VIRY.CZ

RSIT jsem spustil v nouzovém režimu, za normálního stavu se mi ho přes vytížení a neustále vyskakování hlášek nepodaří spustit vůbec. Jedno se mi t povedlo, ale ani po 15 hodinách nebyl sken hotov a ukazatel postupu stál stále na stejném místě ...
Pokud by se mi podařilo udělat sken za běžného provozu, hned ho sem hodím ...

Logfile of random's system information tool 1.09 (written by random/random)
Run by Holik at 2013-02-14 07:34:53
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 103 GB (68%) free of 153 GB
Total RAM: 3071 MB (87% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:35:40, on 14.2.2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Holik\Pictures\Kréta - Bali 2009\Desktop\RSIT.exe
C:\Program Files\trend micro\Holik.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
F3 - REG:win.ini: load=C:\Users\Holik\LOCALS~1\Temp\mszrrb.cmd
O1 - Hosts: ::1 localhost
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (file missing)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [UpgradeHelper] C:\Users\Holik\AppData\Roaming\Windows Desktop Search\{6E26BF69-F10D-4D1E-B990-23F7B8C5E565}\UpgradeHelper.exe
O4 - HKCU\..\Run: [Windows Time] rundll32.exe "C:\ProgramData\OcribdevCajl.dll",EntryPoint
O4 - HKCU\..\Run: [3ZVW4FXGUG0UXF3UULHIKJ] C:\USBsys.Bin\E6557B0BA52.exe /q
O4 - HKCU\..\Run: [1B7Z2CVWUD9WXEYYURLFHR] C:\32sys.Bin\06B57B21A52.exe /q
O4 - HKCU\..\Run: [5H9YXD1HUA7WXEWYRPMPHWITXCAZC] C:\w32sys.Bin\86B57B1AA52.exe /q
O4 - HKCU\..\Run: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1CN4464Z05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [3ZVW4FXGUG0V0J3UIXFCGN] C:\USBsys.Bin\E6557B0B652.exe /q
O4 - HKCU\..\Run: [5H9YXD1HUA7X0IWYZDIZXHQLRFBXT] C:\w32sys.Bin\86B57B1A652.exe /q
O4 - HKCU\..\Run: [1B7Z2CVWUD9X0IYYSVPFHQ] C:\32sys.Bin\06B57B21652.exe /q
O4 - HKCU\..\Run: [Aqube] C:\Users\Holik\AppData\Roaming\Coorb\ilma.exe
O4 - HKCU\..\Run: [Ebypl] C:\Users\Holik\AppData\Roaming\Xiesdu\tium.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - Startup: Sledovat výstrahy inkoustu - .lnk = ?
O4 - Startup: winlogin.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... ?3,16,13,0
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\System32\IFXTCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 9938 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\HP Photo Creations Communicator.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Holik\AppData\Roaming\Mozilla\Firefox\Profiles\dmvxgt1s.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/?clid=3"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.149 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5]
"Description"=A component of your photo software powered by RocketLife
"Path"=C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=Software602 Form Filler Plugin
"Path"=C:\Program Files\Software602\602XML\Filler\npfiller.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Holik\AppData\Roaming\Mozilla\Firefox\Profiles\dmvxgt1s.default\extensions\
{ea614400-e918-4741-9a97-7a972ff7c30b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
Dealio Toolbar - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll [2009-07-31 698880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-03-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class - C:\Program Files\Search Settings\kb128\SearchSettings.dll [2009-07-29 1153024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Dealio Toolbar - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll [2009-07-31 698880]
{8dcb7100-df86-4384-8842-8fa844297b3f} - @C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-07 4853760]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMedia.exe [2008-06-25 159744]
"ASUSTPE"=C:\Windows\system32\ASUSTPE.exe [2007-10-12 106496]
"ASUS Camera ScreenSaver"=C:\Windows\AsScrProlog.exe [2008-10-16 47672]
"ASUS Screen Saver Protector"=C:\Windows\ASScrPro.exe [2008-10-16 33136]
"IFXSPMGT"=C:\Windows\system32\ifxspmgt.exe [2008-01-25 677144]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [2009-04-17 54576]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2011-03-24 49208]
""= []
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2009-04-17 95536]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"UpgradeHelper"=C:\Users\Holik\AppData\Roaming\Windows Desktop Search\{6E26BF69-F10D-4D1E-B990-23F7B8C5E565}\UpgradeHelper.exe [2013-01-09 376832]
"Windows Time"=C:\ProgramData\OcribdevCajl.dll [2013-01-09 13824]
"3ZVW4FXGUG0UXF3UULHIKJ"=C:\USBsys.Bin\E6557B0BA52.exe /q []
"1B7Z2CVWUD9WXEYYURLFHR"=C:\32sys.Bin\06B57B21A52.exe /q []
"5H9YXD1HUA7WXEWYRPMPHWITXCAZC"=C:\w32sys.Bin\86B57B1AA52.exe /q []
"HP Deskjet 3050A J611 series (NET)"=C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2011-06-08 1804648]
"3ZVW4FXGUG0V0J3UIXFCGN"=C:\USBsys.Bin\E6557B0B652.exe [2010-10-15 413043]
"5H9YXD1HUA7X0IWYZDIZXHQLRFBXT"=C:\w32sys.Bin\86B57B1A652.exe [2010-10-15 352777]
