Zavirované PC - pLs HELP me!

[Struzzo]

Čau lidi,

mám mega problém. Nějakej škodlivej vir se mi dostal do PC. Zpomalil se mi net ,nefunguje mi Counter Strike ,seká se mi kompl a prostě s tím mám potíže. Projel jsem to NODem32, našlo to jeden vir, ale je tady jeden problém. Ten vir nejde odstranit i léčit, tak ho vždycky musím ponechat. Vždycky je přístup odmítnut a dokonce když ten soubor chcu najít, tak mi to nic nevyhledá, prej ani neexistuje. Strašně mi to vadí, prosím, pomožte mi. Řekněte mi podrobnější instrukce, např. kterej antivirus by to zvládl nebo tak atd.

Dík všem

Struzzo

mod. by Ltb - úprava předmětu z "pLs HELP me!" na něco více konkrétního..

[Reklama]

[peta501]

zkus log z hjt sem hodit

[guest]

Ty máš megaproblém hned v nadpisu.
Napiš co je to za vir, udělej log z HijackThis, vlož ho do příslušné sekce a požádej o kontrolu logu.
Re: pLs HELP me! to vypadá že se topíš ale o problému s PC to nic nevypovídá.

//nadpis dodatečně upraven (LTB)

[Struzzo]

Logfile of HijackThis v1.99.1
Scan saved at 16:59:58, on 12.5.2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Users\Minerálka\Program Files\DNA\btdna.exe
C:\Windows\OETRN.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Minerálka\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Windows\WebIE.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Minerálka\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [OEXPRESS] C:\Windows\OETRN.EXE
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\MINERL~1\AppData\Local\Temp\tuvUOFUN.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\MINERL~1\AppData\Local\Temp\tuvTkkiH.dll,c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [56cfcace] rundll32.exe "C:\Users\MINERL~1\AppData\Local\Temp\oicrbogt.dll",b
O4 - HKCU\..\Run: [Steam] C:\CS\valve\steam\Steam.exe -silent
O4 - HKCU\..\Run: [BM55fcf952] Rundll32.exe "C:\Users\MINERL~1\AppData\Local\Temp\cgbgnnoi.dll",s
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Windows\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Windows\WebIE.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: SQL Server (SONY_MEDIAMGR2) (MSSQL$SONY_MEDIAMGR2) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

[Tholus]

Stará verze...

[Struzzo]

Ok, už mám nejnovější verzi..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:22:03, on 12.5.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Users\Minerálka\Program Files\DNA\btdna.exe
C:\Windows\OETRN.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Qip\qip.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Windows\WebIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Windows\WebIE.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Minerálka\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [OEXPRESS] C:\Windows\OETRN.EXE
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\MINERL~1\AppData\Local\Temp\tuvUOFUN.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\MINERL~1\AppData\Local\Temp\tuvTkkiH.dll,c
O4 - HKCU\..\Run: [56cfcace] rundll32.exe "C:\Users\MINERL~1\AppData\Local\Temp\oicrbogt.dll",b
O4 - HKCU\..\Run: [Steam] C:\CS\valve\steam\Steam.exe -silent
O4 - HKCU\..\Run: [BM55fcf952] Rundll32.exe "C:\Users\MINERL~1\AppData\Local\Temp\cgbgnnoi.dll",s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Windows\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Windows\WebIE.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 9002 bytes

[dog.big]

BTdna.exe je spyware. Stále hledá nějaká možná připojení a sdílené složky ve vašem počítači, čert ví proč. Zpomaluje počítač a také rychlost připojení.
Je potřeba ji odinstalovat. (z nějakých stránek věnující se virům, spywaru)

Pryč s těmahle věcma:
C:\Users\Minerálka\Program Files\DNA\btdna.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Minerálka\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\MINERL~1\AppData\Local\Temp\tuvUOFUN.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\MINERL~1\AppData\Local\Temp\tuvTkkiH.dll,c

[Struzzo]

ty 3 poslední už jsou pryč ,ale chtěl jsem se jenom zeptat..to btdna je součástí bittorentu? jako programu? jo a mám to v program files, tak to mám normálně odstranit z program files? v odinstalovacím programu to není

[Struzzo]

tak je sorry jdu na to a udělám antivirovou kontrolu

[fredik]

Fixnutím těch položek si moc nepomůžeš a je tam toho ještě víc.

Stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Struzzo]

Úžasnej prográmek..net už mám o hodně rychlejší..

ComboFix 08-05-12.1 - Minerálka 2008-05-13 15:44:04.1 - NTFSx86
Running from: C:\Users\Minerálka\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Sysmnt
C:\Program Files\Sysmnt\Ssmgr.exe
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\Minerálka\AppData\Local\Microsoft\Windows\Temporary Internet Files\MAILTRAN.INI
C:\Users\Minerálka\AppData\Local\Microsoft\Windows\Temporary Internet Files\TRNCOM.INI
C:\Users\Minerálka\AppData\Local\Microsoft\Windows\Temporary Internet Files\WTRAN32.INI
C:\Windows\123messenger.per
C:\Windows\apphelp32.dll
C:\Windows\asferror32.dll
C:\Windows\asycfilt32.dll
C:\Windows\athprxy32.dll
C:\Windows\ati2dvaa32.dll
C:\Windows\ati2dvag32.dll
C:\Windows\audiosrv32.dll
C:\Windows\autodisc32.dll
C:\Windows\avifile32.dll
C:\Windows\avisynthex32.dll
C:\Windows\aviwrap32.dll
C:\Windows\bjam.dll
C:\Windows\bokja.exe
C:\Windows\cdsm32.dll
C:\Windows\default.htm
C:\Windows\didduid.ini
C:\Windows\Downloaded Program Files\UGDCCZ_0001_N122M1712NetInstaller.exe
C:\Windows\FLEOK
C:\Windows\FLEOK\180ax.exe
C:\Windows\changeurl_30.dll
C:\Windows\Installer\id53.exe
C:\Windows\licencia.txt
C:\Windows\msa64chk.dll
C:\Windows\msapasrc.dll
C:\Windows\mspphe.dll
C:\Windows\ntnut.exe
C:\Windows\saiemod.dll
C:\Windows\shdocpe.dll
C:\Windows\shdocpl.dll
C:\Windows\stcloader.exe
C:\Windows\swin32.dll
C:\Windows\system32\msixu.dll
C:\Windows\system32\MSNSA32.dll
C:\Windows\system32\SIPSPI32.dll
C:\Windows\system32\wer8274.dll
C:\Windows\system32\winfrun32.bin
C:\Windows\telefonos.txt
C:\Windows\TEMP\salm.exe
C:\Windows\textos.txt
C:\Windows\updatetc.exe
C:\Windows\winsb.dll

----- BITS: Possible infected sites -----

hxxp://theinstalls.com
.
((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13 )))))))))))))))))))))))))))))))
.

