VIRY.CZ

Dobry den,
Potrebujem poradit s vyriesenym problemu, ktory sa mi vyskytol na mojom PC. Po prihlaseni sa na ucet vo windows XP sa spusti C:\WINDOWS\system32\cmd.exe , ktory nasledne maze subory, z plochy mi miznu ikonky a z adresárov subory.

Prikladám screeny:




Pouzivam ESS a SAS no nic nenasli.
Prikladám log z RSIT:
__________________________________________________________________________________________
Logfile of random's system information tool 1.06 (written by random/random)
Run by Martin at 2009-11-16 21:14:02
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (15%) free of 10 GB
Total RAM: 767 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14:27, on 16.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
F:\Nová složka\ScsiAccess.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Documents and Settings\Martin\Plocha\RSIT.exe
C:\Program Files\trend micro\Martin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ImagePath] C:\windows\system_32.bat
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: VirtuaWin.lnk = C:\Program Files\VirtuaWin\VirtuaWin.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ScsiAccess - Unknown owner - F:\Nová složka\ScsiAccess.exe

--
End of file - 5566 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-31 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-31 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-02-06 2021400]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-21 61440]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"ImagePath"=C:\windows\system_32.bat [2009-11-15 22]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2009-08-10 2356088]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-11-11 2001648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-04-16 24264488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-31 148888]

C:\Documents and Settings\Martin\Nabídka Start\Programy\Po spuštění
VirtuaWin.lnk - C:\Program Files\VirtuaWin\VirtuaWin.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-07-21 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\Counter-Strike portable\root\hl.exe"="F:\Counter-Strike portable\root\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Pidgin\pidgin.exe"="C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin"
"C:\Documents and Settings\Miroslav\Local Settings\Temp\RarSFX0\hl2.exe"="C:\Documents and Settings\Miroslav\Local Settings\Temp\RarSFX0\hl2.exe:*:Enabled:hl2"
"F:\CS - source\hl2.exe"="F:\CS - source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\pinch_.exe"="C:\WINDOWS\system32\pinch_.exe:*:Enabled:Microsoft Windows Update Platform"
"C:\Documents and Settings\Martin\Plocha\utorrent-1.6.exe"="C:\Documents and Settings\Martin\Plocha\utorrent-1.6.exe:*:Enabled:µTorrent"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"F:\Program Files\Valve\hl.exe"="F:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"F:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe"="F:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"F:\Programs\opera.exe"="F:\Programs\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Documents and Settings\Martin\Plocha\utorrent.exe"="C:\Documents and Settings\Martin\Plocha\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\Martin\Plocha\winbox.exe"="C:\Documents and Settings\Martin\Plocha\winbox.exe:*:Enabled:winbox"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"F:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe"="F:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe:*:Enabled:Nero MediaHome"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2009-11-16 21:14:03 ----D---- C:\Program Files\trend micro
2009-11-16 21:14:02 ----D---- C:\rsit
2009-11-16 20:12:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2009-11-16 20:12:41 ----D---- C:\Program Files\SUPERAntiSpyware
2009-11-16 20:12:41 ----D---- C:\Documents and Settings\Martin\Data aplikací\SUPERAntiSpyware.com
2009-11-16 20:12:23 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-15 20:37:29 ----A---- C:\WINDOWS\system_32.bat
2009-11-13 12:18:54 ----D---- C:\Program Files\Passware
2009-11-11 12:48:55 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-05 14:55:47 ----D---- C:\Documents and Settings\Martin\Data aplikací\Ahead
2009-10-24 11:14:30 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-23 20:48:34 ----N---- C:\WINDOWS\UNNeroVision.exe
2009-10-23 20:48:34 ----N---- C:\WINDOWS\system32\msxml3a.dll
2009-10-23 20:47:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Ahead
2009-10-23 20:47:28 ----N---- C:\WINDOWS\system32\picn20.dll
2009-10-23 20:45:47 ----D---- C:\Program Files\Common Files\Nero
2009-10-23 20:45:35 ----D---- C:\Program Files\Common Files\LightScribe
2009-10-23 20:44:15 ----N---- C:\WINDOWS\system32\TwnLib4.dll
2009-10-23 20:07:41 ----A---- C:\WINDOWS\system32\TwnLib20.dll
2009-10-23 20:07:40 ----N---- C:\WINDOWS\system32\ImagXRA7.dll
2009-10-23 20:07:40 ----N---- C:\WINDOWS\system32\ImagXR7.dll
2009-10-23 20:07:40 ----N---- C:\WINDOWS\system32\ImagXpr7.dll
2009-10-23 20:07:40 ----N---- C:\WINDOWS\system32\ImagX7.dll
2009-10-23 20:07:09 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2009-10-23 20:06:23 ----D---- C:\Program Files\Common Files\Ahead
2009-10-17 22:15:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\ATI
2009-10-17 21:11:21 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-10-17 21:11:16 ----A---- C:\WINDOWS\system32\d3dx9_29.dll