"1B7Z2CVWUD9X0IYYSVPFHQ"=C:\32sys.Bin\06B57B21652.exe [2010-10-15 397321]
"Aqube"=C:\Users\Holik\AppData\Roaming\Coorb\ilma.exe [2011-05-25 355849]
"Ebypl"=C:\Users\Holik\AppData\Roaming\Xiesdu\tium.exe [2012-11-05 335369]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [2008-07-19 104936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-14 210216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files\Search Settings\SearchSettings.exe [2009-07-29 1094144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Holik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Sledovat výstrahy inkoustu - .lnk - C:\Windows\system32\RunDll32.exe
winlogin.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.l3codecp"=l3codecp.acm
"wave4"=serwvdrv.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-02-14 07:14:03 ----A---- C:\Windows\ntbtlog.txt
2013-02-10 03:43:41 ----A---- C:\Windows\system32\FlashPlayerInstaller.exe
2013-02-09 09:52:38 ----D---- C:\Users\Holik\AppData\Roaming\Ymokmi
2013-02-09 09:52:38 ----D---- C:\Users\Holik\AppData\Roaming\Unecvu
2013-02-09 09:52:38 ----D---- C:\Users\Holik\AppData\Roaming\Amas
2013-02-09 01:32:15 ----D---- C:\Users\Holik\AppData\Roaming\Xiesdu
2013-02-09 01:32:15 ----D---- C:\Users\Holik\AppData\Roaming\Ekevix
2013-02-09 01:32:15 ----D---- C:\Users\Holik\AppData\Roaming\Dopo
2013-02-07 08:38:23 ----D---- C:\Program Files\trend micro
2013-02-07 08:38:20 ----D---- C:\rsit
2013-02-06 10:04:01 ----D---- C:\Program Files\CCleaner
2013-02-05 22:00:50 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2013-02-05 20:38:47 ----D---- C:\Users\Holik\AppData\Roaming\Lyarwy
2013-02-05 20:38:47 ----D---- C:\Users\Holik\AppData\Roaming\Icmuih
2013-02-05 20:38:47 ----D---- C:\Users\Holik\AppData\Roaming\Avbay
2013-02-05 16:27:47 ----D---- C:\Users\Holik\AppData\Roaming\Igus
2013-02-05 16:27:46 ----D---- C:\Users\Holik\AppData\Roaming\Rouc
2013-02-05 16:27:46 ----D---- C:\Users\Holik\AppData\Roaming\Coorb
2013-02-04 21:11:17 ----D---- C:\Windows\cs
2013-02-04 21:09:52 ----A---- C:\Windows\system32\drivers\fssfltr.sys
2013-02-04 21:06:38 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2013-02-04 21:01:08 ----D---- C:\Program Files\Windows Live
2013-02-04 21:00:46 ----A---- C:\Windows\system32\XAudio2_5.dll
2013-02-04 21:00:46 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2013-02-04 21:00:45 ----A---- C:\Windows\system32\d3dx10_42.dll
2013-02-04 21:00:35 ----A---- C:\Windows\system32\d3dx9_32.dll
2013-02-04 20:40:15 ----D---- C:\Program Files\Common Files\Windows Live
2013-02-04 20:39:36 ----A---- C:\Windows\system32\webservices.dll
2013-02-04 14:27:39 ----A---- C:\Windows\system32\XpsPrint.dll
2013-02-04 14:27:37 ----A---- C:\Windows\system32\DWrite.dll
2013-02-04 14:27:37 ----A---- C:\Windows\system32\d3d10warp.dll
2013-02-04 14:27:37 ----A---- C:\Windows\system32\d3d10_1core.dll
2013-02-04 14:27:37 ----A---- C:\Windows\system32\d3d10_1.dll
2013-02-04 14:27:37 ----A---- C:\Windows\system32\d2d1.dll
2013-02-04 13:53:51 ----D---- C:\Program Files\Windows Portable Devices
2013-02-03 22:06:25 ----A---- C:\Windows\system32\UIAnimation.dll
2013-02-03 22:06:24 ----A---- C:\Windows\system32\UIRibbonRes.dll
2013-02-03 22:06:24 ----A---- C:\Windows\system32\UIRibbon.dll
2013-02-03 22:04:41 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2013-02-03 22:04:41 ----A---- C:\Windows\system32\wpdbusenum.dll
2013-02-03 22:04:41 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2013-02-03 22:04:38 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2013-02-03 22:04:37 ----A---- C:\Windows\system32\WpdMtpUS.dll
2013-02-03 22:04:37 ----A---- C:\Windows\system32\WpdConns.dll
2013-02-03 22:04:37 ----A---- C:\Windows\system32\drivers\WpdUsb.sys
2013-02-03 22:04:36 ----A---- C:\Windows\system32\WPDSp.dll
2013-02-03 22:04:36 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2013-02-03 22:04:36 ----A---- C:\Windows\system32\wpdshext.dll
2013-02-03 22:04:36 ----A---- C:\Windows\system32\WpdMtp.dll
2013-02-03 22:04:36 ----A---- C:\Windows\system32\wpd_ci.dll
2013-02-03 22:04:36 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2013-02-03 22:04:36 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2013-02-03 22:04:36 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2013-02-03 22:04:36 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2013-02-03 21:56:14 ----A---- C:\Windows\system32\wmi.dll
2013-02-03 21:56:14 ----A---- C:\Windows\system32\imagehlp.dll
2013-02-03 21:56:14 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2013-02-03 21:45:09 ----A---- C:\Windows\system32\wininet.dll
2013-02-03 21:45:09 ----A---- C:\Windows\system32\urlmon.dll
2013-02-03 21:45:09 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2013-02-03 21:45:09 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-02-03 21:45:09 ----A---- C:\Windows\system32\msrating.dll
2013-02-03 21:45:09 ----A---- C:\Windows\system32\msls31.dll
