VIRY.CZ

Vypadává připojení k internetu a procházení místní sítě symantec vždycky něco najde a odstraní prosím o pomoc jsem už z toho na švestku

vkládám log z Rsit:
Logfile of random's system information tool 1.06 (written by random/random)
Run by syrovy at 2010-03-12 08:56:48
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (5%) free of 112 GB
Total RAM: 2014 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:11, on 12.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATLAS consulting\RegServer\RegSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Firebird_2_0\bin\fbserver.exe
C:\KMnetAdmin\JBoss\bin\kwrapper.exe
C:\Java_5.0\bin\java.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\KMnetAdmin\bin\kwrapper.exe
C:\KMnetAdmin\bin\kwrapper.exe
C:\Program Files\Synology Data Replicator 3\SynoDrService.exe
C:\Java_5.0\bin\java.exe
C:\Java_5.0\bin\java.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\syrovy\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\instal\RSIT.exe
C:\Program Files\trend micro\syrovy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gateway.liberec.cz:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://www.liberec.cz;tsml;servereso;*.secar;traceonline.secar.cz;82.99.137.50;ipodatelna.hypotecnibanka.cz;10.18.*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Kerio VPN Client] "C:\Program Files\Kerio\VPN Client\kvpnclient.exe" /tryauto
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [Nod32 Service] nod64.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\RunServices: [Nod32 Service] nod64.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [HKCU] C:\WINDOWS\install\winse.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\install\winse.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [HKCU] C:\WINDOWS\install\winse.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\install\winse.exe (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {D12DA50D-027D-48F8-9B7C-6C21FC736B80} - C:\WINDOWS\DOWNLO~1\necli400.dll
O9 - Extra 'Tools' menuitem: &Nastavení Eso 9 klient 4.0 - {D12DA50D-027D-48F8-9B7C-6C21FC736B80} - C:\WINDOWS\DOWNLO~1\necli400.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://gateway.liberec.cz
O15 - Trusted Zone: http://mail.liberec.cz
O15 - Trusted Zone: http://www.mojebanka.cz
O15 - Trusted Zone: http://*.mojebanka.cz
O15 - Trusted Zone: http://traceonline.secar.cz
O15 - Trusted Zone: http://*.server2
O15 - Trusted Zone: http://*.servereso
O15 - Trusted Zone: http://erp.tsml.cz
O15 - Trusted Zone: http://gateway.liberec.cz (HKLM)
O15 - Trusted Zone: http://mail.liberec.cz (HKLM)
O15 - Trusted Zone: http://www.mojebanka.cz (HKLM)
O15 - Trusted Zone: http://*.mojebanka.cz (HKLM)
O15 - Trusted Zone: http://traceonline.secar.cz (HKLM)
O15 - Trusted Zone: http://*.server2 (HKLM)
O15 - Trusted Zone: http://*.servereso (HKLM)
O15 - Trusted Zone: http://erp.tsml.cz (HKLM)
O16 - DPF: nvEPLMedia - http://10.18.12.71/nvEPLMedia.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {23D422A0-0DB2-4DDE-92D1-BD4313F758DD} (Eso9Client.IE.PageCtl) - http://servereso/Eso9Supp.net/LIB/CAB/Eso9Client0.cab
O16 - DPF: {33730EE7-E29A-44F0-8384-521954F0C983} (Eso 9 klientské komponenty verze 4.0) - http://servereso/Eso9Supp.net/LIB/CAB/necli400.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7190351531
O16 - DPF: {DB7ACFA2-9634-4C98-BC9D-FB9416153022} (nvEPLMedia Control) - http://10.18.12.74/nvEPLMedia.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ts.mml.liberec.cz
O17 - HKLM\Software\..\Telephony: DomainName = ts.mml.liberec.cz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ts.mml.liberec.cz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ts.mml.liberec.cz
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ts.mml.liberec.cz
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = ts.mml.liberec.cz
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = ts.mml.liberec.cz
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: Domain = ts.mml.liberec.cz
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: Domain = ts.mml.liberec.cz
O17 - HKLM\System\CS8\Services\Tcpip\Parameters: Domain = ts.mml.liberec.cz
O17 - HKLM\System\CS9\Services\Tcpip\Parameters: Domain = ts.mml.liberec.cz
O17 - HKLM\System\CS10\Services\Tcpip\Parameters: Domain = ts.mml.liberec.cz
O17 - HKLM\System\CS11\Services\Tcpip\Parameters: Domain = ts.mml.liberec.cz
O20 - Winlogon Notify: RailNotification - C:\WINDOWS\SYSTEM32\winlogonnotification.dll
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Atlas Registration Server (AtlasRegServer) - ATLAS consulting, spol. s r.o. - C:\Program Files\ATLAS consulting\RegServer\RegSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Aplikace Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Unknown owner - C:\Firebird_2_0\bin\fbguard.exe (file missing)
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Firebird_2_0\bin\fbserver.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: JBoss Application Server (JBoss) - Unknown owner - C:\KMnetAdmin\JBoss\bin\kwrapper.exe
O23 - Service: KMnetAdmin Report Service (KMnetAdminReportService) - Unknown owner - C:\KMnetAdmin\bin\kwrapper.exe
O23 - Service: KMnetAdmin Service (KMnetAdminService) - Unknown owner - C:\KMnetAdmin\bin\kwrapper.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Unknown owner - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SynoDrService - Unknown owner - C:\Program Files\Synology Data Replicator 3\SynoDrService.exe
O23 - Service: SheColle Authorization servert (teparting serverlt) - Unknown owner - C:\WINDOWS\system32\serveri_Wrokind.exe (file missing)
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: WMI Performance (WMI Performance Adapter) - Unknown owner - C:\Program Files\51Remote\51Remote.exe (file missing)
O23 - Service: WMI Adapter Performance (WmiApSvr) - Unknown owner - C:\WINDOWS\system32\wmiapsrv.exe (file missing)

--
End of file - 15177 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\SmartDefrag.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
IObitCom Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
{31c7d459-9cc3-44f2-9dca-fc11795309b4} - []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-11-30 835584]
"ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2007-10-03 471040]
"Boot"=C:\Acer\Empowering Technology\ePower\Boot.exe [2006-03-15 579584]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-28 282624]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2008-02-22 62760]
"Kerio VPN Client"=C:\Program Files\Kerio\VPN Client\kvpnclient.exe [2008-10-15 2965504]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-08-02 48752]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2007-11-16 91432]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-28 16132608]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2006-07-17 53248]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-05-16 213936]
"Nod32 Service"=C:\WINDOWS\system32\nod64.exe [2008-04-14 340992]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2008-04-14 143872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"T-Mobile Communication Centre"=C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [2010-01-28 1343400]

C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-08-11 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RailNotification]
C:\WINDOWS\system32\winlogonnotification.dll [2009-08-20 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=0
"DisableTaskMgr"=0
"DisableCAD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoSetActiveDesktop"=1
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=
"HonorAutoRunSetting"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
""=":*:Enabled:Nod32 Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======List of files/folders created in the last 1 months======

