FancyStart daemon.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\FancyStart daemon.lnk
backup=c:\windows\pss\FancyStart daemon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACMON]
2009-06-16 18:56 540672 -c--a-w- c:\program files\ASUS\Splendid\ACMON.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
2008-03-31 22:09 266240 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2010-02-03 14:36 47672 -c--a-w- c:\windows\AsScrProlog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
2007-11-30 10:20 51768 ----a-w- c:\program files\ASUS\ASUS Live Update\ALU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2010-02-03 14:36 3054136 -c--a-w- c:\windows\AsScrPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKHOTKEY]
2009-04-23 20:24 178744 -c--a-w- c:\program files\ASUS\ATK Hotkey\HControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2008-06-24 18:01 159744 -c--a-w- c:\program files\ASUS\ATK Media\DMedia.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2008-01-23 14:34 7766016 ----a-w- c:\program files\ATKOSD2\ATKOSD2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-10-28 15:25 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 07:52 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2009-04-09 14:17 2029640 ----a-w- c:\program files\ESET\ESET Smart Security\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDWare]
2009-04-21 19:03 534528 ----a-r- c:\program files\Elantech\ETDCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
2009-04-01 20:05 98304 -c--a-w- c:\program files\ASUS\ATK Hotkey\HControlUser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-04-30 03:10 33619968 ----a-r- c:\program files\VIA\VIAudioi\HDADeck\HDECK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net4Switch]
2007-11-20 12:44 1145400 ----a-w- c:\program files\ASUS\Net4Switch\Net4Switch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power_Gear]
2006-07-26 17:01 90112 ----a-w- c:\program files\ASUS\Power4 Gear\BatteryLife.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-04-09 20:24 61440 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-17 09:02 1242448 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 2]
2007-07-05 15:53 1040384 ----a-w- c:\program files\Wireless Console 2\wcourier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"e:\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Counter-Strike 1.6 ZCP\\hl.exe"=
"e:\\DEAD SPACE\\Dead Space.exe"=
"e:\\Assassin's Creed II\\New Folder\\server.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.2.2010 16:39 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.4.2009 15:18 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9.4.2009 15:19 731840]
R2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [7.4.2009 10:04 70880]
R3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\drivers\CRFILTER.sys [7.4.2008 15:00 6656]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [3.2.2010 15:21 89856]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [3.2.2010 15:34 233128]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [3.2.2010 15:11 22072]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [3.2.2010 15:22 1131264]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19.5.2010 21:48 136176]
S2 svgtred;svgtred;c:\windows\system32\drivers\svgtred.exe [13.2.2011 19:34 77312]
S3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;\??\d:\i386\AsProcOb.sys --> d:\i386\AsProcOb.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2011-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 20:48]

2011-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 20:48]

2011-02-17 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-02-08 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {5F73A715-6CD0-4D1F-99DA-CA466FF15804} = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\pjarxv8u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>{361706b1-8726-42af-9f0c-8edf185488f5}: {361706b1-8726-42af-9f0c-8edf185488f5} - %profile%\extensions\{361706b1-8726-42af-9f0c-8edf185488f5}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-fsm - (no file)
MSConfigStartUp-ICQ - c:\program files\ICQ6.5\ICQ.exe
MSConfigStartUp-Microsoft WinUpdate - c:\windows\system32\msupdatgms.exe
MSConfigStartUp-RGSC - e:\rockstar games\Gta 4\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-18 00:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\ADSM_PData_0150