2013-02-03 21:45:09 ----A---- C:\Windows\system32\mshtmler.dll
2013-02-03 21:45:09 ----A---- C:\Windows\system32\jsproxy.dll
2013-02-03 21:45:09 ----A---- C:\Windows\system32\ieui.dll
2013-02-03 21:45:09 ----A---- C:\Windows\system32\iesysprep.dll
2013-02-03 21:45:09 ----A---- C:\Windows\system32\iertutil.dll
2013-02-03 21:45:08 ----A---- C:\Windows\system32\webcheck.dll
2013-02-03 21:45:08 ----A---- C:\Windows\system32\url.dll
2013-02-03 21:45:08 ----A---- C:\Windows\system32\licmgr10.dll
2013-02-03 21:45:08 ----A---- C:\Windows\system32\inseng.dll
2013-02-03 21:45:08 ----A---- C:\Windows\system32\iesetup.dll
2013-02-03 21:45:08 ----A---- C:\Windows\system32\iernonce.dll
2013-02-03 21:45:08 ----A---- C:\Windows\system32\ieframe.dll
2013-02-03 21:45:08 ----A---- C:\Windows\system32\iedkcs32.dll
2013-02-03 21:45:08 ----A---- C:\Windows\system32\ieapfltr.dll
2013-02-03 21:45:08 ----A---- C:\Windows\system32\ieapfltr.dat
2013-02-03 21:45:08 ----A---- C:\Windows\system32\ie4uinit.exe
2013-02-03 21:45:08 ----A---- C:\Windows\system32\icardie.dll
2013-02-03 21:45:08 ----A---- C:\Windows\system32\dxtrans.dll
2013-02-03 21:45:08 ----A---- C:\Windows\system32\dxtmsft.dll
2013-02-03 21:45:07 ----A---- C:\Windows\system32\wextract.exe
2013-02-03 21:45:07 ----A---- C:\Windows\system32\vbscript.dll
2013-02-03 21:45:07 ----A---- C:\Windows\system32\pngfilt.dll
2013-02-03 21:45:07 ----A---- C:\Windows\system32\occache.dll
2013-02-03 21:45:07 ----A---- C:\Windows\system32\mshtmled.dll
2013-02-03 21:45:07 ----A---- C:\Windows\system32\mshtml.dll
2013-02-03 21:45:07 ----A---- C:\Windows\system32\mshta.exe
2013-02-03 21:45:07 ----A---- C:\Windows\system32\msfeeds.dll
2013-02-03 21:45:07 ----A---- C:\Windows\system32\iexpress.exe
2013-02-03 21:45:07 ----A---- C:\Windows\system32\ieUnatt.exe
2013-02-03 21:45:07 ----A---- C:\Windows\system32\ieakui.dll
2013-02-03 21:45:07 ----A---- C:\Windows\system32\ieaksie.dll
2013-02-03 21:45:07 ----A---- C:\Windows\system32\admparse.dll
2013-02-03 21:45:06 ----A---- C:\Windows\system32\msfeedssync.exe
2013-02-03 21:45:06 ----A---- C:\Windows\system32\msfeedsbs.dll
2013-02-03 21:45:06 ----A---- C:\Windows\system32\jscript9.dll
2013-02-03 21:45:06 ----A---- C:\Windows\system32\jscript.dll
2013-02-03 21:45:06 ----A---- C:\Windows\system32\imgutil.dll
2013-02-03 21:45:06 ----A---- C:\Windows\system32\iepeers.dll
2013-02-03 21:45:06 ----A---- C:\Windows\system32\ieakeng.dll
2013-02-03 21:45:06 ----A---- C:\Windows\system32\IEAdvpack.dll
2013-02-03 21:45:06 ----A---- C:\Windows\system32\advpack.dll
2013-02-03 21:43:58 ----A---- C:\Windows\system32\MFH264Dec.dll
2013-02-03 21:43:57 ----A---- C:\Windows\system32\stobject.dll
2013-02-03 21:43:57 ----A---- C:\Windows\system32\shdocvw.dll
2013-02-03 21:43:57 ----A---- C:\Windows\system32\mfreadwrite.dll
2013-02-03 21:43:57 ----A---- C:\Windows\system32\mfps.dll
2013-02-03 21:43:57 ----A---- C:\Windows\system32\mfplat.dll
2013-02-03 21:43:57 ----A---- C:\Windows\system32\mfmp4src.dll
2013-02-03 21:43:57 ----A---- C:\Windows\system32\MFHEAACdec.dll
2013-02-03 21:43:57 ----A---- C:\Windows\system32\mf.dll
2013-02-03 21:43:54 ----A---- C:\Windows\system32\XpsRasterService.dll
2013-02-03 21:43:53 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2013-02-03 21:43:53 ----A---- C:\Windows\system32\dxgi.dll
2013-02-03 21:43:53 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2013-02-03 21:43:53 ----A---- C:\Windows\system32\d3d10level9.dll
2013-02-03 21:43:53 ----A---- C:\Windows\system32\d3d10core.dll
2013-02-03 21:43:53 ----A---- C:\Windows\system32\d3d10.dll
2013-02-03 21:43:53 ----A---- C:\Windows\system32\cdd.dll
2013-02-03 21:43:52 ----A---- C:\Windows\system32\xpsservices.dll
2013-02-03 21:43:52 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2013-02-03 21:43:52 ----A---- C:\Windows\system32\OpcServices.dll
2013-02-03 21:43:13 ----A---- C:\Windows\system32\WMPhoto.dll
2013-02-03 21:43:13 ----A---- C:\Windows\system32\dxdiagn.dll
2013-02-03 21:43:13 ----A---- C:\Windows\system32\dxdiag.exe
2013-02-03 21:43:13 ----A---- C:\Windows\system32\d3d11.dll
2013-02-03 21:43:12 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2013-02-03 21:43:12 ----A---- C:\Windows\system32\WindowsCodecs.dll
2013-02-03 21:43:12 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2013-02-03 21:28:12 ----A---- C:\Windows\system32\Wdfres.dll
2013-02-03 21:28:04 ----A---- C:\Windows\system32\winusb.dll
2013-02-03 21:28:04 ----A---- C:\Windows\system32\drivers\WUDFRd.sys
2013-02-03 21:28:04 ----A---- C:\Windows\system32\drivers\WUDFPf.sys
2013-02-03 21:28:03 ----A---- C:\Windows\system32\WUDFSvc.dll
2013-02-03 21:28:03 ----A---- C:\Windows\system32\WUDFPlatform.dll
2013-02-03 21:28:02 ----A---- C:\Windows\system32\drivers\WdfLdr.sys
2013-02-03 21:28:02 ----A---- C:\Windows\system32\drivers\Wdf01000.sys
2013-02-03 21:28:01 ----A---- C:\Windows\system32\WUDFx.dll
2013-02-03 21:28:01 ----A---- C:\Windows\system32\WUDFHost.exe