2008-05-13 15:42 . 2008-05-13 15:43 <DIR> d-------- C:\327882R2FWJFW
2008-05-12 21:21 . 2008-05-12 21:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-12 14:00 . 2008-05-12 14:00 <DIR> d-------- C:\Users\Minerálka\AppData\Roaming\Ashampoo
2008-05-11 23:14 . 2008-05-11 23:14 <DIR> d-------- C:\Program Files\Common Files\Steam
2008-05-09 12:39 . 2008-05-09 12:39 <DIR> d-------- C:\Users\Minerálka\AppData\Roaming\Mozilla
2008-05-09 12:39 . 2008-05-09 12:39 0 --a------ C:\Windows\nsreg.dat
2008-05-09 11:58 . 2008-05-09 11:58 <DIR> d-------- C:\Program Files\Alwil Software
2008-05-09 01:10 . 2008-05-13 11:30 <DIR> d-------- C:\Program Files\Crawler
2008-05-09 00:25 . 2008-05-09 00:25 <DIR> d-------- C:\Windows\WCBurn
2008-05-09 00:25 . 2008-05-09 00:25 52 --a------ C:\Windows\System32\Save Windows and Programs (No Data or Documents).BDF
2008-05-09 00:25 . 2008-05-09 00:25 52 --a------ C:\Windows\System32\Save Data and Documents Only.BDF
2008-05-09 00:25 . 2008-05-09 00:25 52 --a------ C:\Windows\Save Windows and Programs (No Data or Documents).BDF
2008-05-09 00:25 . 2008-05-09 00:25 52 --a------ C:\Windows\Save Data and Documents Only.BDF
2008-05-09 00:25 . 2008-05-09 00:25 52 --a------ C:\Save Windows and Programs (No Data or Documents).BDF
2008-05-09 00:25 . 2008-05-09 00:25 52 --a------ C:\Save Everything On Computer.BDF
2008-05-09 00:25 . 2008-05-09 00:25 52 --a------ C:\Save Data and Documents Only.BDF
2008-05-09 00:25 . 2008-05-09 00:25 52 --a------ C:\Program Files\Save Windows and Programs (No Data or Documents).BDF
2008-05-09 00:25 . 2008-05-09 00:25 52 --a------ C:\Program Files\Save Data and Documents Only.BDF
2008-05-09 00:20 . 2008-05-09 00:28 <DIR> d-------- C:\Program Files\Willow Creek Software
2008-05-08 21:45 . 2008-05-08 22:24 <DIR> d-------- C:\CS S
2008-05-08 11:08 . 2008-05-08 11:08 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{2c6099b4-1cde-11dd-b0f7-001a4df9bb78}.TMContainer00000000000000000002.regtrans-ms
2008-05-08 11:08 . 2008-05-08 11:08 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{2c6099b4-1cde-11dd-b0f7-001a4df9bb78}.TMContainer00000000000000000001.regtrans-ms
2008-05-08 11:08 . 2008-05-08 11:08 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{2c6099b4-1cde-11dd-b0f7-001a4df9bb78}.TM.blf
2008-05-08 11:03 . 2008-05-08 11:03 <DIR> d-------- C:\Program Files\ESET
2008-05-08 00:42 . 2008-05-08 00:42 <DIR> d-------- C:\Users\All Users\SuspenzorPC
2008-05-08 00:42 . 2008-05-08 00:42 <DIR> d-------- C:\ProgramData\SuspenzorPC
2008-05-08 00:33 . 2007-02-13 08:09 388,126 --a------ C:\Windows\System32\sqlite3.dll
2008-05-06 15:21 . 2008-05-06 15:29 <DIR> d-------- C:\CS
2008-05-05 15:23 . 2008-05-05 15:23 <DIR> dr-h----- C:\Users\Minerálka\AppData\Roaming\SecuROM
2008-05-05 15:23 . 2008-05-05 15:23 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2008-05-05 07:36 . 2008-05-05 07:36 <DIR> d-------- C:\Program Files\GoldWave
2008-05-03 22:34 . 2008-03-03 14:25 5,702 --ah----- C:\Windows\nod32restoretemdono.reg
2008-05-03 16:02 . 2008-05-03 16:02 352,256 --a------ C:\Windows\eSellerateEngine.dll
2008-05-02 17:31 . 2008-05-02 17:31 <DIR> d-------- C:\Users\Minerálka\AppData\Roaming\Google
2008-05-01 17:59 . 2008-05-01 17:59 491,520 --a------ C:\Windows\WebIE.dll
2008-05-01 17:59 . 2008-05-01 17:59 356,352 --a------ C:\Windows\TrnOutl.dll
2008-05-01 17:59 . 2008-05-01 17:59 294,912 --a------ C:\Windows\TrnWord.dll
2008-05-01 17:59 . 2008-05-01 17:59 200,704 --a------ C:\Windows\TRNOET.DLL
2008-05-01 17:59 . 2008-05-01 17:59 45,056 --a------ C:\Windows\TRNOEH.DLL
2008-05-01 17:59 . 2008-05-01 17:59 26,624 --a------ C:\Windows\OETRN.EXE
2008-05-01 17:59 . 2008-05-01 17:59 33 --a------ C:\Windows\WTRDCTM.INI
2008-05-01 17:58 . 2008-05-01 17:58 516,096 --a------ C:\Windows\UN32.EXE
2008-05-01 17:58 . 2008-05-01 17:58 2,753 --a------ C:\Windows\UN32P.INI
2008-05-01 17:57 . 2008-05-01 18:05 <DIR> d-------- C:\TRANSLAT
2008-05-01 17:57 . 2008-05-01 17:57 4,192 --a------ C:\Windows\WTRAN32.INI
2008-05-01 17:57 . 2008-05-01 17:59 2,476 --a------ C:\Windows\TRNCOM.INI
2008-05-01 17:57 . 2008-05-01 17:59 1,678 --a------ C:\Windows\MAILTRAN.INI
