PC-HELP.CZ

Zdravím. Tak je to tu zase, prudké zpomalení internetu, některé stránky vůbec nejdou. Nemám tušení, čím to může být, stává se to ale poměrně často. Předem děkuji za pomoc. Zde je log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:12:51, on 31.5.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\QIP\qip.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\AIMP2\AIMP2.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Renee\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.53.0.cab
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 3438 bytes

Vypni si ve Službách Spyware Terminator Realtime Shield Service (přepni na ruční spouštění).

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O4 - HKCU\..\Run: [Google Update] "C:\Users\Renee\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost Uložit protokol a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Nějaký log to vypotilo samo, nevím ale, jestli je to on:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4158

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

31.5.2010 17:46:07
mbam-log-2010-05-31 (17-46-07).txt

Typ skenu: Rychlý sken
Skenované objekty: 123631
Uplynulý čas: 7 minuta(y), 3 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Je, potí se zatím správně.

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Nyní se potil o poznání víc a déle, výsledek snažení je zde:

ComboFix 10-05-30.09 - Renee 31.05.2010 18:22:02.5.1 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1250.420.1029.18.2048.1559 [GMT 2:00]
Spuštěný z: c:\users\Renee\Desktop\ComboFix.exe
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((( Soubory vytvořené od 2010-04-28 do 2010-05-31 )))))))))))))))))))))))))))))))
.

2010-05-31 14:58 . 2010-05-31 14:58 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-05-31 14:58 . 2010-05-31 14:58 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-05-31 14:58 . 2010-05-31 14:58 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-05-31 14:58 . 2010-05-31 15:33 -------- d-----w- c:\users\Renee\AppData\Roaming\Spyware Terminator
2010-05-31 14:58 . 2010-05-31 15:05 -------- d-----w- c:\programdata\Spyware Terminator
2010-05-31 14:58 . 2010-05-31 15:30 -------- d-----w- c:\program files\Spyware Terminator
2010-05-28 11:47 . 2010-05-28 11:47 350208 ----a-w- c:\windows\system32\d3drm.dll
2010-05-26 07:40 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 19:07 . 2010-05-25 19:07 8854 ----a-r- c:\users\Renee\AppData\Roaming\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\Uninstall_FlatOut2_C884B05AF5D94AE49D84E6BD9F6E7890.exe
2010-05-25 19:07 . 2010-05-25 19:07 53248 ----a-r- c:\users\Renee\AppData\Roaming\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\FlatOut2.exe1_C884B05AF5D94AE49D84E6BD9F6E7890.exe
2010-05-25 19:07 . 2010-05-25 19:07 53248 ----a-r- c:\users\Renee\AppData\Roaming\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\FlatOut2.exe_C884B05AF5D94AE49D84E6BD9F6E7890.exe
2010-05-25 19:07 . 2010-05-25 19:07 15086 ----a-r- c:\users\Renee\AppData\Roaming\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\NewShortcut5_C884B05AF5D94AE49D84E6BD9F6E7890.exe
2010-05-25 19:07 . 2010-05-25 19:07 11502 ----a-r- c:\users\Renee\AppData\Roaming\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\ARPPRODUCTICON.exe
2010-05-25 18:58 . 2010-05-25 18:58 -------- d-----w- c:\program files\Empire Interactive
2010-05-23 12:23 . 2010-05-23 12:23 -------- d-----w- c:\users\Renee\AppData\Roaming\NPLUTO Corporation
2010-05-23 11:54 . 2010-05-24 15:00 -------- d-----w- c:\program files\DriftCity
2010-05-23 10:43 . 2010-05-23 10:43 -------- d-----w- c:\users\Renee\AppData\Local\DNA
2010-05-23 10:43 . 2010-05-25 21:44 -------- d-----w- c:\users\Renee\AppData\Roaming\DNA
2010-05-23 10:43 . 2010-05-25 18:54 -------- d-----w- c:\program files\DNA
2010-05-22 17:45 . 2010-05-22 17:45 -------- d-----w- c:\programdata\TmForever
2010-05-22 16:54 . 2010-05-22 16:54 -------- d-----w- C:\PFiles
2010-05-21 17:27 . 2010-05-21 17:29 -------- d-----w- c:\users\Renee\AppData\Local\Adobe
2010-05-21 17:26 . 2010-05-21 17:26 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-18 15:44 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-05-18 15:43 . 2010-05-18 15:43 -------- d-----w- c:\windows\system32\Wat
2010-05-17 06:30 . 2010-05-17 06:30 0 ----a-w- c:\windows\ativpsrm.bin
2010-05-15 16:46 . 2010-05-15 16:46 -------- d--h--r- c:\users\Renee\AppData\Roaming\SecuROM
2010-05-15 16:46 . 2010-05-15 16:46 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-05-15 15:24 . 2010-05-15 15:24 -------- d-----w- c:\program files\SEGA
2010-05-15 14:02 . 2007-03-22 10:46 126976 ----a-w- c:\users\Renee\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe
2010-05-13 19:10 . 2010-05-13 19:14 -------- d-----w- c:\program files\GoldWave
2010-05-12 10:44 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-06 19:52 . 2010-05-25 18:03 -------- d-----w- c:\users\Renee\AppData\Roaming\uTorrent
2010-05-03 15:29 . 2010-05-03 15:30 -------- d-----w- c:\program files\GIMP-2.0
2010-05-01 22:19 . 2010-05-01 22:42 -------- d-----w- c:\program files\Castle Strike

