VIRY.CZ

Logfile of random's system information tool 1.06 (written by random/random)
Run by Acer NB at 2010-01-30 17:28:30
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 10 GB (15%) free of 70 GB
Total RAM: 2037 MB (48% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1174427522-2199573224-3379719715-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1174427522-2199573224-3379719715-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{3A69FF95-3F29-4701-867A-3C23EC30A2A3}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-12-07 1377576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-12 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-01-03 312368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-05 142896]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-03-11 5296128]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-05 525360]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-01-22 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-01-22 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-01-22 133656]
"SetPanel"=C:\Acer\APanel\APanel.cmd []
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-01-04 768520]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]
"WarReg_PopUp"=C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-07-21 159744]
"eRecoveryService"= []
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-12 2043160]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]
"V0260Cfg.exe"=V0260Cfg.exe /d:2 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
C:\Program Files\BitComet\BitComet.exe /tray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Acer NB\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-21 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [2008-01-22 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2007-12-07 21686568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\SweetIM\Messenger\SweetIM.exe [2008-12-02 111928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Acer NB^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
C:\CONVES~1\Orion\MESSEN~1.EXE [2007-09-05 2482176]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-01-22 200704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{642cafcc-487c-11de-b64a-001eec483e4b}]
shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe
shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fedd99c-4f60-11dd-8e97-f2de868f24e7}]
shell\AutOplay\command - F:\lxmo.cmd
shell\AutoRun\command - F:\lxmo.cmd
shell\Explore\command - F:\lxmo.cmd
shell\open\command - F:\lxmo.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b979e05d-dfb7-11dd-98fb-001eec483e4b}]
shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe
shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2ee1493-0595-11df-9111-941ceb52267b}]
shell\AutoRun\command - setup.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-01-30 17:28:30 ----D---- C:\rsit
2010-01-30 17:28:30 ----D---- C:\Program Files\trend micro
2010-01-30 17:28:26 ----D---- C:\Windows\pss
2010-01-30 16:42:25 ----D---- C:\Program Files\Lavalys
2010-01-22 16:28:21 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 16:28:20 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 16:28:18 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 16:28:18 ----A---- C:\Windows\system32\iertutil.dll
2010-01-22 16:28:17 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 16:28:17 ----A---- C:\Windows\system32\occache.dll
2010-01-22 16:28:17 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-22 16:28:17 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-22 16:28:16 ----A---- C:\Windows\system32\ieui.dll
2010-01-22 16:28:15 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-22 16:28:15 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-22 16:28:15 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-22 16:28:15 ----A---- C:\Windows\system32\iepeers.dll
2010-01-22 16:28:14 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-22 16:28:14 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-22 16:28:13 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-22 16:28:13 ----A---- C:\Windows\system32\iesetup.dll
2010-01-22 16:28:13 ----A---- C:\Windows\system32\iernonce.dll
2010-01-13 13:57:08 ----D---- C:\Windows\Minidump
2010-01-13 13:01:40 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 13:01:40 ----A---- C:\Windows\system32\fontsub.dll