======List of files/folders modified in the last 1 months======

2009-11-16 21:14:07 ----D---- C:\WINDOWS\Temp
2009-11-16 21:14:04 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-16 21:14:03 ----RD---- C:\Program Files
2009-11-16 21:13:49 ----D---- C:\WINDOWS\Prefetch
2009-11-16 21:12:37 ----D---- C:\Documents and Settings\Martin\Data aplikací\.purple
2009-11-16 20:50:31 ----D---- C:\Program Files\Mozilla Firefox
2009-11-16 20:47:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-16 20:12:48 ----SHD---- C:\WINDOWS\Installer
2009-11-16 20:12:47 ----SHD---- C:\Config.Msi
2009-11-16 20:12:23 ----D---- C:\Program Files\Common Files
2009-11-16 19:58:25 ----D---- C:\WINDOWS
2009-11-16 18:17:30 ----D---- C:\Documents and Settings\Martin\Data aplikací\vlc
2009-11-15 20:40:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\page
2009-11-15 20:40:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\NOS
2009-11-15 20:40:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\FLEXnet
2009-11-15 14:22:27 ----D---- C:\Documents and Settings\Martin\Data aplikací\uTorrent
2009-11-12 10:00:22 ----D---- C:\WINDOWS\Debug
2009-11-11 16:02:46 ----D---- C:\WINDOWS\system32
2009-11-11 12:52:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2009-11-11 12:49:04 ----HD---- C:\WINDOWS\inf
2009-11-11 12:48:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-11 12:05:24 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-09 18:54:10 ----D---- C:\Documents and Settings\Martin\Data aplikací\gtk-2.0
2009-11-07 23:05:05 ----RSD---- C:\WINDOWS\assembly
2009-11-07 07:41:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-11-07 07:41:38 ----D---- C:\WINDOWS\WinSxS
2009-11-05 18:36:21 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-04 18:54:28 ----RSD---- C:\WINDOWS\Fonts
2009-11-04 15:45:20 ----D---- C:\WINDOWS\Help
2009-11-01 16:23:39 ----D---- C:\WINDOWS\system32\config
2009-10-25 09:38:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-23 20:08:14 ----D---- C:\WINDOWS\system32\drivers
2009-10-22 18:40:19 ----D---- C:\WINDOWS\system
2009-10-21 05:08:52 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-18 14:44:50 ----SD---- C:\Documents and Settings\Martin\Data aplikací\Microsoft
2009-10-17 22:10:34 ----D---- C:\Program Files\ATI Technologies
2009-10-17 21:51:04 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2009-10-17 21:49:30 ----D---- C:\WINDOWS\Minidump
2009-10-17 21:11:22 ----D---- C:\WINDOWS\system32\DirectX
2009-10-17 09:09:56 ----D---- C:\WINDOWS\Microsoft.NET

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-02-06 56280]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16877]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-02-06 130952]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-07-21 3565056]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-02-06 33096]
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2002-06-03 40832]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-09-22 43520]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 aza1y338;aza1y338; C:\WINDOWS\system32\drivers\aza1y338.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2007-05-02 83592]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2007-05-02 15112]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2007-05-02 109704]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-07-21 602112]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-31 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-04-24 73728]
R2 ScsiAccess;ScsiAccess; F:\Nová složka\ScsiAccess.exe [2009-10-09 181312]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-07-21 593920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-02-06 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-10 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Dakujem,

Takze vymazal som ImagePath a tiez system_32.bat
Obsah suboru system_32.bat je: Vdaka,

no obnovovat budem
to kde som k tomu prisiel tak to teda nwm,
A vdaka za pomoc

Dobrý den, mám stejný problém akorád mám trochu jiný obsah souboru system_32.bat a to je:
erase /q /s "C:\documents and settings\pc\plocha\*.*"

Mám také vymazat položku ImagePath v HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run a soubor system_32.bat v C:\WINDOWS\ ??
děkuji za odpověď

Dobrý večer

Ano, vymažte. A rovnou sem vložte log ze Rsitu, viz můj podpis.
A příště si prosím založte vlastní topic, takto je to nepřehledné.

