VIRY.CZ

Dobrý den otevíral jsem soubor s příponou lnk a poté se mi stalo ze všechny zástupce se změnily na .lnk tudíž celá plocha, nabídka start apod.
Ted nevím jak to dostat zpátky, předem díky za odpověď

projistotu Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:48, on 30.12.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Filip\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\WTablet\TabUserW.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Filip\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe

--
End of file - 7040 bytes

Dobrý večer

Poprosím o log ze Rsitu, viz můj podpis

Z přílohy stahněte Daft, spustte, udělejte sken a nechte opravit asociace.

diky moc, tady je log z RSIT
v daftu jsme opravil jeden problem v registrech kterej ukazal nic vic nehlasi

Logfile of random's system information tool 1.06 (written by random/random)
Run by Filip at 2010-01-01 23:27:24
Microsoft® Windows Vista™ Home Premium
System drive C: has 28 GB (25%) free of 114 GB
Total RAM: 1021 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:28:03, on 1.1.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Users\Filip\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\WTablet\TabUserW.exe
C:\Windows\system32\taskeng.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Filip\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Users\Filip\Documents\Downloads\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\Filip.exe
C:\Windows\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Filip\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe

--
End of file - 7035 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1157025956-2415277545-1472383782-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1157025956-2415277545-1472383782-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2008-03-09 824656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-20 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1090816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-18 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2008-03-09 824656]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1090816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2009-01-03 1006264]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-01-14 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-01-14 7766016]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-01-14 81920]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-20 2043160]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-18 148888]
"QuickTime Task"=C:\Program Files\VistaCodecPack\QT\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-01-03 1232896]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]
"Google Update"=C:\Users\Filip\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-12 133104]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Users\Filip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\Recycled\ctfmon.exe
shell\Open(0)\command - H:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fd82274-d2a6-11dd-8cbd-001b241cbf49}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Recycled\ctfmon.exe
shell\Open(0)\command - E:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f036d02-1d04-11de-a73f-001b241cbf49}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Recycled\ctfmon.exe
shell\Open(0)\command - E:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{400e2be9-906d-11dd-a756-001b241cbf49}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Recycled\ctfmon.exe
shell\Open(0)\command - E:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46e2a760-d806-11dd-8eae-001b241cbf49}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Recycled\ctfmon.exe
shell\Open(0)\command - E:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72f8172f-eea2-11dd-a426-001b241cbf49}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Recycled\ctfmon.exe
shell\Open(0)\command - E:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7feaedcd-b168-11dd-a0b7-001b241cbf49}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Recycled\ctfmon.exe
shell\Open(0)\command - E:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7feaedd3-b168-11dd-a0b7-001b241cbf49}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Recycled\ctfmon.exe
shell\Open(0)\command - E:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bd89f4b-aa46-11dd-a4fb-001b241cbf49}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Recycled\ctfmon.exe
shell\Open(0)\command - G:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9eee3296-d843-11dd-a123-001b241cbf49}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Recycled\ctfmon.exe
shell\Open(0)\command - E:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3b27516-badd-11dd-b2ab-001b241cbf49}]
shell\AutoRun\command - mewjub.exe
shell\explore\command - mewjub.exe
shell\open\command - mewjub.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6d153c5-d699-11dd-b9e3-001b241cbf49}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Recycled\ctfmon.exe
shell\Open(0)\command - E:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9eac635-72ac-11de-a3da-001b241cbf49}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Recycled\ctfmon.exe
shell\Open(0)\command - E:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7ed24f9-c1f5-11dd-aefc-001b241cbf49}]
shell\AutoRun\command - E:\Autorun.exe /run
shell\Shell00\command - E:\Autorun.exe /run
shell\Shell01\command - E:\Autorun.exe /action
shell\Shell02\command - E:\Autorun.exe /uninstall