======List of files/folders modified in the last 1 months======

2010-01-30 17:28:42 ----D---- C:\Windows\Temp
2010-01-30 17:28:30 ----RD---- C:\Program Files
2010-01-30 17:28:26 ----D---- C:\Windows
2010-01-30 17:24:53 ----D---- C:\ProgramData\McAfee
2010-01-30 17:24:53 ----D---- C:\Program Files\Common Files
2010-01-30 17:20:38 ----D---- C:\Windows\Tasks
2010-01-30 17:20:17 ----D---- C:\Windows\system32\drivers
2010-01-30 17:20:17 ----D---- C:\Windows\system32\catroot
2010-01-30 17:19:51 ----D---- C:\Windows\System32
2010-01-30 17:14:42 ----D---- C:\Users\Acer NB\AppData\Roaming\Skype
2010-01-30 16:44:08 ----D---- C:\Windows\inf
2010-01-30 16:44:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-30 16:42:37 ----SD---- C:\ProgramData\Microsoft
2010-01-30 16:34:50 ----D---- C:\Users\Acer NB\AppData\Roaming\ICQ
2010-01-30 16:08:55 ----D---- C:\Users\Acer NB\AppData\Roaming\skypePM
2010-01-29 19:13:15 ----D---- C:\Windows\system32\catroot2
2010-01-29 09:45:03 ----SHD---- C:\System Volume Information
2010-01-27 13:54:29 ----D---- C:\Windows\winsxs
2010-01-27 13:54:27 ----D---- C:\Program Files\Internet Explorer
2010-01-23 12:22:03 ----D---- C:\Windows\system32\migration
2010-01-21 14:06:15 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-21 12:35:44 ----SHD---- C:\Windows\Installer
2010-01-16 21:50:23 ----D---- C:\Program Files\Mozilla Firefox
2010-01-14 13:33:04 ----D---- C:\Program Files\Windows Mail
2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-01-13 14:11:51 ----D---- C:\Windows\Prefetch
2010-01-13 12:58:40 ----D---- C:\ProgramData\Microsoft Help
2010-01-13 12:58:36 ----RSD---- C:\Windows\assembly
2010-01-13 12:55:51 ----RSD---- C:\Windows\Fonts
2010-01-13 12:55:35 ----D---- C:\Program Files\Common Files\microsoft shared
2010-01-13 12:54:02 ----D---- C:\Program Files\Microsoft Works
2010-01-09 13:13:34 ----HD---- C:\$AVG8.VAULT$
2010-01-05 01:17:46 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-09-14 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-09-14 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-09-14 108552]
R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-04 41456]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2007-07-03 15392]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-01-03 16432]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-01-03 59952]
R2 RMCAST;Ovladač protokolu RMCAST (Pgm); C:\Windows\system32\DRIVERS\RMCAST.sys [2008-05-10 113664]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 8704]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2007-03-09 1163616]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-12-11 163376]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-07-30 743424]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-22 2016256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-03-11 2077080]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-04-19 6144]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-04-26 984064]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-04-26 208384]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
S3 V0260VID;Live! Cam Vista IM; C:\Windows\system32\DRIVERS\V0260Vid.sys [2006-11-03 178913]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-04-26 660480]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-09-14 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-09-14 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-05 497712]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-10-01 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-12-20 131072]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-19 24576]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-11-27 110592]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-12-04 266343]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-20 167936]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-01-30 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S2 pr2anmub;Ubersoldier 2 Drivers Auto Removal (pr2anmub); C:\Windows\system32\pr2anmub.exe [2007-12-14 411000]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Před dalším krokem zapojte do PC všechny flash disky, mp3 přehrávače, externí disky aj.

~~~

Vložte sem log z ComboFix.

Stáhněte a uložte na Plochu ComboFix, poté ho spusťte s administrátorským oprávněním.
Ještě před spuštěním vypněte rezidentní štít antiviru, či antispywaru.
Po spuštění se Vám zobrazí licenční podmínky, klikněte na 'Ano'. Budete také dotázán na instalaci konzole pro zotavení, klikněte na 'Ano'.
Celý sken bude trvat tak 5-10 minut, v závislosti na tom, kolika soubory se bude CF prodírat. Váš PC bude pravděpodobně restartován, tak se toho neděste. Než úplně skončí sken, nic nedělejte, hlavně neklikejte do spuštěného okna s ComboFixem.
Po skončení skenu na Vás vypadne log, který vkopírujete sem.

ComboFix 10-01-30.04 - Acer NB 31.01.2010 9:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2037.906 [GMT 1:00]
Spuštěný z: c:\users\Acer NB\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6.5\ICQLRun.exe
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\users\Acer NB\AppData\Roaming\.#
c:\users\Acer NB\AppData\Roaming\.#\MBX@1264@382990.###
c:\users\Acer NB\AppData\Roaming\.#\MBX@1264@3829C0.###
c:\users\Acer NB\AppData\Roaming\.#\MBX@1264@3829F0.###
c:\users\Acer NB\AppData\Roaming\.#\MBX@1404@1B72990.###
c:\users\Acer NB\AppData\Roaming\.#\MBX@1404@1B729C0.###
c:\users\Acer NB\AppData\Roaming\.#\MBX@1404@1B729F0.###

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-28 do 2010-01-31 )))))))))))))))))))))))))))))))
.

2010-01-31 08:12 . 2010-01-31 08:15 -------- d-----w- c:\windows\system32\ca-ES
2010-01-31 08:12 . 2010-01-31 08:15 -------- d-----w- c:\windows\system32\eu-ES
2010-01-31 08:12 . 2010-01-31 08:15 -------- d-----w- c:\windows\system32\vi-VN
2010-01-31 08:06 . 2008-02-13 06:59 98304 ----a-w- c:\windows\RTKAUDIOSERVICE.EXE
2010-01-31 07:35 . 2010-01-31 07:35 -------- d-----w- c:\windows\system32\EventProviders
2010-01-30 16:28 . 2010-01-30 16:28 -------- d-----w- C:\rsit