Tak jsem to vymazal a zde je ten log:

Logfile of random's system information tool 1.08 (written by random/random)
Run by pc at 2011-02-05 09:20:15
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 121 GB (40%) free of 305 GB
Total RAM: 1022 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:20:22, on 5.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\windows\Explorer.EXE
C:\windows\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\ADVANC~1\wh_exec.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\pc\Data aplikací\CoSoSys\HDDtoGO\HDDtoGOLaunch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\PnkBstrA.exe
C:\windows\system32\rundll32.exe
C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
C:\windows\system32\svchost.exe
C:\windows\system32\SearchIndexer.exe
C:\Documents and Settings\pc\Plocha\RSIT (1).exe
C:\Program Files\trend micro\pc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by MSN & Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.10.200.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\pc\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof2.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof2.dll
O2 - BHO: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\pc\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\listicka.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof2.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: Nástroje Lištičky - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - C:\Program Files\Seznam.cz\toolbar\toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\ADVANC~1\wh_exec.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.872
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Pando Media Booster] "C:\Program Files\Pando Networks\Media Booster\PMB.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\pc\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [HDDtoGOLaunch] C:\Documents and Settings\pc\Data aplikací\CoSoSys\HDDtoGO\HDDtoGOLaunch.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{56796FCA-42B0-4555-8042-98AC92E129EE}: NameServer = 10.10.200.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{56796FCA-42B0-4555-8042-98AC92E129EE}: NameServer = 10.10.200.1
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/pc/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 13813 bytes