2013-02-03 21:28:01 ----A---- C:\Windows\system32\WUDFCoinstaller.dll
2013-02-03 21:20:36 ----A---- C:\Windows\system32\atmlib.dll
2013-02-03 21:20:36 ----A---- C:\Windows\system32\atmfd.dll
2013-02-03 19:29:40 ----A---- C:\Windows\system32\psisdecd.dll
2013-02-03 19:29:39 ----A---- C:\Windows\system32\winmm.dll
2013-02-03 19:29:39 ----A---- C:\Windows\system32\mciseq.dll
2013-02-03 19:29:36 ----A---- C:\Windows\system32\localspl.dll
2013-02-03 19:29:18 ----A---- C:\Windows\system32\drivers\BTHUSB.SYS
2013-02-03 19:29:18 ----A---- C:\Windows\system32\drivers\bthport.sys
2013-02-03 19:29:17 ----A---- C:\Windows\system32\ntdll.dll
2013-02-03 19:28:53 ----A---- C:\Windows\system32\synceng.dll
2013-02-03 19:28:52 ----A---- C:\Windows\system32\shell32.dll
2013-02-03 19:28:50 ----A---- C:\Windows\system32\win32k.sys
2013-02-03 19:28:48 ----A---- C:\Windows\system32\EncDec.dll
2013-02-03 19:28:32 ----A---- C:\Windows\system32\dpnsvr.exe
2013-02-03 19:28:32 ----A---- C:\Windows\system32\dpnet.dll
2013-02-03 19:28:30 ----A---- C:\Windows\system32\drivers\partmgr.sys
2013-02-03 19:28:29 ----A---- C:\Windows\system32\drivers\volsnap.sys
2013-02-03 19:28:28 ----A---- C:\Windows\system32\netapi32.dll
2013-02-03 19:28:26 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-02-03 19:28:05 ----A---- C:\Windows\system32\packager.dll
2013-02-03 19:28:01 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2013-02-03 19:28:01 ----A---- C:\Windows\system32\FntCache.dll
2013-02-03 19:27:11 ----A---- C:\Windows\system32\ncrypt.dll
2013-02-03 19:27:10 ----A---- C:\Windows\system32\winsrv.dll
2013-02-03 19:27:09 ----A---- C:\Windows\system32\msvcrt.dll
2013-02-03 19:27:03 ----A---- C:\Windows\system32\kernel32.dll
2013-02-03 19:27:00 ----A---- C:\Windows\system32\cryptsvc.dll
2013-02-03 19:27:00 ----A---- C:\Windows\system32\cryptnet.dll
2013-02-03 19:27:00 ----A---- C:\Windows\system32\crypt32.dll
2013-02-03 19:26:44 ----A---- C:\Windows\system32\shlwapi.dll
2013-02-03 19:26:43 ----A---- C:\Windows\system32\wintrust.dll
2013-02-03 19:26:36 ----A---- C:\Windows\system32\tzres.dll
2013-02-03 19:26:21 ----A---- C:\Windows\system32\msxml6.dll
2013-02-03 19:26:19 ----A---- C:\Windows\system32\csrsrv.dll
2013-02-03 19:26:18 ----A---- C:\Windows\system32\quartz.dll
2013-02-03 19:26:17 ----A---- C:\Windows\system32\qdvd.dll
2013-02-03 19:26:15 ----A---- C:\Windows\system32\winhttp.dll
2013-02-03 19:26:07 ----A---- C:\Windows\system32\UIAutomationCore.dll
2013-02-03 19:26:07 ----A---- C:\Windows\system32\oleaut32.dll
2013-02-03 19:26:07 ----A---- C:\Windows\system32\oleaccrc.dll
2013-02-03 19:26:07 ----A---- C:\Windows\system32\oleacc.dll
2013-02-03 19:25:48 ----A---- C:\Windows\system32\msxml3.dll
2013-02-03 19:25:19 ----A---- C:\Windows\system32\xmllite.dll
2013-02-03 19:25:17 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2013-02-03 19:24:08 ----A---- C:\Windows\system32\schannel.dll
2013-02-03 19:24:08 ----A---- C:\Windows\system32\lsasrv.dll
2013-02-03 19:24:08 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2013-02-03 19:24:07 ----A---- C:\Windows\system32\secur32.dll
2013-02-03 19:24:07 ----A---- C:\Windows\system32\lsass.exe
2013-02-03 19:24:05 ----A---- C:\Windows\system32\msshsq.dll
2013-02-03 19:24:02 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-02-03 19:24:02 ----A---- C:\Windows\system32\ntkrnlpa.exe
2013-02-03 18:39:14 ----A---- C:\Windows\system32\rdpencom.dll
2013-02-03 13:23:38 ----A---- C:\Windows\system32\wups2.dll
2013-02-03 13:23:38 ----A---- C:\Windows\system32\wuauclt.exe
2013-02-03 13:23:37 ----A---- C:\Windows\system32\wucltux.dll
2013-02-03 13:23:37 ----A---- C:\Windows\system32\wuaueng.dll
2013-02-03 13:23:03 ----A---- C:\Windows\system32\wups.dll
2013-02-03 13:23:03 ----A---- C:\Windows\system32\wudriver.dll
2013-02-03 13:23:03 ----A---- C:\Windows\system32\wuapi.dll
2013-02-03 13:22:46 ----A---- C:\Windows\system32\wuwebv.dll
2013-02-03 13:22:46 ----A---- C:\Windows\system32\wuapp.exe
2013-02-03 13:16:50 ----D---- C:\3322.Bin
2013-02-03 00:45:34 ----D---- C:\Windows\system32\eu-ES
2013-02-03 00:45:34 ----D---- C:\Windows\system32\ca-ES
2013-02-03 00:45:32 ----D---- C:\Windows\system32\vi-VN
2013-02-02 09:07:01 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-02-01 20:30:40 ----SHD---- C:\Config.Msi
2013-02-01 11:10:25 ----D---- C:\Users\Holik\AppData\Roaming\Visan
2013-02-01 11:10:00 ----D---- C:\ProgramData\Visan
2013-02-01 10:26:26 ----D---- C:\Program Files\Hewlett-Packard
2013-02-01 10:25:51 ----D---- C:\Program Files\Microsoft
2013-02-01 10:25:08 ----D---- C:\ProgramData\HP Photo Creations
2013-02-01 10:25:08 ----D---- C:\Program Files\HP Photo Creations
2013-02-01 10:24:27 ----D---- C:\Users\Holik\AppData\Roaming\HpUpdate
2013-02-01 10:23:42 ----N---- C:\Windows\system32\HPDiscoPMa011.dll
2013-02-01 10:20:18 ----D---- C:\Program Files\HP
2013-02-01 10:11:12 ----A---- C:\ProgramData\Ament.ini