2010-01-30 16:28 . 2010-01-30 16:28 -------- d-----w- c:\program files\trend micro
2010-01-30 15:42 . 2010-01-30 15:42 -------- d-----w- c:\program files\Lavalys
2010-01-13 12:01 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 12:01 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 08:51 . 2009-06-12 13:56 -------- d-----w- c:\program files\ICQ6.5
2010-01-31 08:29 . 2008-01-21 06:46 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-01-31 08:29 . 2008-01-21 06:46 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-01-31 08:18 . 2008-09-29 18:37 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-31 08:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-01-31 08:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-31 08:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-01-31 08:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-01-31 08:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-01-31 08:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-01-31 08:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-01-31 08:12 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-01-30 16:31 . 2008-12-28 16:40 -------- d-----w- c:\users\Acer NB\AppData\Roaming\Skype
2010-01-30 16:24 . 2008-04-18 23:40 -------- d-----w- c:\programdata\McAfee
2010-01-30 15:34 . 2008-10-02 15:53 -------- d-----w- c:\users\Acer NB\AppData\Roaming\ICQ
2010-01-30 15:08 . 2008-12-28 16:43 -------- d-----w- c:\users\Acer NB\AppData\Roaming\skypePM
2010-01-21 13:06 . 2009-12-07 15:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 10:12 . 2009-10-02 19:32 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 12:07 . 2008-07-10 09:18 70104 ----a-w- c:\users\Acer NB\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-13 11:58 . 2008-04-18 23:31 -------- d-----w- c:\programdata\Microsoft Help
2010-01-13 11:54 . 2008-04-18 23:33 -------- d-----w- c:\program files\Microsoft Works
2010-01-02 06:38 . 2010-01-22 15:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 15:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 15:28 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 15:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-18 09:30 . 2009-12-18 09:30 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-11-20 14:49 . 2009-11-20 14:49 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-09 12:31 . 2009-12-13 03:47 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-13 03:47 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-13 03:47 411648 ----a-w- c:\windows\system32\drivers\http.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0260Ext.ax"="c:\windows\system32\V0260Ext.ax" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-22 133656]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-04 768520]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"V0260Cfg.exe"="V0260Cfg.exe" [2006-03-27 32874]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-4-19 535336]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-9-30 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Acer NB^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
path=c:\users\Acer NB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
backup=c:\windows\pss\Orion.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-12-21 11:23 135664 ----atw- c:\users\Acer NB\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-01-22 09:14 200704 ------w- c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-12-07 14:08 21686568 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2008-12-02 09:02 111928 ----a-r- c:\program files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):23,ab,bc,d9,4e,a2,ca,01

R0 pe3anmub;Ubersoldier 2 Environment Driver (pe3anmub);c:\windows\System32\drivers\pe3anmub.sys [14.12.2007 17:24 65152]
R0 ps7anmub;Ubersoldier 2 Synchronization Driver (ps7anmub);c:\windows\System32\drivers\ps7anmub.sys [14.12.2007 17:23 68744]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [10.9.2009 16:19 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [14.9.2009 20:05 108552]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [10.7.2008 10:22 41456]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [14.9.2009 20:04 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [14.9.2009 20:04 297752]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2.10.2008 16:54 222968]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [19.4.2008 8:55 180736]
S2 pr2anmub;Ubersoldier 2 Drivers Auto Removal (pr2anmub);c:\windows\system32\pr2anmub.exe svc --> c:\windows\system32\pr2anmub.exe svc [?]
S3 V0260VID;Live! Cam Vista IM;c:\windows\System32\drivers\V0260Vid.sys [2.11.2009 15:30 178913]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'

2010-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1174427522-2199573224-3379719715-1000Core.job
- c:\users\Acer NB\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-21 11:23]

2010-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1174427522-2199573224-3379719715-1000UA.job
- c:\users\Acer NB\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-21 11:23]

2010-01-31 c:\windows\Tasks\User_Feed_Synchronization-{3A69FF95-3F29-4701-867A-3C23EC30A2A3}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Acer NB\AppData\Roaming\Mozilla\Firefox\Profiles\mbcovh9q.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\users\Acer NB\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-BitComet - c:\program files\BitComet\BitComet.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
AddRemove-Mercedes-Benz Truck Racing - c:\truckrace\mbtr.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-31 09:52
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Celkový čas: 2010-01-31 09:58:27
ComboFix-quarantined-files.txt 2010-01-31 08:58

Před spuštěním: Volných bajtů: 21 175 406 592
Po spuštění: Volných bajtů: 21 566 410 752

- - End Of File - - 82A6F1D46909CB9B8B5D9B95C006EE54

Jdeme dál. A omlouvám se za prodlevu.
Je nutné zapojit všechny USB disky (na tom co byl jako disk F: je virus!).