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1491950412-2009852829-4049741679-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:a9,c3,69,12,e4,f6,8d,5e,44,b7,c8,69,23,33,74,fe,a2,4a,11,24,e0,92,3d,
6e,1a,45,a2,0e,c9,b4,69,96,f4,4a,08,1b,22,a6,5e,86,42,f4,05,2e,8e,47,ba,c6,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-1491950412-2009852829-4049741679-500\Software\SecuROM\License information*]
"datasecu"=hex:01,c5,f6,66,4d,dc,c8,88,7f,94,14,59,91,27,9a,59,37,d1,82,7c,47,
f3,23,a8,6c,d2,13,48,6f,1c,98,53,3f,86,2d,b5,50,9e,76,ee,80,1f,36,73,a4,db,\
"rkeysecu"=hex:70,1a,c9,a4,8d,d7,9c,51,57,42,3a,1d,41,da,b4,24
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1228)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1284)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll

- - - - - - - > 'explorer.exe'(3980)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
Completion time: 2011-02-18 00:29:15
ComboFix-quarantined-files.txt 2011-02-17 23:29

Pre-Run: Volných bajtů: 42 209 677 312
Post-Run: Volných bajtů: 42 186 539 008

- - End Of File - - 654966080B8B4F98E18ED76902FC4FB2

Tohle fixni v HJT :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)

HJT najdeš zde :

C:\Program Files\trend micro\Administrator.exe

Fix znamená že spustíš HJT

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

ComboFix 11-02-17.01 - Administrator 19.02.2011 10:51:53.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.3071.2470 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Plocha\CFScript.txt.txt
AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

FILE ::
"c:\windows\system32\msupdatgms.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Data aplikací\njxhcjcf1irmxrcffocssphyut1wavh2
c:\windows\regedit.com
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2011-01-19 to 2011-02-19 )))))))))))))))))))))))))))))))
.

2011-02-18 09:55 . 2011-02-18 09:55 28672 ----a-w- c:\windows\system32\eEmpty.exe
2011-02-18 09:55 . 2008-04-14 07:52 183808 ----a-w- c:\windows\system32\T.COM
2011-02-18 09:55 . 2004-08-17 13:49 147968 ----a-w- c:\windows\R.COM
2011-02-18 09:54 . 2011-02-18 09:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2011-02-17 20:11 . 2011-02-17 20:11 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-17 18:46 . 2011-02-17 18:46 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Spy Defy
2011-02-17 18:45 . 2011-02-17 18:47 -------- d-----w- c:\program files\TopPCTools AntiSpyware
2011-02-16 14:32 . 2011-02-16 14:32 -------- d-----w- c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP
2011-02-16 11:21 . 2011-02-16 11:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\AliensVsPredator
2011-02-16 08:22 . 2011-02-16 08:22 -------- d-----w- c:\program files\Disney Interactive Studios
2011-02-15 15:46 . 2011-02-15 15:46 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2011-02-15 15:46 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-15 15:46 . 2011-02-15 15:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-02-15 15:46 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-15 15:46 . 2011-02-15 15:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-15 15:41 . 2011-02-19 09:47 -------- d-----w- c:\program files\trend micro
2011-02-15 15:41 . 2011-02-15 15:41 -------- d-----w- C:\rsit
2011-02-15 12:56 . 2011-02-15 12:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\uTorrentBar
2011-02-13 18:34 . 2011-02-13 18:34 77312 ----a-w- c:\windows\system32\drivers\svgtred.exe