2010-03-12 08:56:48 ----D---- C:\rsit
2010-03-12 08:56:48 ----D---- C:\Program Files\trend micro
2010-03-12 08:48:28 ----D---- C:\Qoobox
2010-03-06 05:43:38 ----D---- C:\Program Files\Common Files\SourceTec
2010-03-03 09:39:04 ----D---- C:\eso9
2010-03-03 05:39:52 ----D---- C:\WINDOWS\ie7updates
2010-03-03 05:25:06 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2$
2010-03-03 05:24:13 ----D---- C:\WINDOWS\WBEM
2010-03-03 05:23:02 ----HDC---- C:\WINDOWS\ie7
2010-03-03 05:22:51 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2010-03-03 05:22:23 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2010-03-02 14:54:11 ----D---- C:\Documents and Settings\syrovy\Data aplikací\OfficeUpdate12
2010-03-02 14:45:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-03-02 14:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-03-02 09:07:22 ----D---- C:\Program Files\MSECache
2010-03-01 15:45:06 ----HDC---- C:\WINDOWS\$NtUninstallKB969084$
2010-03-01 15:43:50 ----HDC---- C:\WINDOWS\$NtUninstallKB961742-v3$
2010-02-26 20:11:26 ----D---- C:\dell
2010-02-26 18:35:56 ----A---- C:\WINDOWS\system32\UCI32M16.dll
2010-02-26 17:54:32 ----R---- C:\WINDOWS\O2Remove.EXE
2010-02-26 17:54:32 ----A---- C:\WINDOWS\system32\ct32.dll
2010-02-26 17:53:10 ----D---- C:\Program Files\Common Files\GtFlashSwitch
2010-02-26 17:52:23 ----D---- C:\Program Files\SUYIN
2010-02-26 17:52:23 ----D---- C:\Program Files\ACER Crystal Eye webcam
2010-02-26 17:50:31 ----A---- C:\WINDOWS\system32\log.txt
2010-02-26 17:50:30 ----A---- C:\WINDOWS\system32\mesoludlg.exe
2010-02-26 17:50:30 ----A---- C:\WINDOWS\system32\difxapi.dll
2010-02-26 17:49:17 ----A---- C:\WINDOWS\Alcmtr.exe
2010-02-26 17:40:04 ----N---- C:\WINDOWS\system32\Gtdetectsc.exe
2010-02-26 17:40:04 ----A---- C:\WINDOWS\system32\GtFlashSwitch.exe
2010-02-26 17:40:03 ----D---- C:\Program Files\Option
2010-02-26 15:28:38 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-26 15:24:56 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-26 15:24:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-26 15:24:37 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-26 15:24:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-26 15:24:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-26 15:24:04 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-26 15:23:56 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-26 15:23:48 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-26 15:23:34 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-02-26 15:23:24 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-02-26 15:23:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$
2010-02-26 15:23:10 ----D---- C:\Program Files\MSXML 4.0
2010-02-26 15:22:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-02-26 15:22:45 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-26 15:22:36 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-02-26 15:22:28 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-02-26 15:22:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-02-26 15:22:03 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-02-26 15:21:55 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-02-26 15:21:44 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-02-26 15:21:34 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-02-26 15:21:27 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-02-26 15:21:16 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-02-26 15:21:06 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-02-26 15:20:58 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-02-26 15:20:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-02-26 15:17:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-02-26 15:17:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-02-26 15:17:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-02-26 15:17:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-02-26 15:16:58 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-02-26 15:16:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-02-26 15:16:45 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-02-26 15:16:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-02-26 15:16:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-02-26 15:15:55 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-02-26 15:15:49 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-02-26 15:15:43 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-02-26 15:15:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-02-26 15:15:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-02-26 15:15:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-02-26 15:15:05 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-02-26 15:09:19 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-02-26 15:09:13 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-02-26 15:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-02-26 15:08:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-02-26 15:08:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-02-26 15:08:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2010-02-26 15:08:37 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-02-26 15:08:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-02-26 15:08:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-02-26 15:08:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-02-26 15:08:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-02-26 15:08:06 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-02-26 15:08:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-02-26 15:07:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-02-26 15:07:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-02-26 15:07:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-02-26 15:07:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-02-26 14:50:41 ----D---- C:\Program Files\OWCInst
2010-02-26 14:43:41 ----HDC---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2010-02-26 14:43:18 ----HDC---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2010-02-26 14:20:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2010-02-26 14:16:12 ----D---- C:\Documents and Settings\syrovy\Data aplikací\ATI
2010-02-26 14:16:12 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ATI
2010-02-26 14:09:19 ----D---- C:\ad43c965d1f1b0af6aa123f2a2b9
2010-02-26 14:00:34 ----D---- C:\c3e66dc69b8d977d865f4855
2010-02-26 13:47:10 ----D---- C:\ace708e58e18df62d7272d9ee0
2010-02-26 13:46:56 ----D---- C:\08f063e63ad6c3da2c
2010-02-26 13:40:39 ----HDC---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2010-02-26 13:22:27 ----D---- C:\WINDOWS\Prefetch
2010-02-26 13:19:05 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2010-02-26 12:57:12 ----A---- C:\WINDOWS\003325_.tmp
2010-02-26 12:51:07 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-02-26 10:24:06 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-02-26 10:23:51 ----HD---- C:\Program Files\WindowsUpdate
2010-02-26 10:23:48 ----D---- C:\Program Files\Online Services
2010-02-26 10:23:24 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-02-26 10:21:35 ----D---- C:\Program Files\ComPlus Applications
2010-02-26 10:01:23 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-02-26 10:01:23 ----A---- C:\WINDOWS\system32\irclass.dll
2010-02-26 10:01:08 ----RA---- C:\WINDOWS\SETB.tmp
2010-02-26 10:01:04 ----RA---- C:\WINDOWS\SET6.tmp
2010-02-26 10:01:02 ----RA---- C:\WINDOWS\SET5.tmp
2010-02-26 10:00:18 ----A---- C:\WINDOWS\setuplog.txt
2010-02-26 07:17:42 ----A---- C:\WINDOWS\imsins.BAK
2010-02-25 13:29:17 ----D---- C:\Program Files\Yamicsoft
2010-02-25 07:14:44 ----A---- C:\WINDOWS\system32\WmiConf.txt
2010-02-24 18:19:57 ----D---- C:\Documents and Settings\syrovy\Data aplikací\Samsung
2010-02-24 14:45:04 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\DriverScanner
2010-02-24 14:44:06 ----HDC---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2010-02-24 14:42:32 ----HDC---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
2010-02-24 14:42:18 ----RHD---- C:\AHCache
2010-02-24 14:11:55 ----D---- C:\RegBackup
2010-02-24 13:46:54 ----D---- C:\Program Files\Advanced Registry Doctor
2010-02-24 13:00:08 ----D---- C:\Documents and Settings\syrovy\Data aplikací\Uniblue
2010-02-24 13:00:02 ----D---- C:\Program Files\Uniblue
2010-02-23 18:15:44 ----A---- C:\WINDOWS\system32\acpimof.dll
2010-02-23 18:15:43 ----A---- C:\WINDOWS\system32\Epm-Po.dll
2010-02-22 09:40:50 ----A---- C:\WINDOWS\system32\eRecUtil.dll
2010-02-22 09:40:49 ----A---- C:\WINDOWS\system32\SysMonitor.exe
2010-02-22 08:42:23 ----D---- C:\Program Files\SIW
2010-02-19 13:18:07 ----D---- C:\Program Files\HDD Regenerator
2010-02-14 18:54:37 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2010-02-14 18:54:36 ----A---- C:\WINDOWS\system32\ff_vfw.dll