======File associations======

.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2010-01-01 23:27:24 ----D---- C:\rsit
2009-12-30 11:39:18 ----D---- C:\Program Files\Trend Micro
2009-12-29 22:24:11 ----D---- C:\Program Files\CCleaner
2009-12-22 23:58:48 ----D---- C:\Program Files\CDisplay
2009-12-20 11:49:52 ----A---- C:\Windows\system32\tzres.dll
2009-12-20 11:42:05 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-20 11:42:00 ----A---- C:\Windows\system32\httpapi.dll
2009-12-19 23:48:46 ----A---- C:\Windows\system32\rastls.dll
2009-12-19 23:48:46 ----A---- C:\Windows\system32\raschap.dll
2009-12-19 23:48:40 ----A---- C:\Windows\system32\msxml6r.dll
2009-12-19 23:48:40 ----A---- C:\Windows\system32\msxml6.dll
2009-12-19 23:48:40 ----A---- C:\Windows\system32\msxml3r.dll
2009-12-19 23:48:40 ----A---- C:\Windows\system32\msxml3.dll
2009-12-19 23:48:33 ----A---- C:\Windows\system32\msv1_0.dll
2009-12-19 23:48:25 ----A---- C:\Windows\system32\winhttp.dll
2009-12-19 23:48:16 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-12-19 23:48:14 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-12-19 23:48:03 ----A---- C:\Windows\system32\mshtml.dll
2009-12-19 23:48:01 ----A---- C:\Windows\system32\wininet.dll
2009-12-19 23:47:59 ----A---- C:\Windows\system32\ieframe.dll
2009-12-19 23:47:58 ----A---- C:\Windows\system32\urlmon.dll
2009-12-19 23:47:58 ----A---- C:\Windows\system32\mstime.dll
2009-12-19 23:47:57 ----A---- C:\Windows\system32\ieapfltr.dll
2009-12-19 23:47:56 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-19 23:47:55 ----A---- C:\Windows\system32\iertutil.dll
2009-12-19 23:47:55 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-19 23:47:54 ----A---- C:\Windows\system32\mshtmled.dll
2009-12-19 23:47:54 ----A---- C:\Windows\system32\icardie.dll
2009-12-19 23:47:54 ----A---- C:\Windows\system32\dxtmsft.dll
2009-12-19 23:47:53 ----A---- C:\Windows\system32\occache.dll
2009-12-19 23:47:53 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-19 23:47:53 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-19 23:47:53 ----A---- C:\Windows\system32\ieaksie.dll
2009-12-19 23:47:52 ----A---- C:\Windows\system32\pngfilt.dll
2009-12-19 23:47:52 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-19 23:47:52 ----A---- C:\Windows\system32\iernonce.dll
2009-12-19 23:47:52 ----A---- C:\Windows\system32\ieencode.dll
2009-12-19 23:47:52 ----A---- C:\Windows\system32\dxtrans.dll
2009-12-19 23:47:52 ----A---- C:\Windows\system32\advpack.dll
2009-12-19 23:47:51 ----A---- C:\Windows\system32\admparse.dll
2009-12-19 23:47:50 ----A---- C:\Windows\system32\ieui.dll
2009-12-19 23:47:50 ----A---- C:\Windows\system32\iesetup.dll
2009-12-19 23:47:48 ----A---- C:\Windows\system32\ieakui.dll
2009-12-19 23:47:47 ----A---- C:\Windows\system32\mshtmler.dll
2009-12-19 23:47:25 ----A---- C:\Windows\system32\EncDec.dll
2009-12-19 23:47:23 ----A---- C:\Windows\system32\psisdecd.dll
2009-12-19 23:47:18 ----A---- C:\Windows\system32\mcmde.dll
2009-12-19 23:44:28 ----A---- C:\Windows\system32\msasn1.dll
2009-12-19 23:44:08 ----A---- C:\Windows\system32\WSDApi.dll
2009-12-19 23:44:04 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-12-19 23:31:22 ----A---- C:\Windows\system32\wmp.dll
2009-12-19 23:31:05 ----A---- C:\Windows\system32\unregmp2.exe
2009-12-19 23:30:57 ----A---- C:\Windows\system32\spwmp.dll
2009-12-19 23:30:49 ----A---- C:\Windows\system32\dxmasf.dll
2009-12-19 23:29:40 ----A---- C:\Windows\system32\wmploc.DLL
2009-12-19 23:10:39 ----A---- C:\Windows\system32\wups2.dll
2009-12-19 23:10:39 ----A---- C:\Windows\system32\wucltux.dll
2009-12-19 23:10:39 ----A---- C:\Windows\system32\wuaueng.dll
2009-12-19 23:10:39 ----A---- C:\Windows\system32\wuauclt.exe
2009-12-19 23:09:30 ----A---- C:\Windows\system32\wups.dll
2009-12-19 23:09:30 ----A---- C:\Windows\system32\wudriver.dll
2009-12-19 23:09:30 ----A---- C:\Windows\system32\wuapi.dll
2009-12-19 23:09:14 ----A---- C:\Windows\system32\wuwebv.dll
2009-12-19 23:09:14 ----A---- C:\Windows\system32\wuapp.exe