~~~

Otevřete si Poznámkový blok a vkopírujte do něj uložte to na Plochu jako CFScript.txt Pak jej myší přetáhněte nad ComboFix (musí být na Ploše) a pusťte (vizte obrázek).



ComboFix vykoná příkazy ze skriptu, PC může být opět restartován.
Po skončení mi sem vložte log, který na Vás po dočistění vybafne.

~~~

Otestujte na VirusTotal soubory: Jednoduše tam vkopírujete cesty, co jsem napsal do code, když Vám to napíše, že soubor byl testován, dejte otestovat znovu. Poté jsem vložíte linky (odkazy) na jednotlivé testy.

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.01 -
AhnLab-V3 5.0.0.2 2010.01.31 -
AntiVir 7.9.1.154 2010.01.31 -
Antiy-AVL 2.0.3.7 2010.02.01 -
Authentium 5.2.0.5 2010.01.31 -
Avast 4.8.1351.0 2010.01.31 -
AVG 9.0.0.730 2010.01.31 -
BitDefender 7.2 2010.02.01 -
CAT-QuickHeal 10.00 2010.02.01 -
ClamAV 0.96.0.0-git 2010.02.01 -
Comodo 3780 2010.02.01 -
DrWeb 5.0.1.12222 2010.02.01 -
eSafe 7.0.17.0 2010.01.31 -
eTrust-Vet 35.2.7274 2010.02.01 -
F-Prot 4.5.1.85 2010.01.31 -
F-Secure 9.0.15370.0 2010.01.31 -
Fortinet 4.0.14.0 2010.02.01 -
GData 19 2010.02.01 -
Ikarus T3.1.1.80.0 2010.02.01 -
Jiangmin 13.0.900 2010.01.28 -
K7AntiVirus 7.10.960 2010.01.29 -
Kaspersky 7.0.0.125 2010.02.01 -
McAfee 5878 2010.01.31 -
McAfee+Artemis 5878 2010.01.31 -
McAfee-GW-Edition 6.8.5 2010.02.01 -
Microsoft 1.5406 2010.02.01 -
NOD32 4823 2010.02.01 -
Norman 6.04.03 2010.01.31 -
nProtect 2009.1.8.0 2010.02.01 -
Panda 10.0.2.2 2010.01.31 -
PCTools 7.0.3.5 2010.02.01 -
Prevx 3.0 2010.02.01 -
Rising 22.33.00.04 2010.02.01 -
Sophos 4.50.0 2010.02.01 -
Sunbelt 3.2.1858.2 2010.01.31 -
Symantec 20091.2.0.41 2010.02.01 -
TheHacker 6.5.1.0.175 2010.02.01 -
TrendMicro 9.120.0.1004 2010.02.01 -
VBA32 3.12.12.1 2010.01.29 -
ViRobot 2010.2.1.2165 2010.02.01 -
VirusBuster 5.0.21.0 2010.01.31 -
Rozšiřující informace
File size: 94208 bytes
MD5...: c560098d303aaf8103ee0c187d20a111
SHA1..: a4553e55b1f595d080355e349cc3ca7be13431ba
SHA256: 5e1ffb4ddad7c8d380b8d5fd948c80d6d6916e7a10bfe6e1186002f2bdaab7f5
ssdeep: 1536:t1rHIXNAD2lexKekOQjqkZV59SMttP6ki8j80I3JH:7rHiNADWW9O9ZV59S
MtCJH
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1a90
timedatestamp.....: 0x442a373c (Wed Mar 29 07:29:00 2006)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x9f0e 0xa000 6.38 3ed13cda4ec79690fcd5171ac43bcccb
.rdata 0xb000 0x152e 0x2000 4.03 215e47ae03e3290cbd30a4c34264c172
.data 0xd000 0x7520 0x7000 6.21 5f8c5b2177f75a3c24a4618434d03387
.rsrc 0x15000 0x330 0x1000 0.86 22762c8d673aa35f98160aa72cf511bf
.reloc 0x16000 0x1ad2 0x2000 3.33 b097bc3ba0e1411bc37d483a07f5e101

( 10 imports )
> KERNEL32.dll: GetProcessHeap, CreateFileA, GetModuleFileNameA, CreateEventA, CloseHandle, InterlockedDecrement, InterlockedIncrement, DisableThreadLibraryCalls, GetLastError, MultiByteToWideChar, lstrlenA, GetVersionExA, GetSystemDirectoryA, lstrcmpiA, lstrcatA, LoadLibraryA, FreeLibrary, GetFullPathNameA, lstrcmpA, WaitForSingleObject, MulDiv, OutputDebugStringA, HeapFree, HeapAlloc
> ADVAPI32.dll: RegCloseKey, RegEnumKeyExA, RegCreateKeyExA, RegDeleteValueA, RegDeleteKeyA, RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegCreateKeyA, RegSetValueA, RegSetValueExA
> USER32.dll: SetDlgItemInt, MessageBoxA, GetDlgItemInt, SetWindowTextA, EnableWindow, GetDlgItem, BroadcastSystemMessage, GetForegroundWindow, GetDialogBaseUnits, wvsprintfA, IsWindowEnabled, GetDC, ReleaseDC, SendMessageA, RegisterWindowMessageA, GetDesktopWindow, GetWindowRect, LoadStringW, LoadStringA, wsprintfA, DestroyWindow, ShowWindow, InvalidateRect, MoveWindow, CreateDialogParamA, SetWindowLongA, GetWindowLongA, GetParent
> COMCTL32.dll: InitCommonControlsEx, CreatePropertySheetPageA
> ole32.dll: CoTaskMemFree, CoInitialize, CoTaskMemAlloc, CoCreateInstance, StringFromGUID2, CoFreeUnusedLibraries, CoUninitialize
> MSVCRT.dll: atoi, _stricmp, strtok, _ftol, _purecall, __2@YAPAXI@Z, __3@YAXPAX@Z, __CxxFrameHandler, strncpy
> GDI32.dll: GetTextMetricsA
> SETUPAPI.dll: SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInfo, SetupDiEnumDeviceInterfaces, SetupDiGetClassDevsA, SetupDiGetDeviceRegistryPropertyA, SetupDiGetDeviceInterfaceDetailA, SetupDiOpenDeviceInterfaceRegKey
> SHLWAPI.dll: SHDeleteKeyA
> ksproxy.ax: KsSynchronousDeviceControl

( 5 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, VFWWDMExtension
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: DirectShow filter (90.9%)
Win32 Executable Generic (3.8%)
Win32 Dynamic Link Library (generic) (3.4%)
Generic Win/DOS Executable (0.9%)
DOS Executable Generic (0.9%)
sigcheck:
publisher....: Creative Technology Ltd.
copyright....: Copyright (c) Creative Technology Ltd., 2006
product......: n/a
description..: DirectShow/VFW Extension property page
original name: V0260Ext.ax
internal name: n/a
file version.: 1.00.04.00
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

ComboFix 10-01-30.04 - Acer NB 01.02.2010 9:15.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2037.931 [GMT 1:00]
Spuštěný z: c:\users\Acer NB\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Acer NB\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1174427522-2199573224-3379719715-1000Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1174427522-2199573224-3379719715-1000UA.job"
"F:\lxmo.cmd"
"f:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\ICQ6Toolbar\VersionNew.txt
c:\program files\SweetIM\Toolbars
c:\program files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\default.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\msvcp71.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\msvcr71.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Bookmarks_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Email_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Games_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Greetingcards_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Logo.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Mobile_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Music_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\News_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Shoping_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\sweetimicons.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\version.txt
c:\program files\Yahoo!
c:\program files\Yahoo!\Common\unyt.exe
c:\program files\Yahoo!\Companion\Data\dlg_atb.html
c:\program files\Yahoo!\Companion\Data\dlg_catb.html
c:\program files\Yahoo!\Companion\Data\dlg_cnf.html
c:\program files\Yahoo!\Companion\Data\dlg_cotb.html
c:\program files\Yahoo!\Companion\Data\dlg_ctb.html
c:\program files\Yahoo!\Companion\Data\dlg_fantip.html
c:\program files\Yahoo!\Companion\Data\dlg_fantipg.html
c:\program files\Yahoo!\Companion\Data\dlg_fintip.html
c:\program files\Yahoo!\Companion\Data\dlg_fintipg.html
c:\program files\Yahoo!\Companion\Data\dlg_grptip.html
c:\program files\Yahoo!\Companion\Data\dlg_grptipg.html
c:\program files\Yahoo!\Companion\Data\dlg_logtip.html
c:\program files\Yahoo!\Companion\Data\dlg_mailatip.html
c:\program files\Yahoo!\Companion\Data\dlg_mailtip.html
c:\program files\Yahoo!\Companion\Data\dlg_map.html
c:\program files\Yahoo!\Companion\Data\dlg_mlbtip.html
c:\program files\Yahoo!\Companion\Data\dlg_mlbtipg.html
c:\program files\Yahoo!\Companion\Data\dlg_msgratip.html
c:\program files\Yahoo!\Companion\Data\dlg_msgrtip.html
c:\program files\Yahoo!\Companion\Data\dlg_nbatip.html
c:\program files\Yahoo!\Companion\Data\dlg_nbatipg.html