======List of files/folders modified in the last 1 months======

2010-03-12 08:56:48 ----RD---- C:\Program Files
2010-03-12 08:56:19 ----D---- C:\Program Files\Symantec AntiVirus
2010-03-12 08:55:44 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-12 08:55:42 ----HD---- C:\WINDOWS\inf
2010-03-12 08:55:42 ----D---- C:\WINDOWS
2010-03-12 08:40:04 ----D---- C:\WINDOWS\Temp
2010-03-12 08:37:57 ----HD---- C:\WINDOWS\system32
2010-03-12 08:35:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-12 06:41:47 ----SD---- C:\WINDOWS\Tasks
2010-03-12 06:36:27 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spyware Terminator
2010-03-12 06:36:08 ----D---- C:\Program Files\Spyware Terminator
2010-03-12 06:36:08 ----D---- C:\Documents and Settings\syrovy\Data aplikací\Spyware Terminator
2010-03-12 06:17:55 ----D---- C:\WINDOWS\security
2010-03-11 15:25:39 ----A---- C:\WINDOWS\PWK20.INI
2010-03-10 17:47:16 ----D---- C:\WINDOWS\system32\config
2010-03-08 20:10:13 ----RSD---- C:\WINDOWS\Fonts
2010-03-08 15:46:40 ----SHD---- C:\WINDOWS\Installer
2010-03-08 15:46:37 ----AC---- C:\WINDOWS\ODBC.INI
2010-03-08 15:45:22 ----A---- C:\WINDOWS\win.ini
2010-03-08 15:44:20 ----D---- C:\Program Files\Microsoft Works
2010-03-08 15:43:13 ----HD---- C:\WINDOWS\ShellNew
2010-03-08 15:42:21 ----D---- C:\Program Files\Common Files\Designer
2010-03-08 10:18:49 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-08 10:18:48 ----SHD---- C:\Config.Msi
2010-03-08 06:50:50 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-08 06:46:15 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Installations
2010-03-06 05:43:38 ----D---- C:\Program Files\Common Files
2010-03-04 08:43:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-03 18:49:54 ----D---- C:\data
2010-03-03 06:08:58 ----D---- C:\Program Files\Microsoft ActiveSync
2010-03-03 06:08:13 ----D---- C:\WINDOWS\Help
2010-03-03 06:08:13 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-03-03 06:07:00 ----D---- C:\Program Files\Common Files\L&H
2010-03-03 05:42:32 ----D---- C:\Program Files\Internet Explorer
2010-03-03 05:40:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-03 05:40:13 ----D---- C:\WINDOWS\system32\cs-cz
2010-03-03 05:39:18 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-03 05:34:13 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-03 05:34:13 ----D---- C:\Program Files\ESO9
2010-03-03 05:34:10 ----RSD---- C:\WINDOWS\assembly
2010-03-03 05:24:07 ----D---- C:\WINDOWS\Media
2010-03-03 04:17:10 ----SHD---- C:\WINDOWS\CSC
2010-03-02 14:45:19 ----D---- C:\WINDOWS\system32\drivers
2010-03-02 14:39:00 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft Help
2010-03-02 08:46:25 ----D---- C:\ABRATISK
2010-03-01 15:55:52 ----D---- C:\WINDOWS\system32\XPSViewer
2010-03-01 15:44:17 ----D---- C:\WINDOWS\system32\wbem
2010-02-28 21:42:16 ----D---- C:\WINDOWS\system32\inetsrv
2010-02-28 15:55:53 ----D---- C:\Documents and Settings\syrovy\Data aplikací\OpenOffice.org2
2010-02-28 15:51:02 ----D---- C:\WINDOWS\msapps
2010-02-28 15:51:02 ----D---- C:\Program Files\microsoft frontpage
2010-02-28 15:51:01 ----D---- C:\WINDOWS\system
2010-02-28 15:51:01 ----D---- C:\Program Files\Microsoft Office
2010-02-28 14:14:59 ----D---- C:\WINDOWS\cluster
2010-02-28 14:14:52 ----D---- C:\Program Files\CMAK
2010-02-26 20:08:51 ----D---- C:\Program Files\CONEXANT
2010-02-26 18:14:00 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-26 17:52:22 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-26 17:50:29 ----D---- C:\Program Files\Intel
2010-02-26 17:49:58 ----D---- C:\WINDOWS\system32\RTCOM
2010-02-26 17:49:17 ----D---- C:\Program Files\Realtek
2010-02-26 17:33:41 ----D---- C:\WINDOWS\AppPatch
2010-02-26 15:27:16 ----D---- C:\WINDOWS\WinSxS
2010-02-26 15:16:48 ----D---- C:\Program Files\Outlook Express
2010-02-26 15:14:58 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2010-02-26 15:08:09 ----D---- C:\Program Files\Messenger
2010-02-26 14:52:02 ----D---- C:\WINDOWS\SoftwareDistribution
2010-02-26 14:03:22 ----D---- C:\WINDOWS\system32\en-us
2010-02-26 13:21:47 ----D---- C:\WINDOWS\system32\Setup
2010-02-26 13:15:21 ----D---- C:\Program Files\Windows Media Player
2010-02-26 13:14:37 ----D---- C:\WINDOWS\ime
2010-02-26 13:13:54 ----D---- C:\WINDOWS\PeerNet
2010-02-26 13:13:54 ----D---- C:\Program Files\Movie Maker
2010-02-26 13:05:51 ----D---- C:\WINDOWS\system32\Restore
2010-02-26 13:05:50 ----D---- C:\WINDOWS\system32\npp
2010-02-26 13:05:48 ----D---- C:\WINDOWS\msagent
2010-02-26 13:05:43 ----D---- C:\WINDOWS\srchasst
2010-02-26 13:05:41 ----D---- C:\Program Files\NetMeeting
2010-02-26 13:05:37 ----D---- C:\WINDOWS\system32\Com
2010-02-26 13:05:29 ----D---- C:\Program Files\Windows NT
2010-02-26 13:05:20 ----D---- C:\Program Files\Common Files\System
2010-02-26 13:04:27 ----D---- C:\WINDOWS\system32\oobe
2010-02-26 13:04:25 ----D---- C:\WINDOWS\system32\usmt
2010-02-26 12:51:04 ----D---- C:\WINDOWS\ehome
2010-02-26 12:16:12 ----A---- C:\WINDOWS\ntbtlog.txt
2010-02-26 11:19:52 ----D---- C:\WINDOWS\Registration
2010-02-26 11:18:46 ----SHD---- C:\System Volume Information
2010-02-26 10:50:33 ----D---- C:\WINDOWS\system32\1029
2010-02-26 10:50:13 ----D---- C:\WINDOWS\twain_32
2010-02-26 10:49:03 ----D---- C:\WINDOWS\system32\icsxml
2010-02-26 10:48:21 ----D---- C:\WINDOWS\system32\ias
2010-02-26 10:48:14 ----D---- C:\WINDOWS\system32\1033
2010-02-26 10:46:58 ----D---- C:\WINDOWS\Driver Cache
2010-02-26 10:25:09 ----A---- C:\WINDOWS\OEWABLog.txt
2010-02-26 10:25:03 ----AC---- C:\WINDOWS\ODBCINST.INI
2010-02-26 10:24:08 ----RD---- C:\WINDOWS\Web
2010-02-26 10:23:59 ----RAHC---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-02-26 10:19:49 ----SH---- C:\boot.ini
2010-02-26 10:01:30 ----A---- C:\WINDOWS\system.ini
2010-02-26 10:01:11 ----ASH---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\desktop.ini
2010-02-26 05:27:43 ----D---- C:\WINDOWS\pss
2010-02-26 05:18:44 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-02-25 15:35:17 ----D---- C:\PWK20
2010-02-25 14:09:02 ----D---- C:\WINDOWS\system32\oldcatroot2
2010-02-25 14:09:02 ----D---- C:\Program Files\WinRAR
2010-02-25 14:08:51 ----D---- C:\Program Files\F-Recovery for SD
2010-02-25 14:08:50 ----D---- C:\Java_5.0
2010-02-25 14:07:52 ----D---- C:\Documents and Settings\syrovy\Data aplikací\uTorrent
2010-02-25 14:07:49 ----D---- C:\ABRAGOLD
2010-02-25 13:14:40 ----D---- C:\WINDOWS\Debug
2010-02-25 08:43:22 ----D---- C:\Program Files\Nvu
2010-02-25 08:43:12 ----D---- C:\Program Files\OE-Mail Recovery
2010-02-25 08:43:12 ----D---- C:\Program Files\GoldWave
2010-02-25 08:43:12 ----D---- C:\Program Files\DVDFab Platinum 4
2010-02-25 08:43:12 ----D---- C:\Program Files\aGuitar Pro 2
2010-02-25 08:43:11 ----D---- C:\Firebird_2_0
2010-02-25 08:43:06 ----D---- C:\Temp
2010-02-25 08:43:06 ----D---- C:\MyWorks
2010-02-25 08:43:02 ----D---- C:\Program Files\WinHex
2010-02-25 07:03:35 ----D---- C:\Program Files\PhotoRescue Pro
2010-02-25 06:55:04 ----D---- C:\WINDOWS\system32\MAGIX
2010-02-25 06:49:49 ----D---- C:\Program Files\FlashGet
2010-02-19 21:04:06 ----D---- C:\Documents and Settings\syrovy\Data aplikací\IObit
2010-02-19 21:04:02 ----D---- C:\Program Files\IObit
2010-02-19 13:55:54 ----D---- C:\WINDOWS\Downloaded Installations
2010-02-14 18:54:38 ----D---- C:\Program Files\ffdshow