======List of files/folders modified in the last 1 months======

2010-01-01 23:27:40 ----D---- C:\Windows\Prefetch
2010-01-01 23:27:23 ----D---- C:\Windows\Temp
2010-01-01 23:23:49 ----D---- C:\Users\Filip\AppData\Roaming\WTablet
2009-12-30 14:08:05 ----SHD---- C:\System Volume Information
2009-12-30 11:39:18 ----RD---- C:\Program Files
2009-12-30 03:15:42 ----D---- C:\Windows
2009-12-30 03:08:01 ----D---- C:\Users\Filip\AppData\Roaming\Skype
2009-12-30 01:47:35 ----D---- C:\Users\Filip\AppData\Roaming\skypePM
2009-12-29 22:28:40 ----D---- C:\Windows\Minidump
2009-12-29 22:28:40 ----D---- C:\Windows\Debug
2009-12-29 22:00:13 ----D---- C:\Program Files\ICQ6.5
2009-12-26 19:33:25 ----D---- C:\Windows\system32\catroot2
2009-12-25 21:52:59 ----D---- C:\Windows\System32
2009-12-25 21:52:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-25 21:52:58 ----D---- C:\Windows\inf
2009-12-20 12:14:39 ----D---- C:\Windows\Microsoft.NET
2009-12-20 12:14:28 ----RSD---- C:\Windows\assembly
2009-12-20 12:05:27 ----D---- C:\Windows\winsxs
2009-12-20 12:05:14 ----D---- C:\Windows\system32\catroot
2009-12-20 11:57:48 ----D---- C:\Windows\system32\cs-CZ
2009-12-20 11:57:45 ----D---- C:\Program Files\Internet Explorer
2009-12-20 11:57:44 ----D---- C:\Windows\system32\migration
2009-12-20 11:57:38 ----D---- C:\Windows\AppPatch
2009-12-20 11:57:36 ----D---- C:\Windows\ehome
2009-12-20 11:57:15 ----D---- C:\Windows\system32\drivers
2009-12-20 11:57:13 ----D---- C:\Program Files\Windows Mail
2009-12-20 11:57:11 ----D---- C:\Program Files\Windows Media Player
2009-12-20 11:37:48 ----SHD---- C:\Windows\Installer
2009-12-19 10:55:03 ----D---- C:\Program Files\Mozilla Firefox
2009-12-18 00:30:50 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-18 00:02:53 ----D---- C:\Program Files\Ubisoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-08-31 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-08-31 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-07-07 108552]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-10-02 1044984]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2009-01-03 14208]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-02-22 159232]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-01-14 4452288]
R3 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-01-03 82432]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys [2006-02-14 5632]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys [2006-11-15 6272]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2009-01-03 11264]
S3 axxwbwn8;axxwbwn8; C:\Windows\system32\drivers\axxwbwn8.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-10-02 1044984]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-08-27 16224]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-31 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-31 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 TabletService;TabletService; C:\Windows\system32\Tablet.exe [2007-01-26 1185328]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-01-16 72704]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-03 654848]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2008-09-24 68096]

-----------------EOF-----------------

Co je jednotka E? Máte tam infekci

. Odstraníme viry a uvidíme, zda problém bude přetrvávat

Zapojte do pc všechny usb klíče, flashky...co používáte

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-souhlaste s instalací konzole pro zotavení

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem

No E by mela byt flashka kterou jsem nedavno pripojoval, tak jsem ji tam dal,
jenom jeste dodatek po tom combofixu mi nesel spustit google chrome kvuli pripravenym registrum pro vymazavani, tak jsem to reinstaloval a jeste k tomu .lnk kdyz chci vytvorit zastupce tak to prave taky vytvori .lnk
no tady je ten log

ComboFix 10-01-01.02 - Filip 02.01.2010 13:46:37.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.420.1029.18.1021.347 [GMT 1:00]
Spuštěný z: c:\users\Filip\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-02 do 2010-01-02 )))))))))))))))))))))))))))))))
.