2008-05-01 17:57 . 2008-05-01 17:57 1,581 --a------ C:\Windows\WDICT32.INI
2008-05-01 13:46 . 2008-05-03 22:36 <DIR> d-------- C:\Users\Minerálka\AppData\Roaming\OpenOffice.org2
2008-05-01 00:46 . 2008-05-10 15:39 <DIR> d-------- C:\Users\All Users\Google
2008-05-01 00:46 . 2008-05-11 18:15 <DIR> d-------- C:\Program Files\Google
2008-05-01 00:46 . 2008-05-01 00:46 56 --ah----- C:\Users\All Users\ezsidmv.dat
2008-05-01 00:46 . 2008-05-01 00:46 56 --ah----- C:\ProgramData\ezsidmv.dat
2008-05-01 00:45 . 2008-05-01 00:45 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-04-29 18:53 . 2008-04-29 18:53 <DIR> d-------- C:\Users\Minerálka\Program Files
2008-04-29 18:53 . 2008-04-29 18:53 <DIR> d-------- C:\Users\Minerálka\Program Files
2008-04-29 18:18 . 2008-05-13 13:29 <DIR> d-------- C:\Users\Minerálka\AppData\Roaming\BitTorrent
2008-04-29 18:18 . 2008-04-29 18:18 <DIR> d-------- C:\Program Files\DNA
2008-04-29 18:18 . 2008-04-29 18:53 <DIR> d-------- C:\Program Files\BitTorrent
2008-04-29 18:10 . 2008-04-29 18:20 <DIR> d-------- C:\Users\Minerálka\AppData\Roaming\Azureus
2008-04-29 18:10 . 2008-04-29 18:10 <DIR> d-------- C:\Users\All Users\Azureus
2008-04-29 18:10 . 2008-04-29 18:10 <DIR> d-------- C:\ProgramData\Azureus
2008-04-29 13:42 . 2008-04-29 13:42 <DIR> d-------- C:\Users\Minerálka\AppData\Roaming\Sierra Entertainment
2008-04-29 13:42 . 2008-04-29 13:42 <DIR> d-------- C:\Users\Miner
2008-04-29 07:41 . 2008-04-29 07:41 <DIR> d-------- C:\Windows\System32\AGEIA
2008-04-29 07:41 . 2008-04-29 07:41 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-04-27 21:14 . 2008-04-27 21:14 <DIR> d-------- C:\Program Files\GameHouse
2008-04-26 20:13 . 2008-04-26 20:13 226,270,103 --a------ C:\Windows\MEMORY.DMP
2008-04-26 20:09 . 2008-04-26 20:09 <DIR> d-------- C:\Users\Minerálka\AppData\Roaming\InstallShield
2008-04-25 14:12 . 2008-04-25 14:12 <DIR> d-------- C:\Users\Minerálka\AppData\Roaming\GHISLER
2008-04-25 14:12 . 2008-04-25 14:12 <DIR> d-------- C:\totalcmd
2008-04-25 14:12 . 2008-04-22 07:03 545 --a------ C:\Windows\UC.PIF
2008-04-25 14:12 . 2008-04-22 07:03 545 --a------ C:\Windows\RAR.PIF
2008-04-25 14:12 . 2008-04-22 07:03 545 --a------ C:\Windows\PKZIP.PIF
2008-04-25 14:12 . 2008-04-22 07:03 545 --a------ C:\Windows\PKUNZIP.PIF
2008-04-25 14:12 . 2008-04-22 07:03 545 --a------ C:\Windows\NOCLOSE.PIF
2008-04-25 14:12 . 2008-04-22 07:03 545 --a------ C:\Windows\LHA.PIF
2008-04-25 14:12 . 2008-04-22 07:03 545 --a------ C:\Windows\ARJ.PIF
2008-04-23 16:19 . 2008-04-23 16:19 <DIR> d-------- C:\Program Files\Movie Maker 2.6
2008-04-23 16:04 . 2008-04-23 19:53 <DIR> d-------- C:\Program Files\Solveig Multimedia
2008-04-22 23:16 . 2008-04-22 23:16 <DIR> d-------- C:\Users\Minerálka\AppData\Roaming\iWin
2008-04-22 13:59 . 2008-03-05 15:56 3,786,760 --a------ C:\Windows\System32\D3DX9_37.dll
2008-04-22 13:59 . 2008-03-05 15:56 1,420,824 --a------ C:\Windows\System32\D3DCompiler_37.dll
2008-04-22 13:59 . 2008-03-05 16:03 479,752 --a------ C:\Windows\System32\XAudio2_0.dll
2008-04-22 13:59 . 2008-02-05 23:07 462,864 --a------ C:\Windows\System32\d3dx10_37.dll
2008-04-22 13:59 . 2008-03-05 16:03 238,088 --a------ C:\Windows\System32\xactengine3_0.dll
2008-04-22 13:59 . 2008-03-05 16:00 25,608 --a------ C:\Windows\System32\X3DAudio1_3.dll
2008-04-22 13:57 . 2008-04-22 13:59 <DIR> d--h----- C:\Windows\msdownld.tmp
2008-04-22 13:57 . 2008-04-23 19:51 <DIR> d-------- C:\Program Files\Visions
2008-04-21 16:33 . 2008-04-21 16:33 <DIR> d-------- C:\Program Files\Batch Image Resizer
2008-04-20 22:45 . 2008-04-20 22:45 <DIR> d-------- C:\Program Files\Steam
2008-04-20 22:40 . 2008-05-05 15:43 <DIR> d-------- C:\Program Files\Counter-Strike
2008-04-18 18:07 . 2008-04-18 22:16 <DIR> d-------- C:\StrongDC++
2008-04-16 23:06 . 2008-05-12 15:21 <DIR> d-------- C:\Users\All Users\eMule
2008-04-16 23:06 . 2008-05-12 15:21 <DIR> d-------- C:\ProgramData\eMule
2008-04-14 03:01 . 2008-04-14 03:01 8,888 --a------ C:\Windows\System32\RacUR.xml
2008-04-14 03:01 . 2008-04-14 03:01 150 --a------ C:\Windows\System32\RacUREx.xml