======List of files/folders modified in the last 1 month======

2013-02-14 07:14:03 ----D---- C:\Windows
2013-02-11 09:37:28 ----D---- C:\Windows\Temp
2013-02-10 08:23:57 ----D---- C:\Windows\tracing
2013-02-10 03:43:41 ----D---- C:\Windows\System32
2013-02-09 02:52:52 ----D---- C:\Windows\Microsoft.NET
2013-02-07 08:38:23 ----RD---- C:\Program Files
2013-02-07 08:35:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-02-07 08:35:34 ----D---- C:\Windows\inf
2013-02-06 12:12:10 ----SHD---- C:\Windows\Installer
2013-02-06 12:12:09 ----RSD---- C:\Windows\assembly
2013-02-06 12:11:39 ----D---- C:\Windows\system32\cs-CZ
2013-02-06 12:09:08 ----D---- C:\Windows\system32\en-US
2013-02-06 12:09:06 ----D---- C:\Program Files\Microsoft.NET
2013-02-06 10:13:03 ----D---- C:\Windows\Panther
2013-02-06 10:13:03 ----D---- C:\Windows\ModemLogs
2013-02-06 10:12:48 ----D---- C:\Windows\Minidump
2013-02-06 10:12:48 ----D---- C:\Windows\Logs
2013-02-06 10:12:48 ----D---- C:\Windows\Debug
2013-02-06 10:04:04 ----D---- C:\Windows\system32\Tasks
2013-02-06 09:37:40 ----D---- C:\Program Files\Common Files\Symantec Shared
2013-02-06 09:37:37 ----HD---- C:\ProgramData
2013-02-06 09:36:09 ----D---- C:\Windows\system32\drivers
2013-02-06 09:36:04 ----D---- C:\ProgramData\Symantec
2013-02-06 09:35:40 ----D---- C:\Windows\system32\catroot
2013-02-06 09:35:05 ----D---- C:\Program Files\Common Files
2013-02-06 09:30:49 ----D---- C:\Windows\Tasks
2013-02-06 09:23:43 ----D---- C:\Windows\winsxs
2013-02-06 09:20:29 ----SHD---- C:\System Volume Information
2013-02-06 08:47:49 ----D---- C:\Program Files\Google
2013-02-06 08:31:55 ----D---- C:\ProgramData\Google
2013-02-05 21:59:59 ----D---- C:\Program Files\Java
2013-02-04 21:34:11 ----D---- C:\Windows\rescache
2013-02-04 21:09:52 ----DC---- C:\Windows\system32\DRVSTORE
2013-02-04 21:02:33 ----SD---- C:\ProgramData\Microsoft
2013-02-04 21:02:18 ----RSD---- C:\Windows\Fonts
2013-02-04 21:00:53 ----D---- C:\Program Files\Common Files\microsoft shared
2013-02-04 14:24:15 ----D---- C:\Windows\system32\catroot2
2013-02-04 13:56:40 ----D---- C:\Windows\system32\drivers\UMDF
2013-02-04 13:53:51 ----D---- C:\Windows\system32\wbem
2013-02-04 13:53:50 ----D---- C:\Windows\system32\tr-TR
2013-02-04 13:53:50 ----D---- C:\Windows\system32\pt-PT
2013-02-04 13:53:50 ----D---- C:\Windows\system32\fr-FR
2013-02-04 13:53:50 ----D---- C:\Windows\system32\el-GR
2013-02-04 13:53:50 ----D---- C:\Windows\system32\de-DE
2013-02-04 13:53:49 ----D---- C:\Windows\system32\zh-TW
2013-02-04 13:53:49 ----D---- C:\Windows\system32\zh-HK
2013-02-04 13:53:49 ----D---- C:\Windows\system32\zh-CN
2013-02-04 13:53:49 ----D---- C:\Windows\system32\uk-UA
2013-02-04 13:53:49 ----D---- C:\Windows\system32\th-TH
2013-02-04 13:53:49 ----D---- C:\Windows\system32\sv-SE
2013-02-04 13:53:49 ----D---- C:\Windows\system32\sr-Latn-CS
2013-02-04 13:53:49 ----D---- C:\Windows\system32\sl-SI
2013-02-04 13:53:49 ----D---- C:\Windows\system32\sk-SK
2013-02-04 13:53:49 ----D---- C:\Windows\system32\ru-RU
2013-02-04 13:53:49 ----D---- C:\Windows\system32\ro-RO
2013-02-04 13:53:49 ----D---- C:\Windows\system32\pt-BR
2013-02-04 13:53:49 ----D---- C:\Windows\system32\pl-PL
2013-02-04 13:53:49 ----D---- C:\Windows\system32\nl-NL
2013-02-04 13:53:49 ----D---- C:\Windows\system32\nb-NO
2013-02-04 13:53:49 ----D---- C:\Windows\system32\lv-LV
2013-02-04 13:53:49 ----D---- C:\Windows\system32\lt-LT
2013-02-04 13:53:49 ----D---- C:\Windows\system32\ko-KR
2013-02-04 13:53:49 ----D---- C:\Windows\system32\ja-JP
2013-02-04 13:53:49 ----D---- C:\Windows\system32\it-IT
2013-02-04 13:53:49 ----D---- C:\Windows\system32\hu-HU
2013-02-04 13:53:49 ----D---- C:\Windows\system32\hr-HR
2013-02-04 13:53:49 ----D---- C:\Windows\system32\he-IL
2013-02-04 13:53:49 ----D---- C:\Windows\system32\fi-FI
2013-02-04 13:53:49 ----D---- C:\Windows\system32\et-EE
2013-02-04 13:53:49 ----D---- C:\Windows\system32\es-ES
2013-02-04 13:53:49 ----D---- C:\Windows\system32\da-DK
2013-02-04 13:53:49 ----D---- C:\Windows\system32\bg-BG
2013-02-04 13:53:49 ----D---- C:\Windows\system32\ar-SA
2013-02-04 13:53:47 ----D---- C:\Program Files\Internet Explorer
2013-02-04 13:53:46 ----D---- C:\Program Files\Windows Journal
2013-02-04 13:53:34 ----RD---- C:\Windows\Offline Web Pages
2013-02-04 13:53:34 ----D---- C:\Windows\system32\migration
2013-02-04 13:53:34 ----D---- C:\Windows\PolicyDefinitions
2013-02-04 13:53:25 ----SD---- C:\Windows\Downloaded Program Files
2013-02-04 13:53:21 ----D---- C:\Windows\system32\drivers\cs-CZ
2013-02-04 13:53:14 ----D---- C:\Windows\ehome
2013-02-04 13:53:12 ----D---- C:\Program Files\Windows Mail
2013-02-04 13:53:02 ----D---- C:\Program Files\Common Files\System
2013-02-04 13:52:55 ----D---- C:\Windows\system32\XPSViewer
2013-02-03 20:32:42 ----SD---- C:\Users\Holik\AppData\Roaming\Microsoft
2013-02-03 13:59:59 ----D---- C:\Windows\Prefetch
2013-02-03 13:19:02 ----SHD---- C:\$RECYCLE.BIN
2013-02-03 13:16:08 ----HD---- C:\32sys.Bin
2013-02-03 01:03:35 ----HD---- C:\w32sys.Bin
2013-02-03 01:02:54 ----HD---- C:\USBsys.Bin
2013-02-03 00:57:44 ----SHD---- C:\Boot
2013-02-03 00:47:23 ----D---- C:\Program Files\Windows Calendar
2013-02-03 00:47:23 ----D---- C:\Program Files\Movie Maker
2013-02-03 00:47:21 ----D---- C:\Program Files\Windows Sidebar
2013-02-03 00:47:21 ----D---- C:\Program Files\Windows Media Player
2013-02-03 00:47:21 ----D---- C:\Program Files\Windows Collaboration
2013-02-03 00:47:20 ----D---- C:\Program Files\Windows Photo Gallery
2013-02-03 00:47:11 ----D---- C:\Windows\servicing
2013-02-03 00:47:11 ----D---- C:\Program Files\Windows Defender
2013-02-03 00:46:49 ----D---- C:\Windows\IME
2013-02-03 00:46:47 ----D---- C:\Windows\system32\oobe
2013-02-03 00:46:43 ----D---- C:\Windows\system32\setup
2013-02-03 00:46:43 ----D---- C:\Windows\system32\AdvancedInstallers
2013-02-03 00:46:42 ----D---- C:\Windows\system32\cs
2013-02-03 00:46:38 ----D---- C:\Windows\system32\SLUI
2013-02-03 00:46:36 ----D---- C:\Windows\system32\manifeststore
2013-02-03 00:46:30 ----D---- C:\Windows\system32\migwiz
2013-02-03 00:45:41 ----D---- C:\Windows\AppPatch
2013-02-03 00:45:32 ----D---- C:\Windows\system32\Boot
2013-02-03 00:40:07 ----D---- C:\Windows\system32\RTCOM
2013-02-03 00:21:05 ----A---- C:\Windows\fonts\GlobalUserInterface.CompositeFont
2013-02-01 10:20:20 ----D---- C:\Windows\twain_32
2013-02-01 10:20:19 ----D---- C:\ProgramData\HP
2013-01-28 18:27:59 ----D---- C:\Program Files\Mozilla Firefox
2013-01-24 15:32:18 ----D---- C:\Program Files\Microsoft Office