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-31 15:37 . 2010-04-26 14:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-31 14:47 . 2010-04-01 21:43 -------- d-----w- c:\users\Renee\AppData\Roaming\AIMP
2010-05-28 11:06 . 2009-07-14 08:14 631116 ----a-w- c:\windows\system32\perfh005.dat
2010-05-28 11:06 . 2009-07-14 08:14 123556 ----a-w- c:\windows\system32\perfc005.dat
2010-05-26 13:55 . 2010-04-04 08:44 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-26 13:54 . 2010-04-04 08:44 215016 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-26 13:11 . 2010-04-02 16:01 1 ----a-w- c:\users\Renee\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-25 18:52 . 2010-04-01 22:39 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-05-25 18:52 . 2010-04-01 22:41 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-19 10:42 . 2010-04-02 20:35 -------- d-----w- c:\users\Renee\AppData\Roaming\gtk-2.0
2010-05-17 12:39 . 2010-04-25 16:09 -------- d-----w- c:\program files\CCleaner
2010-05-15 21:48 . 2010-04-01 19:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-15 21:47 . 2010-04-02 10:43 -------- d-----w- c:\users\Renee\AppData\Roaming\Hamachi
2010-05-12 13:55 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-12 09:21 . 2010-04-01 19:15 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-05 13:57 . 2010-04-01 19:11 64120 ----a-w- c:\users\Renee\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-05 13:36 . 2010-04-18 18:00 -------- d-----w- c:\users\Renee\AppData\Roaming\DMCache
2010-05-01 13:41 . 2010-05-01 13:07 -------- d-----w- c:\program files\Ground Control II
2010-04-30 15:07 . 2010-04-30 15:07 -------- d-----w- c:\programdata\F-Secure
2010-04-30 14:58 . 2010-04-30 14:58 -------- d-----w- c:\program files\Common Files\Java
2010-04-30 14:57 . 2010-04-30 14:57 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-30 14:57 . 2010-04-30 14:57 -------- d-----w- c:\program files\Java
2010-04-29 13:39 . 2010-04-26 14:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-04-26 14:03 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 20:28 . 2010-04-01 20:41 -------- d-----w- c:\program files\AIMP2
2010-04-26 21:26 . 2010-04-25 16:38 -------- d-----w- c:\program files\Trend Micro
2010-04-26 14:03 . 2010-04-26 14:03 -------- d-----w- c:\users\Renee\AppData\Roaming\Malwarebytes
2010-04-26 14:03 . 2010-04-26 14:03 -------- d-----w- c:\programdata\Malwarebytes
2010-04-25 17:41 . 2010-04-25 17:41 -------- d-----w- c:\program files\AMD
2010-04-25 16:38 . 2010-04-25 16:38 388096 ----a-r- c:\users\Renee\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-25 16:24 . 2010-04-25 16:20 -------- d-----w- c:\program files\RegCleaner
2010-04-25 12:37 . 2010-04-25 12:37 10134 ----a-r- c:\users\Renee\AppData\Roaming\Microsoft\Installer\{9903001D-2728-9D9B-3D8B-F593A502A972}\ARPPRODUCTICON.exe
2010-04-25 12:27 . 2010-04-01 21:03 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-22 19:45 . 2010-04-02 21:05 -------- d-----w- c:\program files\EA Games
2010-04-22 18:33 . 2010-04-22 18:33 -------- d-----w- c:\program files\Razor
2010-04-19 12:49 . 2010-04-02 21:21 138056 ----a-w- c:\users\Renee\AppData\Roaming\PnkBstrK.sys
2010-04-19 12:49 . 2010-04-02 21:21 138056 ----a-w- c:\users\Renee\AppData\Roaming\PnkBstrK.sys
2010-04-19 12:48 . 2010-04-19 12:48 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-04-15 15:55 . 2010-04-15 15:55 -------- d-----w- c:\program files\Sony Ericsson
2010-04-08 18:48 . 2010-04-08 18:13 -------- d-----w- c:\programdata\TrackMania
2010-04-08 18:13 . 2010-04-02 09:27 -------- d-----w- c:\program files\TmNationsForever
2010-04-04 08:44 . 2010-04-04 08:44 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-04-03 12:05 . 2010-04-03 12:05 -------- d-----w- c:\users\Renee\AppData\Roaming\GRETECH
2010-04-03 12:05 . 2010-04-03 12:05 -------- d-----w- c:\program files\GRETECH
2010-04-02 18:06 . 2010-04-02 18:06 -------- d-----w- c:\program files\SQUARE ENIX - Eidos Interactive
2010-04-02 16:24 . 2010-04-02 16:22 -------- d-----w- c:\program files\FootballArena
2010-04-02 16:01 . 2010-04-02 16:01 -------- d-----w- c:\users\Renee\AppData\Roaming\OpenOffice.org
2010-04-02 10:43 . 2010-04-02 10:43 -------- d-----w- c:\program files\Hamachi
2010-04-02 10:43 . 2010-04-02 10:43 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-04-02 09:32 . 2010-04-02 09:32 -------- d-----w- c:\users\Renee\AppData\Roaming\TuneUp Software
2010-04-02 09:32 . 2010-04-02 09:32 -------- d-----w- c:\programdata\TuneUp Software
2010-04-02 09:32 . 2010-04-02 09:32 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-04-02 09:14 . 2010-04-02 09:14 -------- d-----w- c:\program files\OpenOffice.org 3
2010-04-01 23:19 . 2010-04-01 23:19 -------- d-----w- c:\program files\AGEIA Technologies
2010-04-01 23:19 . 2010-04-01 23:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-01 23:06 . 2010-04-01 23:06 -------- d-----w- c:\program files\2K Games
2010-04-01 23:05 . 2010-04-01 22:38 -------- d-----w- c:\users\Renee\AppData\Roaming\DAEMON Tools Lite
2010-04-01 22:48 . 2010-04-01 22:48 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2010-04-01 22:38 . 2010-04-01 22:38 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-04-01 21:13 . 2010-04-01 21:03 -------- d-----w- c:\program files\Realtek AC97
2010-04-01 20:37 . 2010-04-01 20:37 -------- d-----w- c:\program files\QIP
2010-04-01 19:29 . 2010-04-01 19:29 -------- d-----w- c:\program files\ESET
2010-04-01 19:10 . 2010-04-01 19:10 -------- d-----w- c:\users\Renee\AppData\Roaming\ATI
2010-04-01 19:10 . 2010-04-01 19:10 -------- d-----w- c:\programdata\ATI
2010-04-01 19:10 . 2010-04-01 19:10 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-04-01 19:10 . 2010-04-01 19:08 -------- d-----w- c:\program files\ATI Technologies
2010-04-01 19:09 . 2010-04-01 19:09 -------- d-----w- c:\program files\ATI
2010-04-01 19:06 . 2010-04-01 19:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-04-01 18:59 . 2010-04-01 18:59 -------- d-sh--we c:\programdata\Plocha
2010-04-01 18:59 . 2010-04-01 18:59 -------- d-sh--we c:\programdata\Oblíbené položky
2010-04-01 18:59 . 2010-04-01 18:59 -------- d-sh--we c:\programdata\Šablony
2010-04-01 18:59 . 2010-04-01 18:59 -------- d-sh--we c:\programdata\Nabídka Start
2010-04-01 18:59 . 2010-04-01 18:59 -------- d-sh--we c:\programdata\Dokumenty
2010-04-01 18:59 . 2010-04-01 18:59 -------- d-sh--we c:\programdata\Data aplikací
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\28746\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\28746\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\28746\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\28746\AcrobatUpdater.exe
2010-03-08 21:33 . 2010-04-14 13:39 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-03-03 04:22 . 2010-03-03 04:22 5340160 ----a-w- c:\windows\system32\drivers\atipmdag.sys
2010-03-03 04:22 . 2010-03-03 04:22 5340160 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-03-03 04:16 . 2010-03-03 04:16 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-03-03 04:16 . 2010-03-03 04:16 446464 ----a-w- c:\windows\system32\aticfx32.dll
2010-03-03 04:13 . 2010-03-03 04:13 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-03-03 04:12 . 2010-03-03 04:12 372736 ----a-w- c:\windows\system32\atieclxx.exe
2010-03-03 04:11 . 2010-03-03 04:11 172032 ----a-w- c:\windows\system32\atiesrxx.exe
2010-03-03 04:10 . 2010-03-03 04:10 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-03-03 04:10 . 2010-03-03 04:10 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-03-03 04:09 . 2010-03-03 04:09 274432 ----a-w- c:\windows\system32\Oemdspif.dll
2010-03-03 04:09 . 2010-03-03 04:09 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-03-03 04:09 . 2010-03-03 04:09 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-03-03 04:06 . 2009-07-13 22:09 3131392 ----a-w- c:\windows\system32\atidxx32.dll
2010-03-03 03:46 . 2010-03-03 03:46 3703808 ----a-w- c:\windows\system32\atiumdag.dll
2010-03-03 03:45 . 2010-03-03 03:45 14226944 ----a-w- c:\windows\system32\atioglxx.dll
2010-03-03 03:24 . 2010-03-03 03:24 2993152 ----a-w- c:\windows\system32\atiumdva.dll
2010-03-03 03:23 . 2010-03-03 03:23 50176 ----a-w- c:\windows\system32\coinst.dll
2010-03-03 03:20 . 2010-03-03 03:20 53248 ----a-w- c:\windows\system32\aticalrt.dll
2010-03-03 03:20 . 2010-03-03 03:20 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-03-03 03:18 . 2010-03-03 03:18 3657728 ----a-w- c:\windows\system32\aticaldd.dll
2010-03-03 03:08 . 2010-03-03 03:08 52224 ----a-w- c:\windows\system32\atimpc32.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"QIP2005"="c:\program files\QIP\qip.exe" [2009-08-13 3276288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-02-26 2140880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ