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-09-04 5632]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-22 267192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 Ethpdrv;Ethernet Packet Driver; C:\WINDOWS\system32\DRIVERS\ethpdrv.sys [2007-08-01 16376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 SBKUPNT;SBKUPNT; \??\C:\WINDOWS\system32\Drivers\SBKUPNT.SYS []
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2007-04-27 90688]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-08-11 2372096]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-03-23 539072]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-23 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-03-31 876384]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-04-09 251288]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2009-02-14 985856]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2009-02-14 210304]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-30 4424192]
R3 kvpndev;Kerio VPN adapter; C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2008-06-24 65024]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100311.002\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100311.002\navex15.sys []
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2008-08-27 6144]
R3 O2SCBUS;O2Micro SmartCardBus Reader; C:\WINDOWS\system32\DRIVERS\ozscr.sys [2004-07-27 91919]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-22 47360]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-22 17976]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2009-02-14 731264]
S1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys []
S1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys []
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-03-23 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-03-31 55352]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2007-03-23 37280]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-23 67960]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 CyUsb;Digitalks Generic USB Driver; C:\WINDOWS\System32\Drivers\CyUsb.sys [2006-04-01 34304]
S3 EraserUtilDrvI9;EraserUtilDrvI9; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys []
S3 FileObjInfo;STFileDriver; \??\C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spyware Terminator\FileObjInfo.sys []
S3 GemCCID;GemCCID; C:\WINDOWS\System32\Drivers\GemCCID.sys [2008-04-04 87424]
S3 IpwP;IPWireless 3G Network Adapter; C:\WINDOWS\system32\DRIVERS\ipw3gnet.sys [2008-10-10 51040]
S3 ITEIRDA;ITE Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\ITEirda.sys [2007-04-28 23552]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-14 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NETw4x32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-02-25 2203520]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys []
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-02-02 202816]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys []
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WinPhlash;WinPhlash; \??\D:\Downloads\acer6592\travelmate_6592\bios\PV153\winphlash-1665x\PHLASHNT.SYS []
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ameisvc;Web'n'walk Manager mobile equipment installation service; C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2010-01-07 67312]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-08-11 483328]
R2 AtlasRegServer;Atlas Registration Server; C:\Program Files\ATLAS consulting\RegServer\RegSrv.exe [2007-06-05 447488]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256]
R2 BtwSrv;BtwSrv; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-08-02 185968]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-08-02 161392]
R2 DefWatch;Aplikace Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2005-08-26 19552]
R2 irmon;Software Shadow Copy Provider; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JBoss;JBoss Application Server; C:\KMnetAdmin\JBoss\bin\kwrapper.exe [2009-01-08 122880]
R2 KMnetAdminReportService;KMnetAdmin Report Service; C:\KMnetAdmin\bin\kwrapper.exe [2009-01-08 122880]
R2 KMnetAdminService;KMnetAdmin Service; C:\KMnetAdmin\bin\kwrapper.exe [2009-01-08 122880]
R2 MSSQLSERVER;MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2002-12-17 7520337]
R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Oz128 Driver\o2flash.exe [2007-02-12 65536]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008-02-14 241734]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-11-15 570880]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-25 239968]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2005-08-26 1738336]
R2 SynoDrService;SynoDrService; C:\Program Files\Synology Data Replicator 3\SynoDrService.exe [2007-08-06 557056]
R2 Winet;Intelligent Transfer; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Firebird_2_0\bin\fbserver.exe [2006-10-31 1990656]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Firebird_2_0\bin\fbguard.exe -s []
S2 Ias;Microsoft Automatic Update; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 LMS;Intel(R) Active Management Technology Local Management Service; C:\Program Files\Intel\AMT\LMS.exe [2007-04-20 121624]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 MediaCenterSystem;Microsoft's Media Center drive; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
S2 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2005-08-26 127584]
S2 teparting serverlt;SheColle Authorization servert; C:\WINDOWS\system32\serveri_Wrokind.exe []
S2 WinErp;Windows System Event reporting; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 winErs;Windows System Reporting Manager; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 WMI Performance Adapter;WMI Performance; C:\Program Files\51Remote\51Remote.exe []
S2 WmiApSvr;WMI Adapter Performance; C:\WINDOWS\system32\wmiapsrv.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe []
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2005-02-24 73728]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1181328]
S3 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-25 45408]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe []
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-22 206552]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]
S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2002-12-17 311872]
S3 UPnPService;UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NWCWorkstation;Microsoft Device Manager; C:\WINDOWS\sYSTEM32\SVCHOST.EXE [2008-04-14 14336]