======Scheduled tasks folder======

C:\windows\tasks\Ad-Aware Update (Weekly).job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1364589140-725345543-1003Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1364589140-725345543-1003UA.job
C:\windows\tasks\User_Feed_Synchronization-{BBFFBF23-4A39-4CD6-A448-7B0B4E9EEF8B}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngin0.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\tbSof2.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\pc\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2010-12-13 141184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-02-04 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-24 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2011-01-04 251416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-24 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Lištička - C:\Program Files\Seznam.cz\listicka.dll [2010-10-07 1961240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2010-11-29 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{3041d03e-fd4b-44e0-b742-2d9b88305f98}
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\tbSof2.dll [2010-10-18 3908192]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2011-01-04 251416]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2010-11-29 3908192]
{1EA00BE1-6E54-4E2A-8099-680300BF23E1} - Nástroje Lištičky - C:\Program Files\Seznam.cz\toolbar\toolbar.dll [2010-10-07 187672]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-02-04 297648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\windows\RTHDCPL.EXE [2007-01-30 16116224]
"SkyTel"=C:\windows\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\windows\ALCMTR.EXE [2005-05-03 69632]
"RemoteControl"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"WheelMouse"=C:\ADVANC~1\wh_exec.exe [2007-10-13 98304]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-01-12 2219184]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.872 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-08-06 39408]
"ctfmon.exe"=C:\windows\system32\ctfmon.exe [2008-04-14 40448]
"PowerBar"= []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2010-08-19 2953112]
"Google Update"=C:\Documents and Settings\pc\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-05-12 133104]
"HDDtoGOLaunch"=C:\Documents and Settings\pc\Data aplikací\CoSoSys\HDDtoGO\HDDtoGOLaunch.exe [2010-04-30 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\windows\system32\Ati2evxx.dll [2010-09-11 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:Call of Duty(R) 2 Multiplayer"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6.5"
"C:\Program Files\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe"="C:\Program Files\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)"
"C:\Program Files\America's Army\System\ArmyOps.exe"="C:\Program Files\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\Program Files\Outlook Express\msimn.exe"="C:\Program Files\Outlook Express\msimn.exe:*:Enabled:Outlook Express"
"C:\Program Files\SpywareBlaster\spywareblaster.exe"="C:\Program Files\SpywareBlaster\spywareblaster.exe:*:Enabled:SpywareBlaster"
"C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraWizard.exe"="C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraWizard.exe:*:Disabled:Inteligentní instalátor HYDRAVISION"
"C:\Documents and Settings\pc\Plocha\Ubisoft\Far Cry 2\bin\farcry2.exe"="C:\Documents and Settings\pc\Plocha\Ubisoft\Far Cry 2\bin\farcry2.exe:*:Enabled:Far Cry® 2"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Disabled:Quiet Internet Pager"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Documents and Settings\pc\Plocha\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Documents and Settings\pc\Plocha\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:hlsw"
"C:\Program Files\Call of Duty\CoDMP.exe"="C:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP"
"C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe"="C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\Documents and Settings\pc\Dokumenty\Data ke hram\Quake 3\quake3.exe"="C:\Documents and Settings\pc\Dokumenty\Data ke hram\Quake 3\quake3.exe:*:Enabled:quake3"
"C:\Program Files\Metin2_CZ\metin2.bin"="C:\Program Files\Metin2_CZ\metin2.bin:*:Enabled:metin2"
"C:\Games\Paintball2\paintball2.exe"="C:\Games\Paintball2\paintball2.exe:*:Enabled:paintball2"
"C:\Program Files\Microsoft Games\Age of Empires II Trial\EMPIRES2.EXE"="C:\Program Files\Microsoft Games\Age of Empires II Trial\EMPIRES2.EXE:*:Disabled:Age of Empires II"
"C:\Documents and Settings\pc\Plocha\WoW-BurningCrusade-enGB-Installer-downloader.exe"="C:\Documents and Settings\pc\Plocha\WoW-BurningCrusade-enGB-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Documents and Settings\pc\Local Settings\Temp\Blizzard Launcher Temporary - 244330f8\Launcher.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Blizzard Launcher Temporary - 244330f8\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\SIMS\RACER\racer.exe"="C:\SIMS\RACER\racer.exe:*:Enabled:racer"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Codemasters\GRID\GRID.exe"="C:\Program Files\Codemasters\GRID\GRID.exe:*:Enabled:GRID Executable"
"C:\Program Files\Metin2_CZ\metin2client.bin"="C:\Program Files\Metin2_CZ\metin2client.bin:*:Enabled:metin2client"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe"="C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe:*:Enabled:Speed"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Electronic Arts\Crytek\Crysis Wars\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis Wars\Bin32\Crysis.exe:*:Enabled:Crysis"
"C:\Documents and Settings\pc\Plocha\FinaLongju2\FinaLongju2 Nightfall (Srv2) - CH2.exe"="C:\Documents and Settings\pc\Plocha\FinaLongju2\FinaLongju2 Nightfall (Srv2) - CH2.exe:*:Enabled:FinaLongju2 Nightfall (Srv2) - CH2"
"C:\FinaLongju2\FinaLongju2 Nightfall (Srv2) - CH2.exe"="C:\FinaLongju2\FinaLongju2 Nightfall (Srv2) - CH2.exe:*:Enabled:FinaLongju2 Nightfall (Srv2) - CH2"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX07.485\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX07.485\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX04.875\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX04.875\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.516\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.516\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX02.906\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX02.906\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.781\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.781\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.047\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.047\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.922\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.922\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.016\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.016\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.922\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.922\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.797\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.797\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX03.547\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX03.547\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.031\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.031\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.453\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.453\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.641\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.641\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.063\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.063\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.703\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.703\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.515\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.515\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.906\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.906\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.281\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.281\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX02.750\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX02.750\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.297\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.297\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.859\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.859\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.046\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.046\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.891\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.891\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX14.1266\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX14.1266\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX12.87360\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX12.87360\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX06.062\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX06.062\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.969\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.969\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX02.672\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX02.672\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.766\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.766\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Program Files\ItalongjuMT2\Italongjumt2.exe"="C:\Program Files\ItalongjuMT2\Italongjumt2.exe:*:Enabled:Italongjumt2"
"C:\Documents and Settings\pc\Data aplikací\PowerChallenge\PowerSoccer\PowerSoccer.exe"="C:\Documents and Settings\pc\Data aplikací\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX03.391\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX03.391\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.953\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.953\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.156\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.156\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.125\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.125\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.625\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.625\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.969\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.969\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.672\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.672\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.140\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.140\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.875\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.875\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX27.172\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX27.172\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.812\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.812\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.062\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.062\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.844\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.844\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX50.750\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX50.750\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.265\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.265\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX18.000\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX18.000\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.719\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.719\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.765\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.765\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.094\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.094\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.593\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.593\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.734\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.734\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.281\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.281\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.985\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.985\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.703\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.703\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.360\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.360\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.500\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.500\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.219\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.219\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.671\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX01.671\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX23.360\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX23.360\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"
"C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.797\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe"="C:\Documents and Settings\pc\Local Settings\Temp\Rar$EX00.797\GodMt2-Reloaded\Client\GodMt2-Reloaded.exe:*:Enabled:GodMt2-Reloaded"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