[HKLM\~\startupfolder\C:^Users^Renee^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Renee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-05-23 10:43 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-04-14 05:43 604704 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-03-02 20:23 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-25 691696]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1343400]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-02-26 114984]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-05-31 142592]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-03 172032]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-02-26 133512]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-02-26 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-02-26 96896]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-03 5340160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-03 152064]

.
Obsah adresáře 'Naplánované úlohy'

2010-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3066638169-474057053-1295839724-1001Core.job
- c:\users\Renee\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-01 19:14]

2010-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3066638169-474057053-1295839724-1001UA.job
- c:\users\Renee\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-01 19:14]
.
.
------- Doplňkový sken -------
.
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/stati ... 0.53.0.cab
.
.
Celkový čas: 2010-05-31 18:29:04
ComboFix-quarantined-files.txt 2010-05-31 16:29

Před spuštěním: Volných bajtů: 28 124 807 168
Po spuštění: Volných bajtů: 28 072 493 056

- - End Of File - - E31A85EDFB1D5B4A21EED322F0485938

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

Folder::
c:\programdata\F-Secure

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

ComboFix 10-05-30.09 - Renee 31.05.2010 19:40:33.7.1 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1250.420.1029.18.2048.1303 [GMT 2:00]
Spuštěný z: c:\users\Renee\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Renee\Desktop\CFScript.txt
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-04-28 do 2010-05-31 )))))))))))))))))))))))))))))))
.

2010-05-31 17:45 . 2010-05-31 17:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-31 17:45 . 2010-05-31 17:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-31 17:37 . 2010-05-31 17:45 -------- d-----w- c:\users\Renee\AppData\Local\temp
2010-05-31 14:58 . 2010-05-31 14:58 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-05-31 14:58 . 2010-05-31 14:58 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-05-31 14:58 . 2010-05-31 14:58 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-05-31 14:58 . 2010-05-31 15:33 -------- d-----w- c:\users\Renee\AppData\Roaming\Spyware Terminator
2010-05-31 14:58 . 2010-05-31 15:05 -------- d-----w- c:\programdata\Spyware Terminator
2010-05-31 14:58 . 2010-05-31 15:30 -------- d-----w- c:\program files\Spyware Terminator
2010-05-28 11:47 . 2010-05-28 11:47 350208 ----a-w- c:\windows\system32\d3drm.dll
2010-05-26 07:40 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 19:07 . 2010-05-25 19:07 8854 ----a-r- c:\users\Renee\AppData\Roaming\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\Uninstall_FlatOut2_C884B05AF5D94AE49D84E6BD9F6E7890.exe
2010-05-25 19:07 . 2010-05-25 19:07 53248 ----a-r- c:\users\Renee\AppData\Roaming\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\FlatOut2.exe1_C884B05AF5D94AE49D84E6BD9F6E7890.exe
2010-05-25 19:07 . 2010-05-25 19:07 53248 ----a-r- c:\users\Renee\AppData\Roaming\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\FlatOut2.exe_C884B05AF5D94AE49D84E6BD9F6E7890.exe
2010-05-25 19:07 . 2010-05-25 19:07 15086 ----a-r- c:\users\Renee\AppData\Roaming\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\NewShortcut5_C884B05AF5D94AE49D84E6BD9F6E7890.exe
2010-05-25 19:07 . 2010-05-25 19:07 11502 ----a-r- c:\users\Renee\AppData\Roaming\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\ARPPRODUCTICON.exe
2010-05-25 18:58 . 2010-05-25 18:58 -------- d-----w- c:\program files\Empire Interactive
2010-05-23 12:23 . 2010-05-23 12:23 -------- d-----w- c:\users\Renee\AppData\Roaming\NPLUTO Corporation
2010-05-23 11:54 . 2010-05-24 15:00 -------- d-----w- c:\program files\DriftCity
2010-05-23 10:43 . 2010-05-23 10:43 -------- d-----w- c:\users\Renee\AppData\Local\DNA
2010-05-23 10:43 . 2010-05-25 21:44 -------- d-----w- c:\users\Renee\AppData\Roaming\DNA
2010-05-23 10:43 . 2010-05-25 18:54 -------- d-----w- c:\program files\DNA
2010-05-22 17:45 . 2010-05-22 17:45 -------- d-----w- c:\programdata\TmForever
2010-05-22 16:54 . 2010-05-22 16:54 -------- d-----w- C:\PFiles
2010-05-21 17:27 . 2010-05-21 17:29 -------- d-----w- c:\users\Renee\AppData\Local\Adobe
2010-05-21 17:26 . 2010-05-21 17:26 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-18 15:44 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-05-18 15:43 . 2010-05-18 15:43 -------- d-----w- c:\windows\system32\Wat
2010-05-17 06:30 . 2010-05-17 06:30 0 ----a-w- c:\windows\ativpsrm.bin
2010-05-15 16:46 . 2010-05-15 16:46 -------- d--h--r- c:\users\Renee\AppData\Roaming\SecuROM
2010-05-15 16:46 . 2010-05-15 16:46 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-05-15 15:24 . 2010-05-15 15:24 -------- d-----w- c:\program files\SEGA
2010-05-15 14:02 . 2007-03-22 10:46 126976 ----a-w- c:\users\Renee\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe
2010-05-13 19:10 . 2010-05-13 19:14 -------- d-----w- c:\program files\GoldWave
2010-05-12 10:44 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-06 19:52 . 2010-05-25 18:03 -------- d-----w- c:\users\Renee\AppData\Roaming\uTorrent
2010-05-03 15:29 . 2010-05-03 15:30 -------- d-----w- c:\program files\GIMP-2.0
2010-05-01 22:19 . 2010-05-01 22:42 -------- d-----w- c:\program files\Castle Strike