-----------------EOF-----------------

Hezké dopoledne
Vy jste spouštěl combofix?
Log z něj by nebyl?

log coombo fix:

ComboFix 10-03-11.04 - syrovy 12.03.2010 9:51.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2014.881 [GMT 1:00]
Spuštěný z: f:\instal\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bot.txt
c:\documents and settings\All Users.WINDOWS\Dokumenty\ikizequ.vbs
c:\documents and settings\All Users.WINDOWS\Dokumenty\qodifyvi.vbs
c:\documents and settings\syrovy\Cookies\dowuses.inf
c:\documents and settings\syrovy\Dokumenty\BackupRegistry(20100225).reg
c:\documents and settings\syrovy\Dokumenty\cc_20090731_130701.reg
C:\LOG.TXT
c:\recycler\S-1-5-21-1078081533-706699826-725345543-500
c:\windows\abaw._sy
c:\windows\amyq.exe
c:\windows\fafifyxehi._sy
c:\windows\jocici.scr
c:\windows\pidus.bat
c:\windows\qmgr.dll
c:\windows\system32\1694136664.dat
c:\windows\system32\FInstall.sys
c:\windows\system32\info.dat
c:\windows\system32\Kav.key
c:\windows\system32\Nod64.exe
c:\windows\system32\ocujoxig.inf
c:\windows\system32\setup.ini
c:\windows\system32\winnet.dll
c:\windows\umeheqarof.dll
c:\windows\winhelp.ini

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_BTWSRV
-------\Legacy_IAS
-------\Legacy_MEDIACENTERSYSTEM
-------\Legacy_SOPIDKC
-------\Legacy_WINERP
-------\Legacy_WINET
-------\Service_BtwSrv
-------\Service_Ias
-------\Service_MediaCenterSystem
-------\Service_WinErp
-------\Service_Winet


((((((((((((((((((((((((( Soubory vytvořené od 2010-02-12 do 2010-03-12 )))))))))))))))))))))))))))))))
.