======List of files/folders created in the last 1 months======

2011-02-05 08:55:58 ----D---- C:\Program Files\trend micro
2011-02-05 08:55:56 ----D---- C:\rsit
2011-02-04 17:53:09 ----D---- C:\Documents and Settings\pc\Data aplikací\Malwarebytes
2011-02-04 17:53:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-02-04 17:53:02 ----A---- C:\windows\system32\drivers\mbamswissarmy.sys
2011-02-04 17:52:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-02-04 17:52:58 ----A---- C:\windows\system32\drivers\mbam.sys
2011-02-04 16:21:18 ----A---- C:\windows\imsins.BAK
2011-02-04 16:19:35 ----HDC---- C:\windows\ie8
2011-02-01 19:04:14 ----D---- C:\Program Files\ICQ7.4
2011-02-01 17:17:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Solidshield
2011-02-01 16:46:16 ----D---- C:\Program Files\ESET
2011-01-28 18:55:45 ----A---- C:\windows\_MSRSTRT.EXE
2011-01-28 18:51:00 ----D---- C:\Documents and Settings\pc\Data aplikací\PriceGong
2011-01-26 16:14:50 ----D---- C:\Documents and Settings\pc\Data aplikací\BlackBean
2011-01-26 16:07:22 ----D---- C:\Program Files\BlackBeanGames
2011-01-26 15:16:48 ----D---- C:\Program Files\Atari
2011-01-25 18:44:21 ----D---- C:\Documents and Settings\pc\Data aplikací\Local
2011-01-25 18:43:48 ----D---- C:\Documents and Settings\pc\Data aplikací\DivX
2011-01-25 18:37:46 ----D---- C:\Program Files\DivX
2011-01-25 18:37:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2011-01-16 10:56:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\regid.1986-12.com.adobe
2011-01-16 09:33:41 ----D---- C:\Program Files\Adobe Media Player
2011-01-15 17:27:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\The Skins Factory
2011-01-15 17:08:56 ----A---- C:\desktop.ini
2011-01-15 17:07:50 ----D---- C:\Documents and Settings\pc\Data aplikací\Skinux
2011-01-15 15:55:23 ----D---- C:\Program Files\AlienGUIse
2011-01-15 15:32:51 ----D---- C:\Program Files\Conduit
2011-01-15 15:32:48 ----D---- C:\Program Files\BS_Player
2011-01-15 15:32:39 ----D---- C:\Documents and Settings\pc\Data aplikací\BSplayer Pro
2011-01-15 15:32:39 ----D---- C:\Documents and Settings\pc\Data aplikací\BSplayer
2011-01-15 15:32:30 ----D---- C:\Program Files\Webteh
2011-01-15 15:15:11 ----D---- C:\Program Files\The KMPlayer
2011-01-13 16:32:42 ----N---- C:\windows\system32\spmsg.dll
2011-01-13 16:32:04 ----HDC---- C:\windows\$NtUninstallKB2419632$
2011-01-12 17:48:06 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\SecuROM
2011-01-08 19:57:28 ----D---- C:\TopCD