2010-01-02 12:54 . 2010-01-02 12:54 -------- d-----w- c:\users\Filip\AppData\Local\temp
2010-01-02 12:54 . 2010-01-02 12:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-02 12:54 . 2010-01-02 12:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-01 22:27 . 2010-01-01 22:28 -------- d-----w- C:\rsit
2009-12-30 10:39 . 2009-12-30 10:39 -------- d-----w- c:\program files\Trend Micro
2009-12-29 21:24 . 2009-12-29 21:24 -------- d-----w- c:\program files\CCleaner
2009-12-22 22:58 . 2009-12-22 22:58 -------- d-----w- c:\program files\CDisplay
2009-12-20 10:49 . 2009-10-29 07:59 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-20 10:42 . 2009-11-09 13:34 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-20 10:42 . 2009-11-09 13:30 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-20 10:42 . 2009-11-09 11:17 396800 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-19 22:48 . 2009-10-07 12:47 232960 ----a-w- c:\windows\system32\rastls.dll
2009-12-19 22:48 . 2009-10-07 12:47 274432 ----a-w- c:\windows\system32\raschap.dll
2009-12-19 22:48 . 2009-08-10 13:05 2048 ----a-w- c:\windows\system32\msxml6r.dll
2009-12-19 22:48 . 2009-08-10 13:05 1406464 ----a-w- c:\windows\system32\msxml6.dll
2009-12-19 22:48 . 2009-08-10 13:05 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-12-19 22:48 . 2009-08-10 13:05 1260032 ----a-w- c:\windows\system32\msxml3.dll
2009-12-19 22:48 . 2009-09-10 17:38 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-12-19 22:48 . 2009-08-24 12:47 378368 ----a-w- c:\windows\system32\winhttp.dll
2009-12-19 22:48 . 2009-08-05 14:28 3467864 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-19 22:48 . 2009-08-05 14:28 3502152 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-19 22:48 . 2009-10-27 15:05 832512 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 22:44 . 2009-08-14 14:01 2031104 ----a-w- c:\windows\system32\win32k.sys
2009-12-19 22:44 . 2009-09-04 12:38 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-12-19 22:44 . 2009-09-14 09:50 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-12-19 22:44 . 2009-08-10 13:08 321536 ----a-w- c:\windows\system32\WSDApi.dll
2009-12-19 22:44 . 2009-04-02 11:50 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-12-19 22:31 . 2009-09-10 15:29 311296 ----a-w- c:\windows\system32\unregmp2.exe
2009-12-19 22:30 . 2009-09-10 17:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-12-19 22:30 . 2009-09-10 17:40 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-12-19 22:29 . 2009-09-10 15:29 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-12-19 22:10 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-12-19 22:10 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-12-19 22:10 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-12-19 22:10 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-12-19 22:09 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-12-19 22:09 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-12-19 22:09 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-12-19 22:09 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-12-19 22:09 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 12:33 . 2009-02-23 17:49 -------- d-----w- c:\program files\ICQ6.5
2010-01-02 12:20 . 2008-12-17 10:36 -------- d-----w- c:\users\Filip\AppData\Roaming\WTablet
2010-01-02 12:16 . 2007-01-08 21:09 81404 ----a-w- c:\windows\system32\perfc005.dat
2010-01-02 12:16 . 2007-01-08 21:09 473598 ----a-w- c:\windows\system32\perfh005.dat
2010-01-02 12:10 . 2008-09-24 21:52 73863 ----a-w- c:\users\Filip\AppData\Roaming\nvModes.dat
2009-12-30 02:08 . 2009-07-17 00:39 -------- d-----w- c:\users\Filip\AppData\Roaming\Skype
2009-12-30 00:47 . 2009-07-17 00:42 -------- d-----w- c:\users\Filip\AppData\Roaming\skypePM
2009-12-20 10:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-17 23:30 . 2008-09-24 21:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-17 23:02 . 2009-08-02 11:06 -------- d-----w- c:\program files\Ubisoft
2009-11-02 19:42 . 2009-10-12 18:32 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-27 15:01 . 2009-12-19 22:47 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-10-27 15:01 . 2009-12-19 22:47 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 15:01 . 2009-12-19 22:47 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
2009-10-27 14:59 . 2009-12-19 22:47 72704 ----a-w- c:\windows\system32\admparse.dll
2009-10-27 12:27 . 2009-12-19 22:47 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-27 10:56 . 2009-12-19 22:47 48128 ----a-w- c:\windows\system32\mshtmler.dll
2008-10-18 21:34 . 2008-10-18 21:34 8 --sh--r- c:\windows\System32\91CB629DC3.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 07:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-01-03 1232896]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Google Update"="c:\users\Filip\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-12 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2009-01-03 1006264]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-13 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-13 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-13 81920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-20 2043160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-18 148888]
"QuickTime Task"="c:\program files\VistaCodecPack\QT\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