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 13:47 2,097,152 --sha-w C:\Users\Minerálka\NTUSER.DAT
2008-05-13 13:47 2,097,152 --sha-w C:\Users\Minerálka\NTUSER.DAT
2008-05-13 12:00 --------- d---a-w C:\ProgramData\TEMP
2008-05-13 11:29 --------- d-----w C:\Users\Minerálka\AppData\Roaming\BitTorrent
2008-05-13 09:00 --------- d-----w C:\Users\Minerálka\AppData\Roaming\Spyware Terminator
2008-05-13 05:13 --------- d-----w C:\Program Files\Spyware Terminator
2008-05-12 14:54 --------- d-----w C:\Users\Minerálka\AppData\Roaming\Skype
2008-05-12 14:19 --------- d-----w C:\Users\Minerálka\AppData\Roaming\skypePM
2008-05-12 12:54 --------- d-----w C:\Program Files\eMule
2008-05-12 12:00 --------- d-----w C:\Users\Minerálka\AppData\Roaming\Ashampoo
2008-05-12 11:58 --------- d-----w C:\Program Files\Ashampoo
2008-05-12 11:47 --------- d-----w C:\ProgramData\Spyware Terminator
2008-05-12 05:52 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-10 14:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 21:21 --------- d-----w C:\Program Files\Java
2008-05-09 10:39 --------- d-----w C:\Users\Minerálka\AppData\Roaming\Mozilla
2008-05-05 13:23 --------- d--h--r C:\Users\Minerálka\AppData\Roaming\SecuROM
2008-05-05 05:36 --------- d-s---w C:\Users\Minerálka\AppData\Roaming\Microsoft
2008-05-04 20:21 --------- d-----w C:\Users\Minerálka\AppData\Roaming\Adobe
2008-05-03 20:36 --------- d-----w C:\Users\Minerálka\AppData\Roaming\OpenOffice.org2
2008-05-03 20:31 --------- d-----w C:\Program Files\uTorrent
2008-05-02 15:31 --------- d-----w C:\Users\Minerálka\AppData\Roaming\Google
2008-05-01 16:05 141,312 ----a-w C:\Windows\system32\drivers\sp_rsdrv2.sys
2008-05-01 11:33 --------- d-----w C:\Program Files\Last.fm
2008-04-29 16:20 --------- d-----w C:\Users\Minerálka\AppData\Roaming\Azureus
2008-04-29 16:17 --------- d-----w C:\Program Files\BitComet
2008-04-29 11:42 --------- d-----w C:\Users\Minerálka\AppData\Roaming\Sierra Entertainment
2008-04-29 05:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-28 20:17 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-04-26 18:09 --------- d-----w C:\Users\Minerálka\AppData\Roaming\InstallShield
2008-04-25 12:12 --------- d-----w C:\Users\Minerálka\AppData\Roaming\GHISLER
2008-04-22 21:16 --------- d-----w C:\Users\Minerálka\AppData\Roaming\iWin
2008-04-19 19:51 --------- d-----w C:\Users\Minerálka\AppData\Roaming\Hamachi
2008-04-19 09:25 --------- d-----w C:\ProgramData\Microsoft Games
2008-04-10 01:15 --------- d-----w C:\Program Files\Windows Mail
2008-04-10 01:07 944,184 ----a-w C:\Windows\System32\winload.exe
2008-04-10 01:07 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-04-10 01:07 620,088 ----a-w C:\Windows\System32\ci.dll
2008-04-10 01:07 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-04-10 01:07 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-04-10 01:07 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-04-10 01:07 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-04-10 01:07 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-04-10 01:07 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-04-10 01:06 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-04-10 01:05 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-04-10 01:04 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-04-10 01:04 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-04-10 01:02 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-10 01:02 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-10 01:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-10 01:02 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-10 01:01 99,840 ----a-w C:\Windows\System32\poqexec.exe
2008-04-07 19:18 --------- d-----w C:\ProgramData\Fugazo