======List of files/folders modified in the last 1 months======

2011-02-05 09:20:16 ----D---- C:\windows\Temp
2011-02-05 09:20:00 ----D---- C:\WINDOWS
2011-02-05 08:55:58 ----D---- C:\Program Files
2011-02-04 20:08:01 ----A---- C:\windows\SchedLgU.Txt
2011-02-04 19:45:30 ----D---- C:\windows\system32
2011-02-04 19:45:29 ----A---- C:\windows\system32\PnkBstrB.exe
2011-02-04 19:12:26 ----D---- C:\Documents and Settings\pc\Data aplikací\ICQ
2011-02-04 18:08:43 ----RD---- C:\windows\Web
2011-02-04 18:08:43 ----D---- C:\windows\system32\drivers
2011-02-04 17:36:57 ----HD---- C:\windows\inf
2011-02-04 17:36:52 ----D---- C:\windows\system32\CatRoot
2011-02-04 17:36:51 ----RSHDC---- C:\windows\system32\dllcache
2011-02-04 17:36:50 ----D---- C:\Program Files\Internet Explorer
2011-02-04 17:36:46 ----D---- C:\windows\system32\CatRoot2
2011-02-04 17:36:36 ----D---- C:\windows\ie8updates
2011-02-04 17:33:34 ----D---- C:\Hry
2011-02-04 17:32:37 ----D---- C:\Documents and Settings\pc\Data aplikací\Skype
2011-02-04 16:36:45 ----D---- C:\Documents and Settings\pc\Data aplikací\skypePM
2011-02-04 16:23:48 ----D---- C:\windows\Media
2011-02-04 16:23:48 ----D---- C:\windows\Help
2011-02-04 16:22:48 ----HD---- C:\windows\msdownld.tmp
2011-02-04 16:21:08 ----D---- C:\windows\system32\en-US
2011-02-04 16:14:29 ----D---- C:\Program Files\Seznam.cz
2011-02-04 16:14:28 ----D---- C:\windows\system32\cs-cz
2011-02-04 15:28:58 ----SHD---- C:\windows\Installer
2011-02-04 15:04:04 ----A---- C:\windows\system32\CmdLineExt03.dll
2011-02-04 14:56:21 ----D---- C:\windows\Prefetch
2011-02-03 16:00:21 ----D---- C:\Documents and Settings\pc\Data aplikací\OpenOffice.org2
2011-02-02 20:41:54 ----A---- C:\windows\wincmd.ini
2011-02-02 14:33:07 ----D---- C:\Program Files\Ubisoft
2011-02-02 13:25:22 ----D---- C:\Program Files\ICQ6Toolbar
2011-02-01 19:05:04 ----HD---- C:\Program Files\InstallShield Installation Information
2011-02-01 16:37:50 ----D---- C:\windows\system32\DirectX
2011-02-01 16:37:10 ----RSD---- C:\windows\assembly
2011-01-31 18:57:49 ----D---- C:\Documents and Settings\pc\Data aplikací\HLSW
2011-01-31 18:39:52 ----D---- C:\Program Files\Zaparit
2011-01-31 18:00:44 ----SD---- C:\Program Files\HLSW
2011-01-27 17:40:59 ----D---- C:\Program Files\Opera
2011-01-25 20:11:37 ----D---- C:\Program Files\Common Files
2011-01-17 17:26:29 ----D---- C:\Documents and Settings\pc\Data aplikací\Canon
2011-01-16 19:16:28 ----D---- C:\Program Files\Electronic Arts
2011-01-16 19:03:53 ----SD---- C:\windows\Tasks
2011-01-16 19:03:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-01-16 19:03:08 ----D---- C:\Program Files\Adobe
2011-01-16 11:01:05 ----D---- C:\Documents and Settings\pc\Data aplikací\Adobe
2011-01-16 10:55:44 ----D---- C:\Program Files\Common Files\Adobe
2011-01-16 09:34:34 ----RSD---- C:\windows\Fonts
2011-01-15 16:25:14 ----D---- C:\windows\Debug
2011-01-15 16:25:13 ----D---- C:\windows\Minidump
2011-01-14 17:44:05 ----D---- C:\windows\WinSxS
2011-01-14 16:04:25 ----D---- C:\windows\system32\config
2011-01-12 18:39:26 ----D---- C:\Program Files\McAfee
2011-01-12 17:32:24 ----D---- C:\Program Files\Rockstar Games
2011-01-12 16:43:25 ----D---- C:\Documents and Settings\pc\Data aplikací\AIMP
2011-01-12 16:11:35 ----HD---- C:\windows\$hf_mig$
2011-01-09 15:10:07 ----D---- C:\windows\system32\ReinstallBackups
2011-01-08 11:21:19 ----D---- C:\Program Files\City Interactive
2011-01-08 11:20:17 ----D---- C:\Program Files\EA Sports
2011-01-08 11:08:35 ----D---- C:\Program Files\Microsoft Games
2011-01-08 10:34:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\Ubisoft
2011-01-08 10:15:20 ----D---- C:\Documents and Settings\pc\Data aplikací\Black Sea Studios