2011-02-12 09:28 . 2011-02-12 09:28 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\DVDVideoSoftIEHelpers
2011-02-12 09:07 . 2011-02-12 09:07 -------- d-----w- c:\windows\Sun
2011-02-11 14:34 . 2011-02-11 14:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Nero_AG
2011-02-10 14:22 . 2011-02-15 13:55 -------- d-----w- c:\program files\Elaborate Bytes
2011-01-30 17:12 . 2011-01-30 17:13 -------- d-----w- c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
2011-01-30 16:49 . 2011-02-18 17:17 -------- d-----w- c:\program files\Counter-Strike 1.6 ZCP
2011-01-29 21:47 . 2003-09-03 01:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2011-01-29 21:47 . 2011-01-29 21:47 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2011-01-29 21:47 . 2011-01-29 21:47 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2011-01-29 21:47 . 2003-09-03 01:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2011-01-29 21:47 . 2003-09-03 01:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2011-01-29 21:47 . 2003-09-03 01:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2011-01-29 21:47 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2011-01-27 10:25 . 2011-01-27 10:25 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\SecuROM
2011-01-21 14:44 . 2011-01-21 14:44 440320 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-01 19:17 . 2010-12-25 13:29 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-02-01 11:28 . 2010-02-07 17:06 22328 -c--a-w- c:\documents and settings\Administrator\Data aplikací\PnkBstrK.sys
2011-02-01 11:28 . 2010-02-07 17:06 22328 -c--a-w- c:\documents and settings\Administrator\Data aplikací\PnkBstrK.sys
2011-02-01 11:28 . 2010-02-07 17:06 22328 -c--a-w- c:\documents and settings\Administrator\Data aplikací\PnkBstrK.sys
2011-02-01 11:28 . 2010-02-07 17:06 22328 -c--a-w- c:\documents and settings\Administrator\Data aplikací\PnkBstrK.sys
2011-02-01 11:28 . 2010-02-07 16:44 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-02-01 11:28 . 2010-02-07 16:44 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-01 11:28 . 2010-02-07 16:44 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-02-01 11:28 . 2010-02-07 17:06 669184 ----a-w- c:\windows\system32\pbsvc.exe
2011-01-21 14:44 . 2004-08-17 13:49 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-11 14:19 . 2011-01-11 14:19 140288 ----a-w- c:\windows\system32\COMDLG32.htm
2011-01-07 14:09 . 2004-08-17 13:48 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2004-08-17 13:44 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-24 08:15 . 2010-12-24 08:15 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-12-22 12:34 . 2004-08-17 13:49 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 22:14 . 2004-08-17 13:49 668160 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 22:14 . 2004-08-03 20:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-12-20 22:14 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 22:13 . 2004-08-17 13:44 370176 ----a-w- c:\windows\system32\html.iec
2010-12-20 17:25 . 2004-08-17 13:49 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-09 15:15 . 2004-08-17 13:48 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2004-08-17 15:45 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2004-08-17 13:45 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2004-08-17 13:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-22 16:00 . 2010-12-09 22:47 394240 ----a-w- c:\windows\system32\madCHook.dll
.