2008-04-04 20:33 --------- d-----w C:\Users\Minerálka\AppData\Roaming\DAEMON Tools
2008-04-04 20:04 --------- d-----w C:\Users\Minerálka\AppData\Roaming\URSoft
2008-04-04 20:04 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-04-04 19:09 --------- d-----w C:\Users\Minerálka\AppData\Roaming\Winamp
2008-04-04 17:20 --------- d-----w C:\Users\Minerálka\AppData\Roaming\QIP
2008-04-04 16:37 --------- d-----w C:\Users\Minerálka\AppData\Roaming\WinRAR
2008-04-04 16:37 --------- d-----w C:\Users\Minerálka\AppData\Roaming\GRETECH
2008-04-04 15:56 --------- d-----w C:\ProgramData\ESET
2008-04-04 15:29 --------- d-----w C:\Users\Minerálka\AppData\Roaming\Opera
2008-04-04 15:29 --------- d-----w C:\Program Files\Opera
2008-04-04 15:19 --------- d-----w C:\ProgramData\Symantec
2008-04-04 15:19 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-04 15:18 --------- d-----w C:\Users\Minerálka\AppData\Roaming\Macromedia
2008-04-04 15:16 --------- d-----w C:\Users\Minerálka\AppData\Roaming\PC Suite
2008-04-04 15:16 --------- d-----w C:\Users\Minerálka\AppData\Roaming\Identities
2008-04-04 15:05 --------- d-----w C:\Users\oem.oem-PC\AppData\Roaming\PC Suite
2008-04-04 15:04 --------- d-----w C:\Users\oem.oem-PC\AppData\Roaming\Spyware Terminator
2008-04-04 15:04 --------- d-----w C:\Users\oem.oem-PC\AppData\Roaming\Nokia
2008-04-01 19:28 --------- d-----w C:\Program Files\Common Files\Microsoft Games
2008-03-29 23:33 4,608 ----a-w C:\Windows\System32\w95inf32.dll
2008-03-29 23:33 2,272 ----a-w C:\Windows\System32\w95inf16.dll
2008-03-29 23:06 --------- d-----w C:\Program Files\Hamachi
2008-03-29 23:05 17,480 ----a-w C:\Windows\system32\drivers\hamachi.sys
2008-03-27 21:52 --------- d-----w C:\Program Files\Nokia
2008-03-27 21:52 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-03-27 21:52 --------- d-----w C:\Program Files\Common Files\Nokia
2008-03-27 21:51 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-03-21 20:04 1,582,904 ----a-w C:\Windows\WANEUninstaller.exe
2008-03-21 11:29 47,104 ----a-w C:\Windows\System32\KMVIDC32.DLL
2008-03-19 21:09 --------- d-----w C:\ProgramData\Last.fm
2008-03-19 17:34 --------- d-----w C:\ProgramData\Aliasworlds
2008-03-18 18:45 --------- d-----w C:\ProgramData\PlayFirst
2008-03-17 19:52 --------- d-----w C:\ProgramData\PlayfulAge
2008-03-17 19:41 --------- d-----w C:\ProgramData\Playrix Entertainment
2008-03-17 18:54 --------- d-----w C:\Program Files\Unity
2008-03-16 19:04 --------- d-----w C:\Program Files\Penguins Journey
2008-03-16 19:00 --------- d-----w C:\ProgramData\VisualShape
2008-03-16 09:18 --------- d-----w C:\ProgramData\Ubisoft
2008-03-16 09:07 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-14 16:10 --------- d-----w C:\ProgramData\EscapeTheMuseum
2008-03-13 14:52 33,800 ----a-w C:\Windows\system32\drivers\epfwtdir.sys
2008-03-13 14:44 29,704 ----a-w C:\Windows\system32\drivers\easdrv.sys
2008-03-13 14:43 40,456 ----a-w C:\Windows\system32\drivers\eamon.sys
2008-03-11 13:17 74,752 ----a-w C:\Windows\ST6UNST.EXE
2008-03-11 13:17 253,952 ------w C:\Windows\Setup1.exe
2008-03-02 16:26 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-04-28 23:14 4608]
"OEXPRESS"="C:\Windows\OETRN.EXE" [2008-05-01 17:59 26624]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 12:39 4702208 C:\Windows\RtHDVCpl.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Skytel"="Skytel.exe" [2007-08-03 07:22 1826816 C:\Windows\SkyTel.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-13 08:57 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-13 08:57 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-13 08:57 81920]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2007-11-17 02:20 91432]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-01 18:05 1817600]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