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AsDsm;AsDsm; C:\Windows\system32\drivers\AsDsm.sys [2007-08-11 29752]
R0 lullaby;lullaby; C:\Windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2006-06-06 36528]
R1 PersonalSecureDrive;PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [2007-07-24 38816]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2008-06-03 15928]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS [2007-11-10 57856]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-06 196400]
R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2008-01-21 45624]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
S2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
S2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-05 1183744]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 3533824]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-05-13 81960]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2008-05-13 100392]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-05-13 17320]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-03-08 39272]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-08 2044896]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-21 18432]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2008-05-13 1772544]
S3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WSDPrintDevice;Podpora tisku WSD prostřednictvím funkce UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-03-14 84520]
S2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2007-05-18 73728]
S2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
S2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-06 94208]
S2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-03-09 655360]
S2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
S2 BBSvc;BingBar Service; C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-05-27 522792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 IFXSpMgtSrv;Security Platform Management Service; C:\Windows\system32\ifxspmgt.exe [2008-01-25 677144]
S2 IFXTCS;Trusted Platform Core Service; C:\Windows\System32\IFXTCS.exe [2008-01-25 886040]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
S2 PersonalSecureDriveService;Personal Secure Drive Service; C:\Windows\system32\IfxPsdSv.exe [2007-07-24 140568]
S2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-10 251248]
S3 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------

Zdravim

Zaliskane od sklepa az na pudu, cela zoo i s babkou pokladni

Zustante v nouzovem rezimu

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/14/2013 08:38:08 AM in x86 mode.
Windows Version: Windows Vista (TM) Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack]
* HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
* C:\$Recycle.Bin\S-1-5-18\$4d2d35f7425cc35a60cd09a0e9ae06e0\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$4d2d35f7425cc35a60cd09a0e9ae06e0\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$4d2d35f7425cc35a60cd09a0e9ae06e0\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$4d2d35f7425cc35a60cd09a0e9ae06e0\n [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$4d2d35f7425cc35a60cd09a0e9ae06e0\U\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$4d2d35f7425cc35a60cd09a0e9ae06e0\U\00000001.@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$4d2d35f7425cc35a60cd09a0e9ae06e0\U\80000000.@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$4d2d35f7425cc35a60cd09a0e9ae06e0\U\800000cb.@ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-3559023135-3027882764-1849227514-1000\$4d2d35f7425cc35a60cd09a0e9ae06e0\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-3559023135-3027882764-1849227514-1000\$4d2d35f7425cc35a60cd09a0e9ae06e0\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-3559023135-3027882764-1849227514-1000\$4d2d35f7425cc35a60cd09a0e9ae06e0\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-3559023135-3027882764-1849227514-1000\$4d2d35f7425cc35a60cd09a0e9ae06e0\n [ZA File]
* C:\$Recycle.Bin\S-1-5-21-3559023135-3027882764-1849227514-1000\$4d2d35f7425cc35a60cd09a0e9ae06e0\U\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-3559023135-3027882764-1849227514-1000\$4d2d35f7425cc35a60cd09a0e9ae06e0\U\00000001.@ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-3559023135-3027882764-1849227514-1000\$4d2d35f7425cc35a60cd09a0e9ae06e0\U\80000000.@ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-3559023135-3027882764-1849227514-1000\$4d2d35f7425cc35a60cd09a0e9ae06e0\U\800000cb.@ [ZA File]

Checking Windows Service Integrity:

* Klient DHCP (Dhcp) is not Running.
Startup Type set to: Automatic

* Klient DNS (Dnscache) is not Running.
Startup Type set to: Automatic

* Systém událostí COM+ (EventSystem) is not Running.
Startup Type set to: Automatic

* Síťová připojení (Netman) is not Running.
Startup Type set to: Manual

* Služba rozhraní síťového úložiště (nsi) is not Running.
Startup Type set to: Automatic

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Ancilliary Function Driver for Winsock (AFD) is not Running.
Startup Type set to: System

* Ovladač ověření brány firewall systému Windows (mpsdrv) is not Running.
Startup Type set to: Manual

* NETBT (NetBT) is not Running.
Startup Type set to: System

* NSI proxy service (nsiproxy) is not Running.
Startup Type set to: System

* Ovladač pro podporu zastaralého rozhraní TDI NetIO (tdx) is not Running.
Startup Type set to: System

* BFE [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 02/14/2013 08:38:22 AM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)

OK, pockam si na log z ComboFixu

ComboFix už jede, hlásil problém s běžícím NortonInternetSecurity nebo tak nějak, ale přes správce úloh nic od nortonu běžet nevidím a při pokusu vše od Nortonu prostě odinstalovat jsem v "Programy a funkce" taky nic od Nortonu neviděl, asi to ovlivňuje to že jedu v nouzovém režimu, ale to jen odhaduju ...
Zatím hotova fáze 5, snad to bude OK.

OK, on si zrejme jen mysli ze Norton bezi, v nouzaku nebezi...Nechte jej tak, at dokonci CF svou praci