c:\program files\Yahoo!\Companion\Data\dlg_newstip.html
c:\program files\Yahoo!\Companion\Data\dlg_newstipg.html
c:\program files\Yahoo!\Companion\Data\dlg_nfltip.html
c:\program files\Yahoo!\Companion\Data\dlg_nfltipg.html
c:\program files\Yahoo!\Companion\Data\dlg_opt.html
c:\program files\Yahoo!\Companion\Data\dlg_pub.html
c:\program files\Yahoo!\Companion\Data\dlg_srchtip.html
c:\program files\Yahoo!\Companion\Data\dlg_upg.html
c:\program files\Yahoo!\Companion\Data\dlg_wp.html
c:\program files\Yahoo!\Companion\Installs\cpn\inyt.exe
c:\program files\Yahoo!\Companion\Installs\cpn\inyt.exe.manifest
c:\program files\Yahoo!\Companion\Installs\cpn\pubmod.dll
c:\program files\Yahoo!\Companion\Installs\cpn\YMERemote.dll
c:\program files\Yahoo!\Companion\Installs\cpn\YPUBC.dll
c:\program files\Yahoo!\Companion\Installs\cpn\yt.dll
c:\program files\Yahoo!\Companion\Installs\cpn\YTabBar.dll
c:\program files\Yahoo!\Companion\Installs\cpn\YTAntiSpy.dll
c:\program files\Yahoo!\Companion\Installs\cpn\YTBM.dll
c:\program files\Yahoo!\Companion\Installs\cpn\YTMsgr.dll
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1174427522-2199573224-3379719715-1000Core.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1174427522-2199573224-3379719715-1000UA.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ICQ Service


((((((((((((((((((((((((( Soubory vytvořené od 2010-01-01 do 2010-02-01 )))))))))))))))))))))))))))))))
.

2010-02-01 08:24 . 2010-02-01 08:27 -------- d-----w- c:\users\Acer NB\AppData\Local\temp
2010-02-01 08:24 . 2010-02-01 08:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-31 08:12 . 2010-01-31 08:15 -------- d-----w- c:\windows\system32\ca-ES
2010-01-31 08:12 . 2010-01-31 08:15 -------- d-----w- c:\windows\system32\eu-ES
2010-01-31 08:12 . 2010-01-31 08:15 -------- d-----w- c:\windows\system32\vi-VN
2010-01-31 08:06 . 2008-02-13 06:59 98304 ----a-w- c:\windows\RTKAUDIOSERVICE.EXE
2010-01-31 07:35 . 2010-01-31 07:35 -------- d-----w- c:\windows\system32\EventProviders
2010-01-30 16:28 . 2010-01-30 16:28 -------- d-----w- C:\rsit
2010-01-30 16:28 . 2010-01-30 16:28 -------- d-----w- c:\program files\trend micro
2010-01-30 15:42 . 2010-01-30 15:42 -------- d-----w- c:\program files\Lavalys
2010-01-13 12:01 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 12:01 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-01 08:25 . 2008-09-29 18:37 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-01 08:23 . 2008-12-28 23:25 -------- d-----w- c:\program files\SweetIM
2010-02-01 08:09 . 2008-01-21 06:46 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-02-01 08:09 . 2008-01-21 06:46 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-01-31 08:51 . 2009-06-12 13:56 -------- d-----w- c:\program files\ICQ6.5
2010-01-31 08:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-01-31 08:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-31 08:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-01-31 08:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-01-31 08:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-01-31 08:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-01-31 08:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-01-31 08:12 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-01-30 16:31 . 2008-12-28 16:40 -------- d-----w- c:\users\Acer NB\AppData\Roaming\Skype
2010-01-30 16:24 . 2008-04-18 23:40 -------- d-----w- c:\programdata\McAfee
2010-01-30 15:34 . 2008-10-02 15:53 -------- d-----w- c:\users\Acer NB\AppData\Roaming\ICQ
2010-01-30 15:08 . 2008-12-28 16:43 -------- d-----w- c:\users\Acer NB\AppData\Roaming\skypePM
2010-01-21 13:06 . 2009-12-07 15:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 10:12 . 2009-10-02 19:32 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 12:07 . 2008-07-10 09:18 70104 ----a-w- c:\users\Acer NB\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-13 11:58 . 2008-04-18 23:31 -------- d-----w- c:\programdata\Microsoft Help
2010-01-13 11:54 . 2008-04-18 23:33 -------- d-----w- c:\program files\Microsoft Works
2010-01-02 06:38 . 2010-01-22 15:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 15:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 15:28 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 15:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-18 09:30 . 2009-12-18 09:30 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-11-20 14:49 . 2009-11-20 14:49 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-09 12:31 . 2009-12-13 03:47 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-13 03:47 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-13 03:47 411648 ----a-w- c:\windows\system32\drivers\http.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0260Ext.ax"="c:\windows\system32\V0260Ext.ax" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-22 133656]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-04 768520]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"V0260Cfg.exe"="V0260Cfg.exe" [2006-03-27 32874]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-4-19 535336]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-9-30 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Acer NB^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
path=c:\users\Acer NB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
backup=c:\windows\pss\Orion.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-01-22 09:14 200704 ------w- c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-12-07 14:08 21686568 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2008-12-02 09:02 111928 ----a-r- c:\program files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):23,ab,bc,d9,4e,a2,ca,01

R0 pe3anmub;Ubersoldier 2 Environment Driver (pe3anmub);c:\windows\System32\drivers\pe3anmub.sys [14.12.2007 17:24 65152]
R0 ps7anmub;Ubersoldier 2 Synchronization Driver (ps7anmub);c:\windows\System32\drivers\ps7anmub.sys [14.12.2007 17:23 68744]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [10.9.2009 16:19 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [14.9.2009 20:05 108552]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [10.7.2008 10:22 41456]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [14.9.2009 20:04 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [14.9.2009 20:04 297752]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [19.4.2008 8:55 180736]
S2 pr2anmub;Ubersoldier 2 Drivers Auto Removal (pr2anmub);c:\windows\system32\pr2anmub.exe svc --> c:\windows\system32\pr2anmub.exe svc [?]
S3 V0260VID;Live! Cam Vista IM;c:\windows\System32\drivers\V0260Vid.sys [2.11.2009 15:30 178913]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'

2010-02-01 c:\windows\Tasks\User_Feed_Synchronization-{3A69FF95-3F29-4701-867A-3C23EC30A2A3}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Acer NB\AppData\Roaming\Mozilla\Firefox\Profiles\mbcovh9q.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - plugin: c:\users\Acer NB\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-Yahoo! Companion - c:\progra~1\Yahoo!\Common\unyt.exe



**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(2688)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2010-02-01 09:34:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-01 08:34
ComboFix2.txt 2010-01-31 08:58

Před spuštěním: Volných bajtů: 18 712 489 984
Po spuštění: Volných bajtů: 18 388 406 272

- - End Of File - - 265DD439C60AC24AF61BF2B31479DD94

Dobrá, prosím o nový RSIT log.
Plus další pokyn...