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-31 16:29 . 2010-04-01 21:43 -------- d-----w- c:\users\Renee\AppData\Roaming\AIMP
2010-05-31 15:37 . 2010-04-26 14:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-28 11:06 . 2009-07-14 08:14 631116 ----a-w- c:\windows\system32\perfh005.dat
2010-05-28 11:06 . 2009-07-14 08:14 123556 ----a-w- c:\windows\system32\perfc005.dat
2010-05-26 13:55 . 2010-04-04 08:44 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-26 13:54 . 2010-04-04 08:44 215016 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-26 13:11 . 2010-04-02 16:01 1 ----a-w- c:\users\Renee\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-25 18:52 . 2010-04-01 22:39 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-05-25 18:52 . 2010-04-01 22:41 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-19 10:42 . 2010-04-02 20:35 -------- d-----w- c:\users\Renee\AppData\Roaming\gtk-2.0
2010-05-17 12:39 . 2010-04-25 16:09 -------- d-----w- c:\program files\CCleaner
2010-05-15 21:48 . 2010-04-01 19:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-15 21:47 . 2010-04-02 10:43 -------- d-----w- c:\users\Renee\AppData\Roaming\Hamachi
2010-05-12 13:55 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-12 09:21 . 2010-04-01 19:15 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-05 13:57 . 2010-04-01 19:11 64120 ----a-w- c:\users\Renee\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-05 13:36 . 2010-04-18 18:00 -------- d-----w- c:\users\Renee\AppData\Roaming\DMCache
2010-05-01 13:41 . 2010-05-01 13:07 -------- d-----w- c:\program files\Ground Control II
2010-04-30 14:58 . 2010-04-30 14:58 -------- d-----w- c:\program files\Common Files\Java
2010-04-30 14:57 . 2010-04-30 14:57 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-30 14:57 . 2010-04-30 14:57 -------- d-----w- c:\program files\Java
2010-04-29 13:39 . 2010-04-26 14:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-04-26 14:03 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 20:28 . 2010-04-01 20:41 -------- d-----w- c:\program files\AIMP2
2010-04-26 21:26 . 2010-04-25 16:38 -------- d-----w- c:\program files\Trend Micro
2010-04-26 14:03 . 2010-04-26 14:03 -------- d-----w- c:\users\Renee\AppData\Roaming\Malwarebytes
2010-04-26 14:03 . 2010-04-26 14:03 -------- d-----w- c:\programdata\Malwarebytes
2010-04-25 17:41 . 2010-04-25 17:41 -------- d-----w- c:\program files\AMD
2010-04-25 16:38 . 2010-04-25 16:38 388096 ----a-r- c:\users\Renee\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-25 16:24 . 2010-04-25 16:20 -------- d-----w- c:\program files\RegCleaner
2010-04-25 12:37 . 2010-04-25 12:37 10134 ----a-r- c:\users\Renee\AppData\Roaming\Microsoft\Installer\{9903001D-2728-9D9B-3D8B-F593A502A972}\ARPPRODUCTICON.exe
2010-04-25 12:27 . 2010-04-01 21:03 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-22 19:45 . 2010-04-02 21:05 -------- d-----w- c:\program files\EA Games
2010-04-22 18:33 . 2010-04-22 18:33 -------- d-----w- c:\program files\Razor
2010-04-19 12:49 . 2010-04-02 21:21 138056 ----a-w- c:\users\Renee\AppData\Roaming\PnkBstrK.sys
2010-04-19 12:49 . 2010-04-02 21:21 138056 ----a-w- c:\users\Renee\AppData\Roaming\PnkBstrK.sys
2010-04-19 12:48 . 2010-04-19 12:48 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-04-15 15:55 . 2010-04-15 15:55 -------- d-----w- c:\program files\Sony Ericsson
2010-04-08 18:48 . 2010-04-08 18:13 -------- d-----w- c:\programdata\TrackMania
2010-04-08 18:13 . 2010-04-02 09:27 -------- d-----w- c:\program files\TmNationsForever
2010-04-04 08:44 . 2010-04-04 08:44 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-04-03 12:05 . 2010-04-03 12:05 -------- d-----w- c:\users\Renee\AppData\Roaming\GRETECH
2010-04-03 12:05 . 2010-04-03 12:05 -------- d-----w- c:\program files\GRETECH
2010-04-02 18:06 . 2010-04-02 18:06 -------- d-----w- c:\program files\SQUARE ENIX - Eidos Interactive
2010-04-02 16:24 . 2010-04-02 16:22 -------- d-----w- c:\program files\FootballArena
2010-04-02 16:01 . 2010-04-02 16:01 -------- d-----w- c:\users\Renee\AppData\Roaming\OpenOffice.org
2010-04-02 10:43 . 2010-04-02 10:43 -------- d-----w- c:\program files\Hamachi
2010-04-02 10:43 . 2010-04-02 10:43 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-04-02 09:32 . 2010-04-02 09:32 -------- d-----w- c:\users\Renee\AppData\Roaming\TuneUp Software
2010-04-02 09:32 . 2010-04-02 09:32 -------- d-----w- c:\programdata\TuneUp Software
2010-04-02 09:32 . 2010-04-02 09:32 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-04-02 09:14 . 2010-04-02 09:14 -------- d-----w- c:\program files\OpenOffice.org 3
2010-04-01 23:19 . 2010-04-01 23:19 -------- d-----w- c:\program files\AGEIA Technologies
2010-04-01 23:19 . 2010-04-01 23:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-01 23:06 . 2010-04-01 23:06 -------- d-----w- c:\program files\2K Games