ComboFix 13-02-13.02 - Holik 14.02.2013 8:49.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3071.2613 [GMT 1:00]
Spuštěný z: c:\users\Holik\Pictures\KrÚta - Bali 2009\Desktop\ComboFix.exe
AV: Norton Internet Security *Enabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Enabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-18\$4d2d35f7425cc35a60cd09a0e9ae06e0\n
c:\$recycle.bin\S-1-5-21-3559023135-3027882764-1849227514-1000\$4d2d35f7425cc35a60cd09a0e9ae06e0\n
c:\32sys.bin\06B57B21652.exe
C:\DFR6FB1.tmp
C:\DFRE1A7.tmp
c:\program files\Common Files\ASPG_icon.ico
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\config.ini
c:\program files\Dealio Toolbar\DealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\separator.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\SearchSettingsKit.exe
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\Search Settings
c:\program files\Search Settings\kb128\SearchSettings.dll
c:\program files\Search Settings\kb128\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\programdata\OcribdevCajl.dll
C:\USBsys.Bin
c:\usbsys.bin\B51ABBD0DC8D15E
c:\usbsys.bin\E6557B0B652.exe
c:\usbsys.bin\F8D83DC11C8D15E
c:\users\Holik\AppData\Roaming\Amas
c:\users\Holik\AppData\Roaming\Amas\uguzh.roo
c:\users\Holik\AppData\Roaming\Avbay
c:\users\Holik\AppData\Roaming\Avbay\laire.exe
c:\users\Holik\AppData\Roaming\Coorb
c:\users\Holik\AppData\Roaming\Coorb\ilma.exe
c:\users\Holik\AppData\Roaming\Ekevix
c:\users\Holik\AppData\Roaming\Ekevix\itcay.yva
c:\users\Holik\AppData\Roaming\Help\coredb\storage
c:\users\Holik\AppData\Roaming\Icmuih
c:\users\Holik\AppData\Roaming\Icmuih\owes.fie
c:\users\Holik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - .lnk
c:\users\Holik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winlogin.exe
c:\users\Holik\AppData\Roaming\Unecvu
c:\users\Holik\AppData\Roaming\Unecvu\eguzz.exe
c:\users\Holik\AppData\Roaming\Xiesdu
c:\users\Holik\AppData\Roaming\Xiesdu\tium.exe
c:\w32sys.bin\86B57B1A652.exe
c:\windows\msvcr71.dll
D:\autorun.inf
D:\swnges.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-14 do 2013-02-14 )))))))))))))))))))))))))))))))
.
.
2013-02-10 02:43 . 2013-02-10 02:43 16365936 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-02-09 08:52 . 2013-02-09 08:52 -------- d-----w- c:\users\Holik\AppData\Roaming\Ymokmi
2013-02-09 00:32 . 2013-02-09 00:31 -------- d-----w- c:\users\Holik\AppData\Roaming\Dopo
2013-02-07 07:38 . 2013-02-14 06:34 -------- d-----w- c:\program files\trend micro
2013-02-07 07:38 . 2013-02-07 07:43 -------- d-----w- C:\rsit
2013-02-06 09:04 . 2013-02-06 09:04 -------- d-----w- c:\program files\CCleaner
2013-02-05 21:00 . 2013-02-05 21:00 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-05 19:38 . 2013-02-05 19:38 -------- d-----w- c:\users\Holik\AppData\Roaming\Lyarwy
2013-02-05 15:27 . 2013-02-05 15:27 -------- d-----w- c:\users\Holik\AppData\Roaming\Igus
2013-02-05 15:27 . 2013-02-05 21:00 -------- d-----w- c:\users\Holik\AppData\Roaming\Rouc
2013-02-04 20:11 . 2013-02-04 20:11 -------- d-----w- c:\windows\cs
2013-02-04 20:09 . 2012-03-08 17:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2013-02-04 20:06 . 2013-02-04 20:06 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-02-04 20:01 . 2013-02-04 20:11 -------- d-----w- c:\program files\Windows Live
2013-02-04 20:00 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2013-02-04 20:00 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2013-02-04 20:00 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-02-04 20:00 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-02-04 19:40 . 2013-02-04 19:40 -------- d-----w- c:\users\Holik\AppData\Local\Windows Live
2013-02-04 19:40 . 2013-02-04 19:40 -------- d-----w- c:\program files\Common Files\Windows Live
2013-02-04 19:39 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2013-02-04 13:27 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2013-02-04 13:27 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-02-04 13:27 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-02-04 13:27 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-02-04 13:27 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-02-04 13:27 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-02-04 12:53 . 2013-02-04 12:53 -------- d-----w- c:\program files\Windows Portable Devices
2013-02-03 21:06 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2013-02-03 21:06 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2013-02-03 21:06 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2013-02-03 20:56 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2013-02-03 20:56 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2013-02-03 20:56 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-02-03 20:43 . 2013-02-03 20:43 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2013-02-03 20:28 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-02-03 20:28 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-02-03 20:28 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-02-03 20:28 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2013-02-03 20:28 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-02-03 20:28 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-02-03 20:28 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-02-03 20:28 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-02-03 20:28 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-02-03 20:28 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-02-03 20:28 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-02-03 20:20 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-02-03 20:20 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2013-02-03 19:32 . 2013-02-03 19:32 -------- d-----w- c:\users\Holik\AppData\Local\Macromedia
2013-02-03 18:29 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2013-02-03 18:29 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2013-02-03 18:29 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2013-02-03 18:29 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2013-02-03 18:29 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2013-02-03 18:29 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2013-02-03 18:29 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2013-02-03 18:29 . 2011-04-21 13:55 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2013-02-03 18:29 . 2009-06-17 13:23 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2013-02-03 18:29 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2013-02-03 18:27 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-02-03 18:27 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-02-03 18:27 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2013-02-03 18:27 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2013-02-03 18:27 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-02-03 18:27 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-02-03 18:25 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2013-02-03 18:25 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2013-02-03 18:25 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2013-02-03 18:24 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-02-03 18:24 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2013-02-03 18:24 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2013-02-03 18:24 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2013-02-03 18:24 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2013-02-03 18:24 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2013-02-03 18:24 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-03 18:24 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-03 17:39 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2013-02-03 12:23 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2013-02-03 12:23 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2013-02-03 12:23 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2013-02-03 12:23 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-02-03 12:23 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2013-02-03 12:23 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2013-02-03 12:23 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-02-03 12:22 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-02-03 12:22 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-02-03 12:16 . 2013-02-03 12:16 -------- d-----w- C:\3322.Bin
2013-02-02 23:45 . 2013-02-02 23:46 -------- d-----w- c:\windows\system32\ca-ES
2013-02-02 23:45 . 2013-02-02 23:46 -------- d-----w- c:\windows\system32\eu-ES
2013-02-02 23:45 . 2013-02-02 23:46 -------- d-----w- c:\windows\system32\vi-VN
2013-02-02 08:07 . 2013-02-10 02:44 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-01 10:10 . 2013-02-01 10:10 -------- d-----w- c:\users\Holik\AppData\Roaming\Visan
2013-02-01 10:10 . 2013-02-01 10:10 -------- d-----w- c:\programdata\Visan
2013-02-01 09:26 . 2013-02-01 09:26 -------- d-----w- c:\program files\Hewlett-Packard
2013-02-01 09:25 . 2013-02-01 19:41 -------- d-----w- c:\program files\Microsoft
2013-02-01 09:25 . 2013-02-02 23:06 -------- d-----w- c:\programdata\HP Photo Creations
2013-02-01 09:25 . 2013-02-01 09:25 -------- d-----w- c:\program files\HP Photo Creations
2013-02-01 09:24 . 2013-02-09 00:51 -------- d-----w- c:\users\Holik\AppData\Roaming\HpUpdate
2013-02-01 09:23 . 2011-06-08 17:06 544616 ------w- c:\windows\system32\HPDiscoPMa011.dll
2013-02-01 09:20 . 2013-02-01 09:24 -------- d-----w- c:\program files\HP
2013-02-01 09:00 . 2013-02-01 10:06 -------- d-----w- c:\users\Holik\AppData\Local\HP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-10 02:44 . 2011-12-01 13:06 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-04 20:01 . 2011-03-28 17:36 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-02-03 20:43 . 2013-02-03 20:43 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\dxgkrnl.sys.mui
2008-07-02 02:28 . 2008-07-02 02:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2011-09-23 04:43 . 2011-10-24 09:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"UpgradeHelper"="c:\users\Holik\AppData\Roaming\Windows Desktop Search\{6E26BF69-F10D-4D1E-B990-23F7B8C5E565}\UpgradeHelper.exe" [2013-01-09 376832]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 1804648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2008-10-16 47672]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-10-16 33136]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2008-01-25 677144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-04-17 54576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-27 752168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 02:52 104936 ----a-w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 19:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-02 02:44]
.
2013-02-14 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-02-01 10:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 91.187.32.2 77.48.100.254
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ?3,16,13,0
FF - ProfilePath - c:\users\Holik\AppData\Roaming\Mozilla\Firefox\Profiles\dmvxgt1s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/?clid=3
FF - prefs.js: network.proxy.type - 1
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-Windows Time - c:\programdata\OcribdevCajl.dll
HKCU-Run-3ZVW4FXGUG0UXF3UULHIKJ - c:\usbsys.bin\E6557B0BA52.exe
HKCU-Run-1B7Z2CVWUD9WXEYYURLFHR - c:\32sys.bin\06B57B21A52.exe
HKCU-Run-5H9YXD1HUA7WXEWYRPMPHWITXCAZC - c:\w32sys.bin\86B57B1AA52.exe
HKCU-Run-3ZVW4FXGUG0V0J3UIXFCGN - c:\usbsys.bin\E6557B0B652.exe
HKCU-Run-5H9YXD1HUA7X0IWYZDIZXHQLRFBXT - c:\w32sys.bin\86B57B1A652.exe
HKCU-Run-1B7Z2CVWUD9X0IYYSVPFHQ - c:\32sys.bin\06B57B21652.exe
HKCU-Run-Aqube - c:\users\Holik\AppData\Roaming\Coorb\ilma.exe
HKCU-Run-Ebypl - c:\users\Holik\AppData\Roaming\Xiesdu\tium.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
AddRemove-{08234a0d-cf39-4dca-99f0-0c5cb496da81} - c:\program files\Bing Bar Installer\InstallManager.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-14 08:54
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\ADSM_PData_0150
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(1904)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
Celkový čas: 2013-02-14 08:57:13
ComboFix-quarantined-files.txt 2013-02-14 07:57
.
Před spuštěním: Volných bajtů: 108 615 446 528
Po spuštění: Volných bajtů: 108 629 319 680
.
- - End Of File - - 71675AC8B834A2AF84D7E11A0D55A7EF