~~~

Stáhněte MbAM a postupujte podle popisu. Zatím nic nemažte, MbAM má občas falešné detekce.
Potom mi sem vložte log.

Tak Ten Mbam nenašel žádne viry...a log dělám hned jak skončí pošlu ho

ComboFix 10-01-30.04 - Acer NB 01.02.2010 12:54:36.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2037.974 [GMT 1:00]
Spuštěný z: c:\users\Acer NB\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-01 do 2010-02-01 )))))))))))))))))))))))))))))))
.

2010-02-01 12:03 . 2010-02-01 12:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-01 12:03 . 2010-02-01 12:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-01 11:06 . 2010-02-01 11:06 -------- d-----w- c:\users\Acer NB\AppData\Roaming\Malwarebytes
2010-02-01 11:05 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-01 11:05 . 2010-02-01 11:05 -------- d-----w- c:\programdata\Malwarebytes
2010-02-01 11:05 . 2010-02-01 11:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-01 11:05 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-01 08:34 . 2010-02-01 12:03 -------- d-----w- c:\users\Acer NB\AppData\Local\temp
2010-01-30 15:42 . 2010-01-30 15:42 -------- d-----w- c:\program files\Lavalys
2010-01-13 12:01 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 12:01 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-01 08:44 . 2008-01-21 06:46 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-02-01 08:44 . 2008-01-21 06:46 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-02-01 08:38 . 2008-09-29 18:37 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-01 08:23 . 2008-12-28 23:25 -------- d-----w- c:\program files\SweetIM
2010-01-31 08:51 . 2009-06-12 13:56 -------- d-----w- c:\program files\ICQ6.5
2010-01-31 08:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-01-31 08:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-31 08:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-01-31 08:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-01-31 08:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-01-31 08:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-01-31 08:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-01-31 08:12 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-01-30 16:31 . 2008-12-28 16:40 -------- d-----w- c:\users\Acer NB\AppData\Roaming\Skype
2010-01-30 16:28 . 2010-01-30 16:28 -------- d-----w- c:\program files\trend micro
2010-01-30 16:24 . 2008-04-18 23:40 -------- d-----w- c:\programdata\McAfee
2010-01-30 15:34 . 2008-10-02 15:53 -------- d-----w- c:\users\Acer NB\AppData\Roaming\ICQ
2010-01-30 15:08 . 2008-12-28 16:43 -------- d-----w- c:\users\Acer NB\AppData\Roaming\skypePM
2010-01-21 13:06 . 2009-12-07 15:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 10:12 . 2009-10-02 19:32 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 12:07 . 2008-07-10 09:18 70104 ----a-w- c:\users\Acer NB\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-13 11:58 . 2008-04-18 23:31 -------- d-----w- c:\programdata\Microsoft Help
2010-01-13 11:54 . 2008-04-18 23:33 -------- d-----w- c:\program files\Microsoft Works
2010-01-02 06:38 . 2010-01-22 15:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 15:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 15:28 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 15:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-18 09:30 . 2009-12-18 09:30 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-11-20 14:49 . 2009-11-20 14:49 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-09 12:31 . 2009-12-13 03:47 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-13 03:47 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-13 03:47 411648 ----a-w- c:\windows\system32\drivers\http.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0260Ext.ax"="c:\windows\system32\V0260Ext.ax" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-22 133656]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-04 768520]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"V0260Cfg.exe"="V0260Cfg.exe" [2006-03-27 32874]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-4-19 535336]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-9-30 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Acer NB^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
path=c:\users\Acer NB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
backup=c:\windows\pss\Orion.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-01-22 09:14 200704 ------w- c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-12-07 14:08 21686568 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2008-12-02 09:02 111928 ----a-r- c:\program files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):23,ab,bc,d9,4e,a2,ca,01

R0 pe3anmub;Ubersoldier 2 Environment Driver (pe3anmub);c:\windows\System32\drivers\pe3anmub.sys [14.12.2007 17:24 65152]
R0 ps7anmub;Ubersoldier 2 Synchronization Driver (ps7anmub);c:\windows\System32\drivers\ps7anmub.sys [14.12.2007 17:23 68744]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [10.9.2009 16:19 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [14.9.2009 20:05 108552]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [10.7.2008 10:22 41456]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [14.9.2009 20:04 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [14.9.2009 20:04 297752]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [19.4.2008 8:55 180736]
S2 pr2anmub;Ubersoldier 2 Drivers Auto Removal (pr2anmub);c:\windows\system32\pr2anmub.exe svc --> c:\windows\system32\pr2anmub.exe svc [?]
S3 V0260VID;Live! Cam Vista IM;c:\windows\System32\drivers\V0260Vid.sys [2.11.2009 15:30 178913]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'

2010-02-01 c:\windows\Tasks\User_Feed_Synchronization-{3A69FF95-3F29-4701-867A-3C23EC30A2A3}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Acer NB\AppData\Roaming\Mozilla\Firefox\Profiles\mbcovh9q.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - plugin: c:\users\Acer NB\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-01 13:03
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Celkový čas: 2010-02-01 13:07:31
ComboFix-quarantined-files.txt 2010-02-01 12:07
ComboFix2.txt 2010-02-01 08:34
ComboFix3.txt 2010-01-31 08:58

Před spuštěním: Volných bajtů: 16 679 014 400
Po spuštění: Volných bajtů: 16 547 577 856

- - End Of File - - 1CFE16517E1BBFEFD1A720F390C653CF

nejhorší je že mi to pořád mění ip adrtesu na automatický příjem a tudíž mi to vypíná i interent a někd to vypne bránu firewall

Jak to myslíte, že Vám to mění IP adresu? A odkdy?
A prosím o nový RSIT log.

no zadávám ip adresu ručně kvuli internetu a parkrát po restartu se změní na příjem automaticky.....