2010-04-01 23:05 . 2010-04-01 22:38 -------- d-----w- c:\users\Renee\AppData\Roaming\DAEMON Tools Lite
2010-04-01 22:48 . 2010-04-01 22:48 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2010-04-01 22:38 . 2010-04-01 22:38 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-04-01 21:13 . 2010-04-01 21:03 -------- d-----w- c:\program files\Realtek AC97
2010-04-01 20:37 . 2010-04-01 20:37 -------- d-----w- c:\program files\QIP
2010-04-01 19:29 . 2010-04-01 19:29 -------- d-----w- c:\program files\ESET
2010-04-01 19:10 . 2010-04-01 19:10 -------- d-----w- c:\users\Renee\AppData\Roaming\ATI
2010-04-01 19:10 . 2010-04-01 19:10 -------- d-----w- c:\programdata\ATI
2010-04-01 19:10 . 2010-04-01 19:10 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-04-01 19:10 . 2010-04-01 19:08 -------- d-----w- c:\program files\ATI Technologies
2010-04-01 19:09 . 2010-04-01 19:09 -------- d-----w- c:\program files\ATI
2010-04-01 19:06 . 2010-04-01 19:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-04-01 18:59 . 2010-04-01 18:59 -------- d-sh--we c:\programdata\Plocha
2010-04-01 18:59 . 2010-04-01 18:59 -------- d-sh--we c:\programdata\Oblíbené položky
2010-04-01 18:59 . 2010-04-01 18:59 -------- d-sh--we c:\programdata\Šablony
2010-04-01 18:59 . 2010-04-01 18:59 -------- d-sh--we c:\programdata\Nabídka Start
2010-04-01 18:59 . 2010-04-01 18:59 -------- d-sh--we c:\programdata\Dokumenty
2010-04-01 18:59 . 2010-04-01 18:59 -------- d-sh--we c:\programdata\Data aplikací
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\28746\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\28746\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\28746\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\28746\AcrobatUpdater.exe
2010-03-08 21:33 . 2010-04-14 13:39 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-03-03 04:22 . 2010-03-03 04:22 5340160 ----a-w- c:\windows\system32\drivers\atipmdag.sys
2010-03-03 04:22 . 2010-03-03 04:22 5340160 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-03-03 04:16 . 2010-03-03 04:16 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-03-03 04:16 . 2010-03-03 04:16 446464 ----a-w- c:\windows\system32\aticfx32.dll
2010-03-03 04:13 . 2010-03-03 04:13 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-03-03 04:12 . 2010-03-03 04:12 372736 ----a-w- c:\windows\system32\atieclxx.exe
2010-03-03 04:11 . 2010-03-03 04:11 172032 ----a-w- c:\windows\system32\atiesrxx.exe
2010-03-03 04:10 . 2010-03-03 04:10 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-03-03 04:10 . 2010-03-03 04:10 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-03-03 04:09 . 2010-03-03 04:09 274432 ----a-w- c:\windows\system32\Oemdspif.dll
2010-03-03 04:09 . 2010-03-03 04:09 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-03-03 04:09 . 2010-03-03 04:09 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-03-03 04:06 . 2009-07-13 22:09 3131392 ----a-w- c:\windows\system32\atidxx32.dll
2010-03-03 03:46 . 2010-03-03 03:46 3703808 ----a-w- c:\windows\system32\atiumdag.dll
2010-03-03 03:45 . 2010-03-03 03:45 14226944 ----a-w- c:\windows\system32\atioglxx.dll
2010-03-03 03:24 . 2010-03-03 03:24 2993152 ----a-w- c:\windows\system32\atiumdva.dll
2010-03-03 03:23 . 2010-03-03 03:23 50176 ----a-w- c:\windows\system32\coinst.dll
2010-03-03 03:20 . 2010-03-03 03:20 53248 ----a-w- c:\windows\system32\aticalrt.dll
2010-03-03 03:20 . 2010-03-03 03:20 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-03-03 03:18 . 2010-03-03 03:18 3657728 ----a-w- c:\windows\system32\aticaldd.dll
2010-03-03 03:08 . 2010-03-03 03:08 52224 ----a-w- c:\windows\system32\atimpc32.dll
2010-03-03 03:08 . 2010-03-03 03:08 52224 ----a-w- c:\windows\system32\amdpcom32.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-05-31_16.27.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-02 09:09 . 2010-05-31 17:10 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-02 09:09 . 2010-05-31 16:00 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-02 09:09 . 2010-05-31 17:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-04-02 09:09 . 2010-05-31 16:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2010-04-02 09:09 . 2010-05-31 17:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-04-02 09:09 . 2010-05-31 16:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-04-01 21:42 . 2010-05-31 16:11 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-01 21:42 . 2010-05-31 17:10 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 02:03 . 2010-05-31 17:07 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2010-05-31 16:22 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"QIP2005"="c:\program files\QIP\qip.exe" [2009-08-13 3276288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-02-26 2140880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ

[HKLM\~\startupfolder\C:^Users^Renee^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Renee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-04-14 05:43 604704 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-03-02 20:23 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-25 691696]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1343400]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-02-26 114984]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-05-31 142592]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-03 172032]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-02-26 133512]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-02-26 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-02-26 96896]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-03 5340160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-03 152064]

.
Obsah adresáře 'Naplánované úlohy'

2010-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3066638169-474057053-1295839724-1001Core.job
- c:\users\Renee\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-01 19:14]

2010-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3066638169-474057053-1295839724-1001UA.job
- c:\users\Renee\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-01 19:14]
.
.
------- Doplňkový sken -------
.
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/stati ... 0.53.0.cab
.
.
Celkový čas: 2010-05-31 19:47:33
ComboFix-quarantined-files.txt 2010-05-31 17:47
ComboFix2.txt 2010-05-31 17:37
ComboFix3.txt 2010-05-31 16:29

Před spuštěním: Volných bajtů: 27 897 147 392
Po spuštění: Volných bajtů: 27 846 762 496

- - End Of File - - 19958C5A63045A500A20D975BDC08506

Vypni antivir a pokud máš i Antispyware a odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start -> Spustit (nebo klávesy Win+R) a zadej do řádku: Combofix[mezera]/uninstall (uninstall jsou dvě "ll"!)
*****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na Minimální výstup.Pod Běžné registry změň na Vše, Specifické registry na Vše. Zatrhni Kontrola na havěť LOP a Kontrola na havěť Purity. Stáří souborů změň na 14 dnů. Všechny ostatní nastavení ponech jak jsou. Klikni na Prohledat. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj

OTL.txt:
OTL logfile created on: 31.5.2010 20:41:48 - Run 4
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Users\Renee\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 26,09 Gb Free Space | 23,36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RENEE-JE-ŠÉF
Current User Name: Renee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Renee\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\QIP\qip.exe (The Author of QIP)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - c:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Program Files\AIMP2\AIMP2.exe (AIMP DevTeam)

========== Modules (SafeList) ==========

MOD - C:\Users\Renee\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) Protokol PNRP (Peer Name Resolution Protocol) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) Instalační program ovládacích prvků ActiveX (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (epfwwfpr) -- C:\Windows\System32\drivers\epfwwfpr.sys (ESET)
DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)
DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)
DRV - (atkdisplf) -- C:\Windows\System32\drivers\ATKDispLowFilter.sys (ASUSTeK Computer Inc.)
DRV - (asusgsb) -- C:\Windows\System32\drivers\asusgsb.sys (ASUSTeK Computer Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SYSTEM32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SYSTEM32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = cs
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A2 6C 10 5C BD E4 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.04.01 21:29:48 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010.05.31 19:34:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKCU..\Run: [QIP2005] C:\Program Files\QIP\qip.exe (The Author of QIP)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/stati ... 0.53.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010.05.31 20:40:19 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\Renee\Desktop\OTL.exe
[2010.05.31 19:47:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.05.31 19:37:18 | 000,000,000 | ---D | C] -- C:\Users\Renee\AppData\Local\temp
[2010.05.31 18:27:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.05.31 18:20:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.05.31 16:58:47 | 000,000,000 | ---D | C] -- C:\Users\Renee\AppData\Roaming\Spyware Terminator
[2010.05.31 16:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2010.05.31 16:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2010.05.28 13:47:49 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3drm.dll
[2010.05.26 09:40:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.05.25 20:58:09 | 000,000,000 | ---D | C] -- C:\Program Files\Empire Interactive
[2010.05.23 14:23:59 | 000,000,000 | ---D | C] -- C:\Users\Renee\AppData\Roaming\NPLUTO Corporation
[2010.05.23 13:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\DriftCity
[2010.05.23 12:43:18 | 000,000,000 | ---D | C] -- C:\Users\Renee\AppData\Local\DNA
[2010.05.23 12:43:16 | 000,000,000 | ---D | C] -- C:\Users\Renee\AppData\Roaming\DNA
[2010.05.23 12:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\DNA
[2010.05.22 19:45:01 | 000,000,000 | ---D | C] -- C:\Users\Renee\Desktop\Documents\TmForever
[2010.05.22 19:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TmForever
[2010.05.22 18:54:57 | 000,000,000 | ---D | C] -- C:\PFiles
[2010.05.21 19:27:52 | 000,000,000 | ---D | C] -- C:\Users\Renee\AppData\Local\Adobe
[2010.05.21 19:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.05.21 19:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010.05.21 19:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010.05.18 17:43:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat

========== Files - Modified Within 14 Days ==========

[2010.05.31 20:42:02 | 001,572,864 | -HS- | M] () -- C:\Users\Renee\NTUSER.DAT
[2010.05.31 20:40:31 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Renee\Desktop\OTL.exe
[2010.05.31 20:19:01 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3066638169-474057053-1295839724-1001UA.job
[2010.05.31 19:45:26 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.05.31 19:34:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.05.31 18:16:39 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.31 18:16:39 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.31 18:09:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.31 18:09:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.31 18:09:13 | 1610,260,480 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.31 18:08:20 | 006,291,456 | -H-- | M] () -- C:\Users\Renee\AppData\Local\IconCache.db
[2010.05.31 16:58:49 | 000,142,592 | ---- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010.05.30 21:19:05 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3066638169-474057053-1295839724-1001Core.job
[2010.05.28 13:47:17 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3drm.dll
[2010.05.28 13:06:14 | 001,473,146 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.28 13:06:14 | 000,631,116 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010.05.28 13:06:14 | 000,615,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.28 13:06:14 | 000,123,556 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010.05.28 13:06:14 | 000,107,396 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.26 16:41:27 | 000,215,016 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.05.26 15:55:16 | 000,138,184 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.05.25 22:09:46 | 000,000,873 | ---- | M] () -- C:\Users\Renee\Desktop\revolt.lnk
[2010.05.25 21:07:54 | 000,003,189 | ---- | M] () -- C:\Users\Renee\Desktop\FlatOut2.lnk
[2010.05.25 20:52:32 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010.05.23 13:55:19 | 000,001,842 | ---- | M] () -- C:\Users\Renee\Desktop\Drift City (EU_ENG).lnk
[2010.05.22 19:45:01 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Nadeo.ini
[2010.05.19 13:04:43 | 000,005,269 | ---- | M] () -- C:\Users\Renee\.recently-used.xbel

========== Files Created - No Company Name ==========

[2010.05.31 16:58:49 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010.05.25 22:09:08 | 000,000,873 | ---- | C] () -- C:\Users\Renee\Desktop\revolt.lnk
[2010.05.25 21:07:54 | 000,003,189 | ---- | C] () -- C:\Users\Renee\Desktop\FlatOut2.lnk
[2010.05.23 13:55:19 | 000,001,842 | ---- | C] () -- C:\Users\Renee\Desktop\Drift City (EU_ENG).lnk
[2010.05.22 19:45:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Nadeo.ini
[2010.05.19 13:04:43 | 000,005,269 | ---- | C] () -- C:\Users\Renee\.recently-used.xbel
[2010.05.02 00:18:10 | 000,000,020 | ---- | C] () -- C:\Windows\level.ini
[2010.04.18 20:11:25 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2010.04.04 10:44:37 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.04.14 07:43:32 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2004.08.13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