2011-01-07 16:05:00 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\windows\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\windows\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\windows\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\windows\System32\drivers\sfsync02.sys [2005-08-10 19968]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x); C:\windows\System32\drivers\sfsync03.sys [2005-10-13 35328]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\windows\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2009-12-09 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
R1 epfwtdir;epfwtdir; C:\windows\system32\DRIVERS\epfwtdir.sys [2010-12-21 94872]
R1 intelppm;Řadič procesoru Intel; C:\windows\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys []
R1 kbdhid;Ovladač klávesnice standardu HID; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 PQNTDrv;PQNTDrv; C:\windows\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 SpyEmrg;Spy Emergency Driver; C:\windows\System32\Drivers\spyemrg.sys [2009-09-17 12344]
R2 Aspi32;Aspi32; C:\windows\system32\drivers\Aspi32.sys [2007-03-18 17005]
R2 atksgt;atksgt; C:\windows\system32\DRIVERS\atksgt.sys [2010-12-20 281760]
R2 eamon;eamon; C:\windows\system32\DRIVERS\eamon.sys [2010-12-21 141264]
R2 irda;Protokol IrDA; C:\windows\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 lirsgt;lirsgt; C:\windows\system32\DRIVERS\lirsgt.sys [2010-12-20 25888]
R2 Sentinel;Sentinel; C:\windows\System32\Drivers\SENTINEL.SYS [2002-12-17 76288]
R3 Arp1394;Protokol 1394 ARP Client; C:\windows\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\windows\system32\DRIVERS\ati2mtag.sys [2010-09-11 5417472]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\windows\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RtkHDAud.sys [2007-01-30 4474368]
R3 mouhid;Ovladač myši standardu HID; C:\windows\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\windows\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Rasirda;WAN Miniport (IrDA); C:\windows\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver; C:\windows\System32\Drivers\spyemrg_guard.sys [2009-09-17 14392]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 whfltr2k;WheelMouse USB Lower Filter Driver; C:\windows\system32\DRIVERS\whfltr2k.sys [2007-01-26 6784]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\windows\system32\DRIVERS\yk51x86.sys [2006-11-22 250496]
S3 alx2ge7z;alx2ge7z; C:\windows\system32\drivers\alx2ge7z.sys []
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\windows\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
S3 nmwcd;Nokia USB Phone Parent; C:\windows\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 NTProcDrv;Process creation detector for NT.; \??\C:\windows\TEMP\drv1.tmp []
S3 Pcouffin;VSO Software pcouffin; C:\windows\System32\Drivers\Pcouffin.sys [2009-07-13 47360]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver; C:\windows\System32\Drivers\spyemrg_access.sys [2009-09-17 18232]
S3 STIrUsb;SigmaTel USB-IrDA Dongle; C:\windows\system32\DRIVERS\irstusb.sys [2001-08-17 26624]
S3 usbprint;Třída USB Printer; C:\windows\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 Wdf01000;Wdf01000; C:\windows\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\windows\system32\Ati2evxx.exe [2010-09-11 606208]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 Irmon;Sledování infračerveného přenosu; C:\windows\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-12 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [2010-11-24 88176]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 PnkBstrA;PnkBstrA; C:\windows\system32\PnkBstrA.exe [2010-11-20 75136]
R2 SpyEmrgSrv;Spy Emergency Engine Service; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [2010-08-23 1825408]
R2 WSearch;Windows Search; C:\windows\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-12-20 593920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-09 135664]
S3 aspnet_state;Stavová služba ASP.NET; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2011-01-12 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-06 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Děkuju