Logfile of random's system information tool 1.06 (written by random/random)
Run by Acer NB at 2010-02-02 15:27:45
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 15 GB (22%) free of 70 GB
Total RAM: 2037 MB (46% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{3A69FF95-3F29-4701-867A-3C23EC30A2A3}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-12 1111320]
a
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-01-03 312368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-05 142896]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-03-11 5296128]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-05 525360]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-01-22 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-01-22 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-01-22 133656]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-01-04 768520]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-07-21 159744]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-12 2043160]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]
"V0260Cfg.exe"=V0260Cfg.exe /d:2 []
"C:\Windows\system32\V0260Ext.ax"=C:\Windows\system32\RegSvr32.exe [2006-11-02 14336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [2008-01-22 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2007-12-07 21686568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\SweetIM\Messenger\SweetIM.exe [2008-12-02 111928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Acer NB^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
C:\CONVES~1\Orion\MESSEN~1.EXE [2007-09-05 2482176]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-01-22 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-02-01 13:07:37 ----SHD---- C:\$RECYCLE.BIN
2010-02-01 13:07:33 ----D---- C:\Windows\temp
2010-02-01 13:07:32 ----A---- C:\ComboFix.txt
2010-02-01 12:53:14 ----D---- C:\ComboFix
2010-02-01 12:52:04 ----A---- C:\Windows\SWXCACLS.exe
2010-02-01 12:06:01 ----D---- C:\Users\Acer NB\AppData\Roaming\Malwarebytes
2010-02-01 12:05:38 ----D---- C:\ProgramData\Malwarebytes
2010-02-01 12:05:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-31 09:41:11 ----A---- C:\Windows\zip.exe
2010-01-31 09:41:11 ----A---- C:\Windows\SWSC.exe
2010-01-31 09:41:11 ----A---- C:\Windows\SWREG.exe
2010-01-31 09:41:11 ----A---- C:\Windows\sed.exe
2010-01-31 09:41:11 ----A---- C:\Windows\PEV.exe
2010-01-31 09:41:11 ----A---- C:\Windows\NIRCMD.exe
2010-01-31 09:41:11 ----A---- C:\Windows\MBR.exe
2010-01-31 09:41:11 ----A---- C:\Windows\grep.exe
2010-01-31 09:40:50 ----D---- C:\Windows\ERDNT
2010-01-31 09:31:57 ----D---- C:\Qoobox
2010-01-31 09:12:51 ----D---- C:\Windows\system32\eu-ES
2010-01-31 09:12:51 ----D---- C:\Windows\system32\ca-ES
2010-01-31 09:12:46 ----D---- C:\Windows\system32\vi-VN
2010-01-31 09:06:40 ----A---- C:\Windows\RTKAUDIOSERVICE.EXE
2010-01-31 08:35:45 ----D---- C:\Windows\system32\EventProviders
2010-01-30 17:28:30 ----D---- C:\rsit
2010-01-30 17:28:30 ----D---- C:\Program Files\trend micro
2010-01-30 17:28:26 ----D---- C:\Windows\pss
2010-01-30 16:42:25 ----D---- C:\Program Files\Lavalys
2010-01-22 16:28:21 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 16:28:20 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 16:28:18 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 16:28:18 ----A---- C:\Windows\system32\iertutil.dll
2010-01-22 16:28:17 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 16:28:17 ----A---- C:\Windows\system32\occache.dll
2010-01-22 16:28:17 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-22 16:28:17 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-22 16:28:16 ----A---- C:\Windows\system32\ieui.dll
2010-01-22 16:28:15 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-22 16:28:15 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-22 16:28:15 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-22 16:28:15 ----A---- C:\Windows\system32\iepeers.dll
2010-01-22 16:28:14 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-22 16:28:14 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-22 16:28:13 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-22 16:28:13 ----A---- C:\Windows\system32\iesetup.dll
2010-01-22 16:28:13 ----A---- C:\Windows\system32\iernonce.dll
2010-01-13 13:57:08 ----D---- C:\Windows\Minidump
2010-01-13 13:01:40 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 13:01:40 ----A---- C:\Windows\system32\fontsub.dll