2010-03-12 08:45 . 2010-03-12 08:45 390144 ----a-w- c:\windows\system32\CF705.exe
2010-03-12 08:45 . 2010-03-12 08:41 390144 ----a-w- c:\windows\system32\CF32729.exe
2010-03-12 08:42 . 2010-03-12 08:41 390144 ----a-w- c:\windows\system32\CF32738.exe
2010-03-12 08:05 . 2010-03-12 08:05 -------- d-----w- c:\program files\Common Files\BitDefender
2010-03-12 07:56 . 2010-03-12 07:58 -------- d-----w- C:\rsit
2010-03-12 07:56 . 2010-03-12 07:57 -------- d-----w- c:\program files\trend micro
2010-03-12 05:06 . 2010-03-12 07:34 506746 ----a-w- c:\windows\system32\prfh0405.dat
2010-03-12 05:06 . 2010-03-12 07:34 109790 ----a-w- c:\windows\system32\prfc0405.dat
2010-03-06 04:43 . 2010-03-06 04:43 -------- d-----w- c:\program files\Common Files\SourceTec
2010-03-03 08:39 . 2010-03-03 09:07 -------- d-----w- C:\eso9
2010-03-02 08:07 . 2010-03-02 08:07 -------- d-----w- c:\program files\MSECache
2010-02-26 19:11 . 2010-02-26 19:11 -------- d-----w- C:\dell
2010-02-26 19:08 . 2010-02-26 19:08 -------- d-----w- c:\documents and settings\syrovy\Data aplikacÝ
2010-02-26 17:35 . 2009-02-14 03:21 985856 ----a-w- c:\windows\system32\drivers\HSF_DPV.sys
2010-02-26 17:35 . 2009-02-14 03:20 210304 ----a-w- c:\windows\system32\drivers\HSFHWAZL.sys
2010-02-26 17:35 . 2009-02-14 03:20 731264 ----a-w- c:\windows\system32\drivers\HSF_CNXT.sys
2010-02-26 17:35 . 2006-12-20 16:37 176128 ----a-w- c:\windows\system32\UCI32M16.dll
2010-02-26 16:54 . 2003-10-30 01:14 34329 ------r- c:\windows\O2Remove.EXE
2010-02-26 16:54 . 2003-05-23 13:23 40960 ----a-w- c:\windows\system32\ct32.dll
2010-02-26 16:54 . 2004-07-27 12:19 91919 ----a-w- c:\windows\system32\drivers\ozscr.sys
2010-02-26 16:53 . 2010-02-26 16:53 -------- d-----w- c:\program files\Common Files\GtFlashSwitch
2010-02-26 16:52 . 2010-02-26 16:52 -------- d-----w- c:\program files\SUYIN
2010-02-26 16:52 . 2010-02-26 16:52 -------- d-----w- c:\program files\ACER Crystal Eye webcam
2010-02-26 16:50 . 2007-04-20 16:23 912152 ----a-w- c:\windows\system32\mesoludlg.exe
2010-02-26 16:50 . 2006-11-10 08:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-02-26 16:49 . 2005-05-03 17:43 69632 ----a-w- c:\windows\Alcmtr.exe
2010-02-26 16:40 . 2007-05-11 14:11 204800 ----a-w- c:\windows\system32\GtFlashSwitch.exe
2010-02-26 16:40 . 2007-05-11 14:10 204800 ------w- c:\windows\system32\Gtdetectsc.exe
2010-02-26 16:40 . 2010-02-26 18:39 -------- d-----w- c:\program files\Option
2010-02-26 14:23 . 2010-02-26 14:23 -------- d-----w- c:\program files\MSXML 4.0
2010-02-26 14:05 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-02-26 14:04 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-26 14:03 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-02-26 14:03 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-02-26 14:03 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-26 13:59 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-02-26 13:58 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-02-26 13:56 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-02-26 13:56 . 2009-12-09 10:11 2191360 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-26 13:56 . 2009-03-06 14:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-02-26 13:56 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2010-02-26 13:56 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-02-26 13:56 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-02-26 13:56 . 2009-06-25 08:27 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-02-26 13:56 . 2009-02-09 10:56 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-02-26 13:56 . 2009-02-09 10:56 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-02-26 13:56 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-02-26 13:56 . 2009-12-09 10:11 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-26 13:56 . 2009-12-09 10:11 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-26 13:55 . 2008-04-21 21:15 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-02-26 13:54 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-02-26 13:54 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-02-26 13:54 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-02-26 13:54 . 2008-04-11 19:06 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-02-26 13:53 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-26 13:53 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-02-26 13:50 . 2010-03-04 14:02 -------- d-----w- c:\program files\OWCInst
2010-02-26 13:09 . 2010-02-26 13:09 -------- d-----w- C:\ad43c965d1f1b0af6aa123f2a2b9
2010-02-26 13:00 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-26 13:00 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-26 13:00 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-26 13:00 . 2010-02-26 13:01 -------- d-----w- C:\c3e66dc69b8d977d865f4855
2010-02-26 13:00 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-02-26 12:47 . 2010-02-26 12:47 -------- d-----w- C:\ace708e58e18df62d7272d9ee0
2010-02-26 12:46 . 2010-02-26 13:09 -------- d-----w- C:\08f063e63ad6c3da2c
2010-02-26 12:15 . 2009-07-31 09:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-02-26 12:15 . 2008-04-14 07:00 80896 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-02-26 12:15 . 2007-06-26 10:30 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2010-02-26 12:15 . 2007-06-26 10:26 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2010-02-26 12:05 . 2008-04-14 07:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-02-26 09:28 . 2008-04-14 07:49 67584 -c--a-w- c:\windows\system32\dllcache\pmigrate.dll
2010-02-26 09:27 . 2004-08-18 12:00 8704 -c--a-w- c:\windows\system32\dllcache\infoctrs.dll
2010-02-26 09:26 . 2004-08-18 12:00 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe
2010-02-26 09:25 . 2004-08-18 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2010-02-26 09:25 . 2004-08-18 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2010-02-26 09:25 . 2004-08-18 12:00 171008 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2010-02-26 09:25 . 2004-08-18 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2010-02-26 09:25 . 2004-08-18 12:00 14848 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2010-02-26 09:25 . 2004-08-18 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2010-02-26 09:25 . 2003-04-14 19:48 212992 -c--a-w- c:\windows\system32\dllcache\fpmmcsat.dll
2010-02-26 09:23 . 2004-08-18 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-02-26 09:23 . 2008-04-14 07:51 409088 ----a-w- c:\windows\system32\qmgr.dll
2010-02-26 09:07 . 2001-08-17 20:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2010-02-26 09:01 . 2004-08-18 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-02-26 09:01 . 2004-08-18 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-02-26 09:01 . 2004-08-18 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-02-26 09:01 . 2004-08-18 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-02-25 12:29 . 2010-02-25 12:29 -------- d-----w- c:\program files\Yamicsoft
2010-02-24 13:42 . 2010-02-24 13:42 -------- d-----r- C:\AHCache
2010-02-24 13:11 . 2010-02-24 13:11 -------- d-----w- C:\RegBackup
2010-02-24 12:46 . 2010-02-25 07:43 -------- d-----w- c:\program files\Advanced Registry Doctor
2010-02-24 12:00 . 2010-02-26 13:43 -------- d-----w- c:\program files\Uniblue
2010-02-23 18:51 . 2010-02-23 18:51 66 ----a-w- C:\c.dat
2010-02-23 17:15 . 2007-03-06 13:58 57344 ----a-w- c:\windows\system32\acpimof.dll
2010-02-23 17:15 . 2005-04-07 17:08 78208 ----a-w- c:\windows\system32\drivers\epm-shd.sys
2010-02-23 17:15 . 2004-07-19 12:10 4096 ----a-w- c:\windows\system32\drivers\epm-psd.sys
2010-02-23 17:15 . 2006-02-16 14:39 45056 ----a-w- c:\windows\system32\Epm-Po.dll
2010-02-22 08:40 . 2006-02-22 10:19 69632 ----a-w- c:\windows\system32\eRecUtil.dll
2010-02-22 08:40 . 2008-01-03 08:21 49152 ----a-w- c:\windows\system32\SysMonitor.exe
2010-02-22 07:42 . 2010-02-26 04:26 -------- d-----w- c:\program files\SIW
2010-02-19 12:18 . 2010-02-25 05:50 -------- d-----w- c:\program files\HDD Regenerator
2010-02-14 17:54 . 2010-02-08 14:20 85504 ----a-w- c:\windows\system32\ff_vfw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-12 09:02 . 2007-12-19 14:55 -------- d-----w- c:\program files\Symantec AntiVirus
2010-03-12 08:08 . 2008-08-01 20:29 -------- d-----w- c:\program files\Lavasoft
2010-03-12 05:36 . 2008-11-15 06:29 -------- d-----w- c:\program files\Spyware Terminator
2010-03-08 14:44 . 2008-04-14 12:09 -------- d-----w- c:\program files\Microsoft Works
2010-03-04 07:43 . 2007-08-02 12:00 506746 ----a-w- c:\windows\system32\perfh005.dat
2010-03-04 07:43 . 2007-08-02 12:00 109790 ----a-w- c:\windows\system32\perfc005.dat
2010-03-03 05:08 . 2007-12-07 05:18 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-03-03 05:07 . 2010-01-27 06:08 -------- d-----w- c:\program files\Common Files\L&H
2010-03-03 04:34 . 2008-04-23 10:16 -------- d-----w- c:\program files\ESO9
2010-02-28 14:51 . 2007-11-30 13:56 -------- d-----w- c:\program files\microsoft frontpage
2010-02-28 13:14 . 2007-12-01 12:46 -------- d-----w- c:\program files\CMAK
2010-02-26 19:08 . 2007-11-30 16:02 -------- d-----w- c:\program files\CONEXANT
2010-02-26 16:52 . 2007-11-30 14:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-26 16:50 . 2007-11-30 14:28 -------- d-----w- c:\program files\Intel
2010-02-26 16:49 . 2007-11-30 14:59 -------- d-----w- c:\program files\Realtek
2010-02-26 11:16 . 2009-09-15 05:08 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-26 09:21 . 2008-08-26 06:03 23588 -c--a-w- c:\windows\system32\emptyregdb.dat
2010-02-25 13:08 . 2008-06-27 06:16 -------- d-----w- c:\program files\F-Recovery for SD
2010-02-25 07:43 . 2008-04-14 11:18 -------- d-----w- c:\program files\Nvu
2010-02-25 07:43 . 2008-08-14 05:26 -------- d-----w- c:\program files\OE-Mail Recovery
2010-02-25 07:43 . 2008-06-02 18:37 -------- d-----w- c:\program files\GoldWave
2010-02-25 07:43 . 2008-02-17 20:14 -------- d-----w- c:\program files\aGuitar Pro 2
2010-02-25 07:43 . 2007-12-01 04:49 -------- d-----w- c:\program files\DVDFab Platinum 4
2010-02-25 07:43 . 2008-04-20 18:35 -------- d-----w- c:\program files\WinHex
2010-02-25 06:03 . 2009-10-08 06:58 -------- d-----w- c:\program files\PhotoRescue Pro
2010-02-25 05:49 . 2008-03-09 15:20 -------- d-----w- c:\program files\FlashGet
2010-02-19 20:04 . 2009-09-11 09:51 -------- d-----w- c:\program files\IObit
2010-02-14 17:54 . 2008-06-20 11:02 -------- d-----w- c:\program files\ffdshow
2010-02-03 06:29 . 2008-04-22 14:56 -------- d-----w- c:\program files\Common Files\Nokia
2010-02-03 06:29 . 2008-03-11 16:58 -------- d-----w- c:\program files\Nokia
2010-02-02 21:19 . 2010-02-02 21:19 -------- d-----w- c:\program files\iOrgSoft
2010-02-02 21:01 . 2010-02-02 21:01 -------- d-----w- c:\program files\MP3 Player Utilities 3.13
2010-02-02 19:41 . 2010-02-02 19:41 -------- d-----w- c:\program files\WinAVI MP4 Converter
2010-02-02 19:41 . 2010-02-02 19:41 3082 ----a-w- c:\windows\system32\affv300053706p4now.sys
2010-01-30 19:58 . 2009-09-22 20:55 358912 --sha-r- c:\windows\sysmlong.scr
2010-01-27 18:40 . 2009-09-24 19:21 -------- d-----w- c:\program files\MP4Tool
2010-01-27 15:02 . 2007-12-01 05:02 -------- d-----w- c:\program files\JPEG Resampler
2010-01-24 14:46 . 2008-11-28 18:36 56 -csha-r- c:\windows\system32\69721DF6E3.sys
2010-01-24 14:46 . 2008-11-28 18:36 11476 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-23 18:38 . 2010-01-23 18:38 -------- d-----w- c:\program files\DVDFab 6
2010-01-05 09:58 . 2004-08-18 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2004-08-18 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-08-18 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 07:42 . 2008-08-26 06:02 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2008-01-08 14:32 . 2008-01-08 14:32 10534 -c--a-w- c:\program files\Common Files\lmouse.sys
2008-01-08 14:27 . 2008-01-08 14:27 10534 -c--a-w- c:\program files\Common Files\acpiec.sys
2006-05-03 10:06 . 2010-01-24 12:10 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-01-24 12:10 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-01-24 12:10 216064 --sha-r- c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2010-01-28 1343400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-30 835584]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-10-03 471040]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-28 282624]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2008-02-22 62760]
"Kerio VPN Client"="c:\program files\Kerio\VPN Client\kvpnclient.exe" [2008-10-15 2965504]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-08-02 48752]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]