========== LOP Check ==========

[2010.05.31 20:00:19 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\AIMP
[2010.04.02 01:05:09 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\DAEMON Tools Lite
[2010.05.05 15:36:05 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\DMCache
[2010.05.25 23:44:47 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\DNA
[2010.05.19 12:42:36 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\gtk-2.0
[2010.05.23 14:23:59 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\NPLUTO Corporation
[2010.04.02 18:01:47 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\OpenOffice.org
[2010.05.31 17:33:14 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\Spyware Terminator
[2010.04.02 11:32:43 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\TuneUp Software
[2010.05.25 20:03:27 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\uTorrent
[2009.07.14 06:53:46 | 000,023,278 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Extras.txt:
OTL Extras logfile created on: 31.5.2010 20:41:48 - Run 4
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Users\Renee\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 26,09 Gb Free Space | 23,36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RENEE-JE-ŠÉF
Current User Name: Renee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01144BEA-886C-067C-5879-4773516F9A8F}" = Catalyst Control Center Graphics Previews Vista
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{032D20C4-51C3-4699-A234-353C1227A62A}" = ESET NOD32 Antivirus
"{0FC27548-D4DB-8039-456B-D9E743FEF86F}" = CCC Help English
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1BA7B068-4719-42A3-B553-D4ED97434F92}" = ASUS Utilities
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28996689-E20A-E63B-2BDA-B662AB807C87}" = ATI Catalyst Install Manager
"{3E18D88A-5067-324B-382C-9166D4388ED0}" = ccc-core-static
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5B07D8FE-CC01-23CE-3961-751687074E54}" = Catalyst Control Center Graphics Previews Common
"{5DE71D48-01EB-4BF2-A643-50FE6C9B6AC9}" = OpenOffice.org 3.2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F817DD0-D103-196F-5D63-365DC87B43EE}" = Catalyst Control Center HydraVision Full
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.20
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{9903001D-2728-9D9B-3D8B-F593A502A972}" = Catalyst Control Center InstallProxy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E05E8-C3C4-407F-8197-C17E9740F640}" = Ground Control II
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3.2 - Czech
"{B535DA73-AAD1-51E8-9232-9358D2A20E9B}" = Catalyst Control Center Graphics Full Existing
"{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}" = FlatOut2
"{C91BC5DF-C6BD-388B-FEB8-2721B9D5C97B}" = Catalyst Control Center Core Implementation
"{CastleStrike_B}" = Castle Strike
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D575E1CA-56BB-2944-744E-E7CD1EDB9C82}" = Catalyst Control Center Graphics Full New
"{D6AAE701-6EA9-FAA1-AB38-227AA94531A1}" = Catalyst Control Center Graphics Light
"{D8508208-4591-2964-3DDB-16A4BE871230}" = ccc-utility
"{DF7B213D-2065-41ED-BB51-7A3EED31EA7B}" = Ultima Online: Mondain's Legacy
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIMP2" = AIMP2
"CCleaner" = CCleaner
"Conqueror Loader" = Conqueror Loader
"DriftCity_EU_eng" = Drift City (EU_ENG)
"Football Arena Viewer_is1" = Football Arena 1.00.0013 (BETA)
"GoldWave v5.20" = GoldWave v5.20
"GOM Player" = GOM Player
"Hamachi" = Hamachi 1.0.2.5
"InstallShield_{9B2E05E8-C3C4-407F-8197-C17E9740F640}" = Ground Control II
"Just Cause 2_is1" = Just Cause 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"PunkBusterSvc" = PunkBuster Services
"Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 4.12.2.4
"Spyware Terminator_is1" = Spyware Terminator
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR
"xvid" = XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"QIP 2005" = QIP 2005 8095

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24.5.2010 16:04:27 | Computer Name = Renee-je-šéf | Source = Application Error | ID = 1000
Description = Název chybující aplikace: BFHeroes.exe, verze: 0.0.0.0, časové razítko:
0x4bf6612a Název chybujícího modulu: BFHeroes.exe, verze: 0.0.0.0, časové razítko:
0x4bf6612a Kód výjimky: 0xc0000005 Posun chyby: 0x001bee1b ID chybujícího procesu:
0xc50 Čas spuštění chybující aplikace: 0x01cafb73d78b7172 Cesta k chybující aplikaci:
C:\Program Files\EA Games\Battlefield Heroes\BFHeroes.exe Cesta k chybujícímu modulu:
C:\Program Files\EA Games\Battlefield Heroes\BFHeroes.exe ID zprávy: 8e07ea17-676f-11df-858a-001731138d36

Error - 25.5.2010 9:00:40 | Computer Name = Renee-je-šéf | Source = Application Error | ID = 1000
Description = Název chybující aplikace: chrome.exe, verze: 0.0.0.0, časové razítko:
0x4bd40a55 Název chybujícího modulu: NPSWF32.dll, verze: 10.0.45.2, časové razítko:
0x4b5f91c2 Kód výjimky: 0xc0000005 Posun chyby: 0x0003d822 ID chybujícího procesu:
0x68c Čas spuštění chybující aplikace: 0x01cafc0a45375ddf Cesta k chybující aplikaci:
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe Cesta k chybujícímu
modulu: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ID zprávy: 84f47508-67fd-11df-8f49-001731138d36

Error - 25.5.2010 9:01:08 | Computer Name = Renee-je-šéf | Source = Application Hang | ID = 1002
Description = Program chrome.exe verze 0.0.0.0 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
460 Čas spuštění: 01cafc0612242284 Čas ukončení: 24 Cesta k aplikaci: C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe

ID
hlášení: 91f79c9c-67fd-11df-8f49-001731138d36

Error - 25.5.2010 10:02:01 | Computer Name = Renee-je-šéf | Source = Application Error | ID = 1000
Description = Název chybující aplikace: BFHeroes.exe, verze: 0.0.0.0, časové razítko:
0x4bf6612a Název chybujícího modulu: pbcl.dll_unloaded, verze: 0.0.0.0, časové razítko:
0x4babde70 Kód výjimky: 0xc0000005 Posun chyby: 0x04d0fe0c ID chybujícího procesu:
0x548 Čas spuštění chybující aplikace: 0x01cafc0d19a45d47 Cesta k chybující aplikaci:
C:\Program Files\EA Games\Battlefield Heroes\BFHeroes.exe Cesta k chybujícímu modulu:
pbcl.dll ID zprávy: 169be654-6806-11df-8f49-001731138d36