c:\users\Filip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [7.7.2009 12:34 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [7.7.2009 12:34 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7.7.2009 12:34 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7.7.2009 12:34 297752]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [24.9.2008 22:32 717296]
.
Obsah adresáře 'Naplánované úlohy'

2009-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1157025956-2415277545-1472383782-1000Core.job
- c:\users\Filip\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-12 18:24]

2010-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1157025956-2415277545-1472383782-1000UA.job
- c:\users\Filip\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-12 18:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 13:54
Windows 6.0.6000 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1157025956-2415277545-1472383782-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8b,62,44,c4,97,ef,34,5d,f4,24,08,db,19,b9,b4,74,17,34,fe,3c,8e,00,f5,
5b,0a,56,85,a0,c3,07,ad,d9,88,c4,dd,bb,a6,c4,21,d3,ae,4d,3d,56,99,64,f0,60,\
"??"=hex:3c,ef,b3,7f,c5,28,cc,23,48,8d,0c,59,07,71,49,2c

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-01-02 13:58:31
ComboFix-quarantined-files.txt 2010-01-02 12:58
ComboFix2.txt 2010-01-02 12:37

Před spuštěním: Volných bajtů: 29 305 335 808
Po spuštění: Volných bajtů: 29 273 649 152

- - End Of File - - 394D1FCB785E4862962896A22BE21DCF

Něco málo domažem, ale nic zásadního nevidím

.
Když by jste dal něco z té plochy přejmenovat zpět, provede se to?

Případně zkuste opravu win xp managerem
http://www.viry.cz/forum/viewtopic.php?f=46&t=17549
trochu si s tím pohrajte, u tohohle nastavení zkuste bod Restore desktop icon

Obrázek

Tak jsem si stahl i kdyz teda VistaManager protoze mam visty, ale nic nepomohlo opravil sem co slo ale nic :- / ani restor desktop icon
no a k prejmenovani jak to prehodit zpatky k zastupci... kdyz umazu koncovku tak je to prazdnej soubor, kdyz chci od exe vytvorit novej zastupce tak to udela zase jen dalsi soubor s koncovkou .lnk

Omlouvám se, přehlédla jsem že máte visty

Obnovu systému jste zkoušel?

Myslíte bod obnovy? mam nejaky vytvoreny ale o co vsechno muzu prijit? Pouze o nainstalovane programy?

Pro jistotu data zazálohujte, ale měl by jste přijít jen o programy, vratte se v bodu obnovy před datum, kdy jste spouštěl ten soubor

Tak prozatím děkuju a vše nej do nového roku .)

No zatím není zač, budu držet pěsti, at se to podaří

Také vše nej v Novém roce

VIRY.CZ

problém s .lnk

problém s .lnk

Re: problém s .lnk

Re: problém s .lnk

Re: problém s .lnk

Re: problém s .lnk

Re: problém s .lnk

Re: problém s .lnk

Re: problém s .lnk

Re: problém s .lnk

Re: problém s .lnk

Re: problém s .lnk

Re: problém s .lnk

Re: problém s .lnk