c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2007-11-30 45056]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogOff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AzMixerSel"=c:\program files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [26.8.2008 8:01 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [26.8.2008 8:01 35712]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [7.1.2010 17:37 67312]
R2 AtlasRegServer;Atlas Registration Server;c:\program files\ATLAS consulting\RegServer\RegSrv.exe [12.11.2008 14:47 447488]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [8.9.2005 0:18 16376]
R2 JBoss;JBoss Application Server;c:\kmnetadmin\JBoss\bin\kwrapper.exe -s c:\kmnetadmin\JBoss\server\default\conf\wrapper.conf set.JBOSS_HOME=C:/KMnetAdmin/JBoss set.JAVA_HOME=C:/Java_5.0 --> c:\kmnetadmin\JBoss\bin\kwrapper.exe -s c:\kmnetadmin\JBoss\server\default\conf\wrapper.conf set.JBOSS_HOME=C:/KMnetAdmin/JBoss set.JAVA_HOME=C:/Java_5.0 [?]
R2 KMnetAdminReportService;KMnetAdmin Report Service;c:\kmnetadmin\bin\kwrapper.exe -s C:/KMnetAdmin/conf/kmreport.wrapper.conf set.NETADMIN_HOME=C:/KMnetAdmin set.JAVA_HOME=C:/Java_5.0 set.JBOSS_HOME=C:/KMnetAdmin/JBoss --> c:\kmnetadmin\bin\kwrapper.exe -s C:/KMnetAdmin/conf/kmreport.wrapper.conf set.NETADMIN_HOME=C:/KMnetAdmin set.JAVA_HOME=C:/Java_5.0 set.JBOSS_HOME=C:/KMnetAdmin/JBoss [?]
R2 KMnetAdminService;KMnetAdmin Service;c:\kmnetadmin\bin\kwrapper.exe -s C:/KMnetAdmin/conf/wrapper.conf set.NETADMIN_HOME=C:/KMnetAdmin set.JAVA_HOME=C:/Java_5.0 set.JBOSS_HOME=C:/KMnetAdmin/JBoss --> c:\kmnetadmin\bin\kwrapper.exe -s C:/KMnetAdmin/conf/wrapper.conf set.NETADMIN_HOME=C:/KMnetAdmin set.JAVA_HOME=C:/Java_5.0 set.JBOSS_HOME=C:/KMnetAdmin/JBoss [?]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [26.8.2005 13:21 127584]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [13.11.2008 13:20 14976]
R2 SynoDrService;SynoDrService;c:\program files\Synology Data Replicator 3\SynoDrService.exe [6.8.2007 20:36 557056]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\firebird_2_0\bin\fbserver.exe -s --> c:\firebird_2_0\bin\fbserver.exe -s [?]
R3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [7.12.2007 11:02 65024]
S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys --> c:\windows\system32\drivers\hotcore3.sys [?]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.10.2008 18:26 721904]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\firebird_2_0\bin\fbguard.exe -s --> c:\firebird_2_0\bin\fbguard.exe -s [?]
S2 teparting serverlt;SheColle Authorization servert;c:\windows\system32\serveri_Wrokind.exe --> c:\windows\system32\serveri_Wrokind.exe [?]
S2 winErs;Windows System Reporting Manager;c:\windows\System32\svchost.exe -k winErs [18.8.2004 13:00 14336]
S2 WMI Performance Adapter;WMI Performance;c:\program files\51Remote\51Remote.exe --> c:\program files\51Remote\51Remote.exe [?]
S2 WmiApSvr;WMI Adapter Performance;c:\windows\system32\wmiapsrv.exe --> c:\windows\system32\wmiapsrv.exe [?]
S3 CyUsb;Digitalks Generic USB Driver;c:\windows\system32\drivers\CyUsb.sys [1.4.2006 0:52 34304]
S3 FileObjInfo;STFileDriver;c:\documents and settings\All Users.WINDOWS\Data aplikací\Spyware Terminator\fileobjinfo.sys [15.11.2008 7:29 5632]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe --> c:\program files\MAGIX\Common\Database\bin\fbserver.exe [?]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [20.7.2009 8:49 87424]
S3 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [17.9.2008 18:08 222456]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [27.8.2008 5:08 51040]
S3 ITEIRDA;ITE Infrared Device Driver;c:\windows\system32\drivers\ITEirda.sys [26.8.2008 8:01 23552]
S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [24.12.2009 21:12 544768]
S3 WinPhlash;WinPhlash;d:\downloads\acer6592\travelmate_6592\bios\PV153\winphlash-1665x\PhlashNT.sys [2.4.2009 9:01 33824]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - EraserUtilDrvI9