------- Sigcheck -------

[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe
[7] 2004-08-17 . E9F9CD3C7F2E56505A0AC166580120E3 . 111104 . . [5.4.3790.2180] . . c:\windows\$NtServicePackUninstall$\wuauclt.exe

[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 13E794E5591776CBC71055A7B3CC1D5F . 976384 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . D008D88ED7D047B78A504986DF5647EE . 832512 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2004-08-17 . 63E527C26AC3059EAD766C6C11746D07 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 16:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]
Z stupce - egui.lnk - c:\program files\ESET\ESET Smart Security\egui.exe [2009-4-9 2029640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Aspwdflt]
2008-04-19 22:11 1556480 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Thoosje Sevenbar.lnk]
path=c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\Thoosje Sevenbar.lnk
backup=c:\windows\pss\Thoosje Sevenbar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Zástupce - Thoosje Sevenbar.lnk]
path=c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\Zástupce - Thoosje Sevenbar.lnk
backup=c:\windows\pss\Zástupce - Thoosje Sevenbar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^FancyStart daemon.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\FancyStart daemon.lnk
backup=c:\windows\pss\FancyStart daemon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACMON]
2009-06-16 18:56 540672 -c--a-w- c:\program files\ASUS\Splendid\ACMON.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
2008-03-31 22:09 266240 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2010-02-03 14:36 47672 -c--a-w- c:\windows\AsScrProlog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
2007-11-30 10:20 51768 ----a-w- c:\program files\ASUS\ASUS Live Update\ALU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2010-02-03 14:36 3054136 -c--a-w- c:\windows\AsScrPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKHOTKEY]
2009-04-23 20:24 178744 -c--a-w- c:\program files\ASUS\ATK Hotkey\HControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2008-06-24 18:01 159744 -c--a-w- c:\program files\ASUS\ATK Media\DMedia.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2008-01-23 14:34 7766016 ----a-w- c:\program files\ATKOSD2\ATKOSD2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-10-28 15:25 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 07:52 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2009-04-09 14:17 2029640 ----a-w- c:\program files\ESET\ESET Smart Security\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDWare]
2009-04-21 19:03 534528 ----a-r- c:\program files\Elantech\ETDCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
2009-04-01 20:05 98304 -c--a-w- c:\program files\ASUS\ATK Hotkey\HControlUser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-04-30 03:10 33619968 ----a-r- c:\program files\VIA\VIAudioi\HDADeck\HDECK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net4Switch]
2007-11-20 12:44 1145400 ----a-w- c:\program files\ASUS\Net4Switch\Net4Switch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power_Gear]
2006-07-26 17:01 90112 ----a-w- c:\program files\ASUS\Power4 Gear\BatteryLife.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-04-09 20:24 61440 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-17 09:02 1242448 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 2]
2007-07-05 15:53 1040384 ----a-w- c:\program files\Wireless Console 2\wcourier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"e:\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Counter-Strike 1.6 ZCP\\hl.exe"=
"e:\\DEAD SPACE\\Dead Space.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.2.2010 16:39 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.4.2009 15:18 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9.4.2009 15:19 731840]
R2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [7.4.2009 10:04 70880]
R3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\drivers\CRFILTER.sys [7.4.2008 15:00 6656]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [3.2.2010 15:21 89856]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [3.2.2010 15:34 233128]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [3.2.2010 15:11 22072]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [3.2.2010 15:22 1131264]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19.5.2010 21:48 136176]
S2 svgtred;svgtred;c:\windows\system32\drivers\svgtred.exe [13.2.2011 19:34 77312]
S3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;\??\d:\i386\AsProcOb.sys --> d:\i386\AsProcOb.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2011-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 20:48]

2011-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 20:48]

2011-02-19 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-02-08 21:18]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {5F73A715-6CD0-4D1F-99DA-CA466FF15804} = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\pjarxv8u.default\
FF - prefs.js: browser.search.selectedEngine -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>{361706b1-8726-42af-9f0c-8edf185488f5}: {361706b1-8726-42af-9f0c-8edf185488f5} - %profile%\extensions\{361706b1-8726-42af-9f0c-8edf185488f5}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-19 10:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1491950412-2009852829-4049741679-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:a9,c3,69,12,e4,f6,8d,5e,44,b7,c8,69,23,33,74,fe,a2,4a,11,24,e0,92,3d,
6e,1a,45,a2,0e,c9,b4,69,96,f4,4a,08,1b,22,a6,5e,86,42,f4,05,2e,8e,47,ba,c6,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-1491950412-2009852829-4049741679-500\Software\SecuROM\License information*]
"datasecu"=hex:01,c5,f6,66,4d,dc,c8,88,7f,94,14,59,91,27,9a,59,37,d1,82,7c,47,
f3,23,a8,6c,d2,13,48,6f,1c,98,53,3f,86,2d,b5,50,9e,76,ee,80,1f,36,73,a4,db,\
"rkeysecu"=hex:70,1a,c9,a4,8d,d7,9c,51,57,42,3a,1d,41,da,b4,24
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1228)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1284)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
Completion time: 2011-02-19 11:00:46
ComboFix-quarantined-files.txt 2011-02-19 10:00
ComboFix2.txt 2011-02-17 23:29

Pre-Run: Volných bajtů: 42 120 081 408
Post-Run: Volných bajtů: 42 194 677 760

- - End Of File - - 9B14A22525DF6ECAE05015F81A407371

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Pak dej vědět jaký je stav PC.