Ctete dukladneji navody, ted to probehlo ale nemuselo...

c:\users\Holik\Pictures\KrÚta - Bali 2009\Desktop\ComboFix.exe
Stahnete a ulozte na plochu

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Search
• Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

Ehm ... pozor pozor, ComboFix jsm 100% spouštěl z plochy, stejně jako RSIT, Rkill a všechno, už jsem s tebou pár PC dělal a tak vím, že to je nejlepší a nemusím myslet na to, co z kama spustit ... plocha to jistí ... takže jsem z toho teď trohu vystrašený co to tam píše za zhovadilosti=)

Každopádně pokouším se spustit ten adwcleaner a píše to chybu ... přito program opět startuju z plochy, no opravdu=)

c:\users\Holik\Pictures\KrÚta - Bali 2009\Desktop\adwcleaner0.exe
Pokus použít neplatnou operaci na klíč registru, který je označen pro odstranění.

Mám zrestartovat NTB a použít zase Rkill a následně ten adwcleaner, nebo jak teď postupovat?
Děkuji.

Dal jsem OK, nic jiného dat nešlo a pokusil se program spustit znovu ... teď už vypadá, že se chce spustit, tak nevím =)

Tak ne, sice už visty vypadají, že by program spustily, ale i když to po nich chci, tak to hodí znovu tu chybu nahoře a program se nespustí ...
Zkusit ten restart?

Ano provedte restart, jedna se o vnitrni chybu CF, bohuzelů autor jeste neprisel na to, co ji zpusobuje, staci restart a PC se da do kupy...

Pak mi moc nesedi toto c:\users\Holik\Pictures\KrÚta - Bali 2009\Desktop\ComboFix.exe, dle meho je umisteni plochy c:\users\jmeno\Desktop

Pak pokracujte (restartu) adwcleanerem

No tak ta cesta je záhadou i pro mě, ale jak ComboFix tak ten adwcleaner spouštím z plochy a píše to toto ... NTB jsem teď spustil běžným způsobem (nikoli nouzový režim) a CPU už není na 100%, což je malinko povzbudivé ...

# AdwCleaner v2.112 - Logfile created 02/14/2013 at 11:58:31
# Updated 10/02/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Holik - HOLIK-PC
# Boot Mode : Normal
# Running from : C:\Users\Holik\Pictures\Kréta - Bali 2009\Desktop\adwcleaner0.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files\ICQ6Toolbar
Folder Found : C:\ProgramData\ICQ\ICQToolbar
Folder Found : C:\Users\Holik\AppData\LocalLow\Dealio
Folder Found : C:\Users\Holik\AppData\LocalLow\Search Settings

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Dealio
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}
Key Found : HKLM\Software\Classes\Installer\Features\79CAA1B036589D14EA74856E2A220F1E
Key Found : HKLM\Software\Classes\Installer\Features\A3BB3C491A65ED342A24B8144FE679FE
Key Found : HKLM\Software\Classes\Installer\Products\79CAA1B036589D14EA74856E2A220F1E
Key Found : HKLM\Software\Classes\Installer\Products\A3BB3C491A65ED342A24B8144FE679FE
Key Found : HKLM\SOFTWARE\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
Key Found : HKLM\Software\Dealio
Key Found : HKLM\SOFTWARE\FCTB000061107
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23A03A6765D10864EB278629A2DF32C3
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3A4FCCE032CA50340A6975C92410AE30
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6E00D9B24354FBA44AE2CA0FA86EF2E2
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7C13F41728A69EF41AA1A3372FB86FA6
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B92A2929968AED344BD6B34AD60E6604
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\79CAA1B036589D14EA74856E2A220F1E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A3BB3C491A65ED342A24B8144FE679FE
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}
Key Found : HKLM\Software\Search Settings

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searc ... &ch_id=osd

-\\ Mozilla Firefox v7.0 (cs)

File : C:\Users\Holik\AppData\Roaming\Mozilla\Firefox\Profiles\dmvxgt1s.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3206 octets] - [14/02/2013 11:58:31]

########## EOF - C:\AdwCleaner[R1].txt - [3266 octets] ##########

Nevím jestli je to důležité, ale háže mi to teď každou chvíli hlášku ...

dwm.exe - Chybí disk
V jednotce není žádný disk. Vložte disk do jednotky \Device\Harddisk1\DR1

Hlasky atd budeme resit, je tam toho jeste hodne

Spustte znovu AdwCleaner

• Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
• Kliknete na Delete
• PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

Poprosim o DDS http://forum.viry.cz/viewtopic.php?f=13&t=125171