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
winErs REG_MULTI_SZ winErs
Winrp REG_MULTI_SZ Winrp
ystemstores REG_MULTI_SZ ystemstores
tiembstoe REG_MULTI_SZ tiembstoe
khqwqv REG_MULTI_SZ khqwqv
cswixl REG_MULTI_SZ cswixl
ujsrtevx REG_MULTI_SZ ujsrtevx
.
Obsah adresáře 'Naplánované úlohy'

2010-02-19 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-02-19 14:30]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = gateway.liberec.cz:3128
uInternet Settings,ProxyOverride = http://www.liberec.cz;tsml;servereso;*.secar;traceonline.secar.cz;82.99.137.50;ipodatelna.hypotecnibanka.cz;10.18.*;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{D12DA50D-027D-48F8-9B7C-6C21FC736B80} - {D12DA50D-027D-48F8-9B7C-6C21FC736B80} - c:\windows\DOWNLO~1\necli400.dll
Trusted Zone: //www.mojebanka.cz
Trusted Zone: blank
Trusted Zone: hypotecnibanka.cz\ipodatelna
Trusted Zone: liberec.cz\gateway
Trusted Zone: liberec.cz\mail
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz\www
Trusted Zone: secar.cz\traceonline
Trusted Zone: server2
Trusted Zone: servereso
Trusted Zone: tsml.cz\erp
Trusted Zone: //www.mojebanka.cz
Trusted Zone: blank
Trusted Zone: hypotecnibanka.cz\ipodatelna
Trusted Zone: liberec.cz\gateway
Trusted Zone: liberec.cz\mail
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz\www
Trusted Zone: secar.cz\traceonline
Trusted Zone: server2
Trusted Zone: servereso
Trusted Zone: tsml.cz\erp
DPF: nvEPLMedia - hxxp://10.18.12.71/nvEPLMedia.cab
DPF: {23D422A0-0DB2-4DDE-92D1-BD4313F758DD} - hxxp://servereso/Eso9Supp.net/LIB/CAB/Eso9Client0.cab
DPF: {33730EE7-E29A-44F0-8384-521954F0C983} - hxxp://servereso/Eso9Supp.net/LIB/CAB/necli400.cab
DPF: {DB7ACFA2-9634-4C98-BC9D-FB9416153022} - hxxp://10.18.12.74/nvEPLMedia.ocx
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{31c7d459-9cc3-44f2-9dca-fc11795309b4} - (no file)
Toolbar-{31c7d459-9cc3-44f2-9dca-fc11795309b4} - (no file)
HKU-Default-Run-HKCU - c:\windows\install\winse.exe
HKU-Default-Explorer_Run-Policies - c:\windows\install\winse.exe
ActiveSetup-{0B133418-P25F-3UCE-YY45-JJ65YMDY3165} - c:\windows\install\winse.exe
ActiveSetup-{CEA4C41C-A561-43BA-83EC-B66CDF733F02} - c:\windows\System32\sun.com
AddRemove-Advanced Access Repair v2.0 - c:\progra~1\AAR\UNWISE.EXE
AddRemove-Advanced Zip Repair v1.6 - c:\progra~1\AZR\UNWISE.EXE
AddRemove-IObitCom Toolbar - c:\progra~1\IObitCom\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-12 10:02
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\JBoss]
"ImagePath"="c:\kmnetadmin\JBoss\bin\kwrapper.exe -s c:\kmnetadmin\JBoss\server\default\conf\wrapper.conf set.JBOSS_HOME=C:/KMnetAdmin/JBoss set.JAVA_HOME=C:/Java_5.0"
--

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\KMnetAdminReportService]
"ImagePath"="c:\kmnetadmin\bin\kwrapper.exe -s C:/KMnetAdmin/conf/kmreport.wrapper.conf set.NETADMIN_HOME=C:/KMnetAdmin set.JAVA_HOME=C:/Java_5.0 set.JBOSS_HOME=C:/KMnetAdmin/JBoss"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\KMnetAdminService]
"ImagePath"="c:\kmnetadmin\bin\kwrapper.exe -s C:/KMnetAdmin/conf/wrapper.conf set.NETADMIN_HOME=C:/KMnetAdmin set.JAVA_HOME=C:/Java_5.0 set.JBOSS_HOME=C:/KMnetAdmin/JBoss"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\irmon]
"servicedll"="c:\windows\system32\tfjny.lib"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5668)
c:\windows\system32\btmmhook.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\firebird_2_0\bin\fbserver.exe
c:\kmnetadmin\JBoss\bin\kwrapper.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\java_5.0\bin\java.exe
c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
c:\program files\O2Micro Oz128 Driver\o2flash.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\System32\vssvc.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\kmnetadmin\bin\kwrapper.exe
c:\kmnetadmin\bin\kwrapper.exe
c:\java_5.0\bin\java.exe
c:\java_5.0\bin\java.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\RTHDCPL.EXE
c:\docume~1\syrovy\LOCALS~1\Temp\RtkBtMnt.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2010-03-12 10:11:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-12 09:11

Před spuštěním: 5 259 161 600
Po spuštění: 5 382 815 744

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,10,11
- - End Of File - - B5A83CF8CD535AF63BE2DDD24A7FA307

To jste ten combofix spouštěl několikrát? Měl jste napsat hned, že Vám spustit nejde, měl jste tam rootkity, kteří ho blokovaly . Combofix se nemá spouštět bez dozoru rádce, můžete si poškodit systém .

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

nedaří se NB jde velice pomalu procesor běží na 100% při scenováni gmer padne modrá smrt ještě to zkusím dostat ten log nějak

Tak počkejte, nejdřív spustíme mbam

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.