Error - 26.5.2010 9:32:57 | Computer Name = Renee-je-šéf | Source = Application Error | ID = 1000
Description = Název chybující aplikace: BFHeroes.exe, verze: 0.0.0.0, časové razítko:
0x4bf6612a Název chybujícího modulu: BFHeroes.exe, verze: 0.0.0.0, časové razítko:
0x4bf6612a Kód výjimky: 0xc0000005 Posun chyby: 0x001bee1b ID chybujícího procesu:
0x28c Čas spuštění chybující aplikace: 0x01cafcd6845b4733 Cesta k chybující aplikaci:
C:\Program Files\EA Games\Battlefield Heroes\BFHeroes.exe Cesta k chybujícímu modulu:
C:\Program Files\EA Games\Battlefield Heroes\BFHeroes.exe ID zprávy: 31733b6d-68cb-11df-aefe-001731138d36

Error - 26.5.2010 9:46:00 | Computer Name = Renee-je-šéf | Source = Application Error | ID = 1000
Description = Název chybující aplikace: BFHeroes.exe, verze: 0.0.0.0, časové razítko:
0x4bf6612a Název chybujícího modulu: BFHeroes.exe, verze: 0.0.0.0, časové razítko:
0x4bf6612a Kód výjimky: 0xc0000005 Posun chyby: 0x001bee1b ID chybujícího procesu:
0xe44 Čas spuštění chybující aplikace: 0x01cafcd80b7407fb Cesta k chybující aplikaci:
C:\Program Files\EA Games\Battlefield Heroes\BFHeroes.exe Cesta k chybujícímu modulu:
C:\Program Files\EA Games\Battlefield Heroes\BFHeroes.exe ID zprávy: 041f5ad7-68cd-11df-aefe-001731138d36

Error - 26.5.2010 12:39:57 | Computer Name = Renee-je-šéf | Source = Application Error | ID = 1000
Description = Název chybující aplikace: BFHeroes.exe, verze: 0.0.0.0, časové razítko:
0x4bf6612a Název chybujícího modulu: BFHeroes.exe, verze: 0.0.0.0, časové razítko:
0x4bf6612a Kód výjimky: 0xc0000005 Posun chyby: 0x001bee1b ID chybujícího procesu:
0xbc0 Čas spuštění chybující aplikace: 0x01cafcda28272716 Cesta k chybující aplikaci:
C:\Program Files\EA Games\Battlefield Heroes\BFHeroes.exe Cesta k chybujícímu modulu:
C:\Program Files\EA Games\Battlefield Heroes\BFHeroes.exe ID zprávy: 515e97ae-68e5-11df-941f-001731138d36

Error - 31.5.2010 10:44:47 | Computer Name = Renee-je-šéf | Source = Wininit | ID = 1015
Description = Došlo k selhání kritického systémového procesu C:\Windows\system32\lsass.exe
se stavovým kódem 1. Počítač je nyní nutné restartovat.

Error - 31.5.2010 11:03:04 | Computer Name = Renee-je-šéf | Source = VSS | ID = 8194
Description =

Error - 31.5.2010 14:37:47 | Computer Name = Renee-je-šéf | Source = Application Error | ID = 1000
Description = Název chybující aplikace: TrackEdit.exe, verze: 1.0.0.1, časové razítko:
0x3794af2b Název chybujícího modulu: TrackEdit.exe, verze: 1.0.0.1, časové razítko:
0x3794af2b Kód výjimky: 0xc0000005 Posun chyby: 0x0000852a ID chybujícího procesu:
0xe68 Čas spuštění chybující aplikace: 0x01cb00ec7b9773bd Cesta k chybující aplikaci:
C:\Renee\hry\Re-Volt\Re-Volt\Editor\TrackEdit.exe Cesta k chybujícímu modulu: C:\Renee\hry\Re-Volt\Re-Volt\Editor\TrackEdit.exe
ID
zprávy: 9b670440-6ce3-11df-a041-001731138d36

[ System Events ]
Error - 31.5.2010 10:29:13 | Computer Name = Renee-je-šéf | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 31.5.2010 10:44:14 | Computer Name = Renee-je-šéf | Source = Service Control Manager | ID = 7034
Description = Služba PnkBstrA byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error - 31.5.2010 10:46:27 | Computer Name = Renee-je-šéf | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (16:45:41, ?31.?5.?2010) bylo neočekávané.

Error - 31.5.2010 10:47:00 | Computer Name = Renee-je-šéf | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 31.5.2010 12:21:50 | Computer Name = Renee-je-šéf | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 31.5.2010 12:27:11 | Computer Name = Renee-je-šéf | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 31.5.2010 13:28:59 | Computer Name = Renee-je-šéf | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 31.5.2010 13:35:01 | Computer Name = Renee-je-šéf | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 31.5.2010 13:40:19 | Computer Name = Renee-je-šéf | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 31.5.2010 13:45:24 | Computer Name = Renee-je-šéf | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

< End of report >

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/Opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

:Files
C:\WINDOWS\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\system32\SET*.tmp
C:\Recycler
C:\$RECYCLE.BIN
C:\Windows\tasks\SA.DAT

:Reg

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

Teda možná jsem něco udělal špatně, ale jen rychle něco udělal, vypnul explorer.exe a vyplodil tohle:

========== OTL ==========
Process explorer.exe killed successfully!
========== FILES ==========
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder C:\Recycler not found.
C:\$RECYCLE.BIN\S-1-5-21-3066638169-474057053-1295839724-1001 folder moved successfully.
C:\$RECYCLE.BIN folder moved successfully.
C:\Windows\tasks\SA.DAT moved successfully.
========== REGISTRY ==========

OTL by OldTimer - Version 3.2.5.2 log created on 05312010_210741

Restartoval? Pokud ne (chybá mi tam ještě zapsanej výmaz tempů), tak proveď ten skript ještě jednou. Nepoužij ale kód "Vybrat vše".

Řádky musí být od kraje a od vrchu okýnka.

PC-HELP.CZ

kontrola logu - zpomalení internetu

kontrola logu - zpomalení internetu

Re: kontrola logu - zpomalení internetu

Re: kontrola logu - zpomalení internetu

Re: kontrola logu - zpomalení internetu

Re: kontrola logu - zpomalení internetu

Re: kontrola logu - zpomalení internetu

Re: kontrola logu - zpomalení internetu

Re: kontrola logu - zpomalení internetu

Re: kontrola logu - zpomalení internetu

Re: kontrola logu - zpomalení internetu

Re: kontrola logu - zpomalení internetu

Re: kontrola logu - zpomalení internetu