======List of files/folders modified in the last 1 months======

2010-02-01 18:41:58 ----D---- C:\Windows\system32\WDI
2010-02-01 18:40:50 ----D---- C:\Windows
2010-02-01 18:39:20 ----D---- C:\Windows\winsxs
2010-02-01 18:39:09 ----D---- C:\Windows\inf
2010-02-01 18:38:27 ----D---- C:\Windows\system32\drivers
2010-02-01 18:38:27 ----D---- C:\Windows\System32
2010-02-01 18:31:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-01 13:03:26 ----A---- C:\Windows\system.ini
2010-02-01 12:59:02 ----D---- C:\Windows\AppPatch
2010-02-01 12:59:01 ----D---- C:\Program Files\Common Files
2010-02-01 12:05:38 ----D---- C:\ProgramData
2010-02-01 12:05:37 ----RD---- C:\Program Files
2010-02-01 11:50:08 ----D---- C:\Windows\system32\catroot
2010-02-01 11:49:09 ----D---- C:\Windows\system32\catroot2
2010-02-01 11:46:45 ----SHD---- C:\System Volume Information
2010-02-01 09:24:57 ----D---- C:\Boot
2010-02-01 09:24:56 ----D---- C:\Windows\system32\config
2010-02-01 09:23:43 ----D---- C:\Windows\Tasks
2010-02-01 09:23:43 ----D---- C:\Program Files\SweetIM
2010-01-31 10:02:24 ----D---- C:\Program Files\Mozilla Firefox
2010-01-31 09:56:45 ----D---- C:\Windows\Microsoft.NET
2010-01-31 09:56:42 ----RSD---- C:\Windows\assembly
2010-01-31 09:51:21 ----D---- C:\Program Files\ICQ6.5
2010-01-31 09:37:08 ----D---- C:\Windows\rescache
2010-01-31 09:16:35 ----D---- C:\Program Files\Windows Calendar
2010-01-31 09:16:34 ----D---- C:\Program Files\Windows Mail
2010-01-31 09:16:34 ----D---- C:\Program Files\Movie Maker
2010-01-31 09:16:31 ----D---- C:\Program Files\Windows Sidebar
2010-01-31 09:16:31 ----D---- C:\Program Files\Windows Media Player
2010-01-31 09:16:31 ----D---- C:\Program Files\Internet Explorer
2010-01-31 09:16:30 ----D---- C:\Program Files\Windows Journal
2010-01-31 09:16:30 ----D---- C:\Program Files\Windows Collaboration
2010-01-31 09:16:26 ----D---- C:\Program Files\Common Files\System
2010-01-31 09:16:25 ----D---- C:\Program Files\Windows Photo Gallery
2010-01-31 09:16:16 ----D---- C:\Program Files\Windows Defender
2010-01-31 09:16:15 ----D---- C:\Windows\servicing
2010-01-31 09:16:15 ----D---- C:\Windows\ehome
2010-01-31 09:15:32 ----D---- C:\Windows\system32\XPSViewer
2010-01-31 09:15:32 ----D---- C:\Windows\system32\sk-SK
2010-01-31 09:15:32 ----D---- C:\Windows\system32\oobe
2010-01-31 09:15:32 ----D---- C:\Windows\system32\lv-LV
2010-01-31 09:15:32 ----D---- C:\Windows\system32\ko-KR
2010-01-31 09:15:32 ----D---- C:\Windows\system32\it-IT
2010-01-31 09:15:32 ----D---- C:\Windows\system32\hr-HR
2010-01-31 09:15:32 ----D---- C:\Windows\system32\et-EE
2010-01-31 09:15:32 ----D---- C:\Windows\system32\en-US
2010-01-31 09:15:32 ----D---- C:\Windows\system32\el-GR
2010-01-31 09:15:32 ----D---- C:\Windows\system32\de-DE
2010-01-31 09:15:32 ----D---- C:\Windows\system32\da-DK
2010-01-31 09:15:32 ----D---- C:\Windows\IME
2010-01-31 09:15:31 ----D---- C:\Windows\system32\migration
2010-01-31 09:15:24 ----D---- C:\Windows\system32\sv-SE
2010-01-31 09:15:24 ----D---- C:\Windows\system32\ru-RU
2010-01-31 09:15:24 ----D---- C:\Windows\system32\he-IL
2010-01-31 09:15:24 ----D---- C:\Windows\system32\fr-FR
2010-01-31 09:15:24 ----D---- C:\Windows\system32\AdvancedInstallers
2010-01-31 09:15:23 ----D---- C:\Windows\system32\setup
2010-01-31 09:15:23 ----D---- C:\Windows\system32\fi-FI
2010-01-31 09:15:23 ----D---- C:\Windows\system32\cs-CZ
2010-01-31 09:15:23 ----D---- C:\Windows\system32\cs
2010-01-31 09:15:21 ----D---- C:\Windows\system32\SLUI
2010-01-31 09:15:21 ----D---- C:\Windows\system32\pt-PT
2010-01-31 09:15:21 ----D---- C:\Windows\system32\hu-HU
2010-01-31 09:15:20 ----D---- C:\Windows\system32\zh-TW
2010-01-31 09:15:20 ----D---- C:\Windows\system32\zh-CN
2010-01-31 09:15:20 ----D---- C:\Windows\system32\uk-UA
2010-01-31 09:15:20 ----D---- C:\Windows\system32\sr-Latn-CS
2010-01-31 09:15:20 ----D---- C:\Windows\system32\sl-SI
2010-01-31 09:15:20 ----D---- C:\Windows\system32\ro-RO
2010-01-31 09:15:20 ----D---- C:\Windows\system32\pl-PL
2010-01-31 09:15:20 ----D---- C:\Windows\system32\manifeststore
2010-01-31 09:15:20 ----D---- C:\Windows\system32\ja-JP
2010-01-31 09:15:20 ----D---- C:\Windows\system32\es-ES
2010-01-31 09:15:20 ----D---- C:\Windows\system32\bg-BG
2010-01-31 09:15:19 ----D---- C:\Windows\system32\th-TH
2010-01-31 09:15:16 ----D---- C:\Windows\system32\wbem
2010-01-31 09:15:16 ----D---- C:\Windows\system32\tr-TR
2010-01-31 09:15:12 ----D---- C:\Windows\system32\nl-NL
2010-01-31 09:15:12 ----D---- C:\Windows\system32\nb-NO
2010-01-31 09:15:12 ----D---- C:\Windows\system32\lt-LT
2010-01-31 09:15:12 ----D---- C:\Windows\system32\ar-SA
2010-01-31 09:15:10 ----D---- C:\Windows\system32\migwiz
2010-01-31 09:15:09 ----D---- C:\Windows\system32\pt-BR
2010-01-31 09:12:58 ----RSD---- C:\Windows\Fonts
2010-01-31 09:12:46 ----D---- C:\Windows\system32\Boot
2010-01-31 09:10:46 ----D---- C:\Windows\system32\RTCOM
2010-01-30 17:31:13 ----D---- C:\Users\Acer NB\AppData\Roaming\Skype
2010-01-30 17:24:53 ----D---- C:\ProgramData\McAfee
2010-01-30 16:42:37 ----SD---- C:\ProgramData\Microsoft
2010-01-30 16:34:50 ----D---- C:\Users\Acer NB\AppData\Roaming\ICQ
2010-01-30 16:08:55 ----D---- C:\Users\Acer NB\AppData\Roaming\skypePM
2010-01-21 14:06:15 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-21 12:35:44 ----SHD---- C:\Windows\Installer
2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-01-13 14:11:51 ----D---- C:\Windows\Prefetch
2010-01-13 12:58:40 ----D---- C:\ProgramData\Microsoft Help
2010-01-13 12:55:35 ----D---- C:\Program Files\Common Files\microsoft shared
2010-01-13 12:54:02 ----D---- C:\Program Files\Microsoft Works
2010-01-09 13:13:34 ----D---- C:\$AVG8.VAULT$
2010-01-05 01:17:46 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-09-14 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-09-14 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-09-14 108552]
R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-04 41456]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2007-07-03 15392]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-01-03 16432]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-01-03 59952]
R2 RMCAST;Ovladač protokolu RMCAST (Pgm); C:\Windows\system32\DRIVERS\RMCAST.sys [2009-04-11 113664]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 8704]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2007-03-09 1163616]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-12-11 163376]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-07-30 743424]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-22 2016256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-03-11 2077080]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-04-19 6144]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 catchme;catchme; \??\C:\Users\ACERNB~1\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-04-26 984064]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-04-26 208384]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 V0260VID;Live! Cam Vista IM; C:\Windows\system32\DRIVERS\V0260Vid.sys [2006-11-03 178913]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-04-26 660480]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-09-14 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-09-14 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-05 497712]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-10-01 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-12-20 131072]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-19 24576]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-11-27 110592]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-12-04 266343]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-20 167936]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-01-30 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S2 pr2anmub;Ubersoldier 2 Drivers Auto Removal (pr2anmub); C:\Windows\system32\pr2anmub.exe [2007-12-14 411000]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Tak to doopravdy nevím. Odkdy to dělá?

~~~

Stáhněte OTM na Plochu. Spusťte ho dvojklikem na OTM.exe, pokud máte Vistu, pravým tlačítkem na soubor -> Run as Administrator [spustit jako administrátor].
Do levého okna 'Paste Instructions for Items to be Moved' vkopírujte následující skript: Poté klikněte na červené tlačítko 'MoveIt!'.
V zeleném okně vpravo by se měl zobrazit log, ten vkopírujete sem do fóra. Pokud se zobrazí hláška k restartování, klikněte na Yes. Po restartu log najdete v C:\_OTM\MovedFiles