Jinak už žádné problémy s počítačem nemáte?

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Další problémy s pc nemám akorád o trochu déle čekám, než mohu pracovat s pc po zapnutí než dříve ale není to tak vážné...

Nedávno jsem to také kontroloval tak přiložím oba logy...tenhle je z dřívějška :

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Verze databáze: 5677

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1.2.2011 18:05:27
mbam-log-2011-02-01 (18-05-27).txt

Typ kontroly: Rychlý test
Testované objekty: 162836
Uplynulý čas: 9 minut, 59 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 3
Infikované hodnoty v registru: 2
Infikované datové položky v registru: 2
Infikované složky: 4
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25B8D58C-B0CB-46B0-BA64-05B3804E4E86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35B8D58C-B0CB-46B0-BA64-05B3804E4E86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CDBFB47B-58A8-4111-BF95-06178DCE326D} (Adware.DoubleD) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Value: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Value: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} -> Quarantined and deleted successfully.

Infikované datové položky v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infikované složky:
c:\program files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\DoubleD\desktop smiley toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.2.0.750 (Adware.DoubleD) -> Quarantined and deleted successfully.

Infikované soubory:
c:\documents and settings\pc\data aplikací\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.

a tento z dneška:
Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Verze databáze: 5677

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5.2.2011 10:07:08
mbam-log-2011-02-05 (10-07-08).txt

Typ kontroly: Rychlý test
Testované objekty: 162679
Uplynulý čas: 9 minut, 0 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Děkuju

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript: - zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

Když spustím OTL, tak mi vyskočí hláška :
C:\Documents and Settings\pc\Plocha\OTL.exe není platná aplikace typu Win32

A také jsem teď nemohl na internet, tak jsem dal obnovu systému a je vše v pořádku. Může to vymazání system_32.bat a ImagePath ovlivnit přístup na internet?? Tak teď po obnově mi jde i OTL spustit...asi to fakt bude tím smazáním těchto dvou souborů, ale zase mi to bude furt mazat ikony, když to nesmažu.... .Nebo mě napadlo, jestli to také nemůže být smazáním při kontrole MBAM viz. log z MBAM z dřívějška...

Prosím Vás, nabootujte do nouzového režimu (po restartu mačkejte F8) najděte si
C:\Program Files\trend micro\pc.exe(za předpokladu, že máte stažený Rsit)

Takže v tom HJT (je přejmenované na pc.exe) označte
O4 - HKLM\..\Run: [ImagePath] C:\windows\system_32.bat
a dejte fix checked

Následně soubor najděte na disku a smažte. Pak restartujte počítač do běžného režimu a dejte log z oTL

Ten bat soubor má za ukol Vám mazat soubory po startu, proto ho smažte. Ale na internet by neměl mít vliv.

Nezlobte se, moc tomu nerozumím tak si to zrekapituluju....dám restartovat počítač a pak budu mačkat F8 -> najdu soubor v C:\Program Files\trend micro\pc.exe -> O4 - HKLM\..\Run: [ImagePath] C:\windows\system_32.bat a ten označím a dám fix checked pak nechám spustit počítač a smažu soubor system_32.bat a restartuju pc a udělám ten OTL jo?
Děkuju

1. restartujete počítač - budete mačkat klávesnici F8 - z nabídky vyberetenouzový režim

2. Otevřete si přejmenované HJT, které je zde C:\Program Files\trend
micro\pc.exe

3. V HJt označíte zatržítkem tento řádek
O4 - HKLM\..\Run: [ImagePath] C:\windows\system_32.bat
-zmáčknete fix chcecked. a ten soubor system_32.bat smažete.

4. restartujete pc, pujdete už do normálního režimu, už by ser Vám nic mazat nemělo. Uděláte ten OTL

Když mačkám F8 mám na vyběr z možností:
STAV NOUZE
STAV NOUZE S PRACÍ V SÍTI
STAV NOUZE SE SYSTÉMEM MS-DOS
ZAPNOUT REŽIM VGA

který z nich mám vybrat?? a ještě prosím o radu, jak mám označit zatržítkem ten řádek O4 - HKLM\..\Run: [ImagePath] C:\windows\system_32.bat a kde na klávesnici je to zatržítko??

děkuju

STAV NOUZE

Tam jen kliknete kurzorem do čtverečku u té řádky