C:\Users\oem.oem-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-03-19 22:55:35 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7F60A19F-348E-4805-8327-E137CE763993}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A845D391-A9A8-4F58-BA50-6D49201BBF6F}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{28D54E1E-820D-4475-9164-33CEB6A02827}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{66E21713-723D-4967-B837-3395D9269800}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{EA38F9BA-0A9C-4A97-8C76-9268B0DCDAD0}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{6687039F-7FA1-4A87-B499-B179B712203B}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{DA5BAAED-1C8A-4A68-A950-0DDA211314E8}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{605E059C-F18E-4BB3-9D2B-1B37FB8467A0}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{A6B75C58-90D1-40B5-A499-0196B76AA351}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{80D5112E-5EBE-4BDC-AC4D-3CDF87B4DEA9}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{3772A7C1-25A6-4646-BB6B-0637FCB5DE72}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{40BEEA7E-403B-4D4A-851E-BB62CAFD1FA9}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{D00A2402-5687-4A5C-A3A2-AA24395B97F6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{9A3D4F66-DFCA-449D-B2C5-70B9C2024DBA}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{806C95C5-1039-42B5-BE61-DD4DF62573F2}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{0A75E158-39B0-4F9A-8960-E320CED2CDC4}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{38114A57-5268-4270-A418-021826F1DFFB}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{25A45380-13F4-44AF-8209-20D7A2E740D4}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{182B4780-92E3-4C86-9BD6-A38CFF7D1437}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{3D8A765C-4FD4-4B5A-B648-1C8F2177D94B}"= C:\Program Files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{791DE10D-712A-46E8-ADCA-F3C989BF89D9}"= UDP:C:\HRY\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{BDA4AE7D-131E-40CC-BFB9-BFE0B7ABA7B8}"= TCP:C:\HRY\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{1632E665-A467-42E6-9627-D5A5D4AF98E3}"= UDP:C:\HRY\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{6B5221F7-C950-40B2-8F1C-5AE204AE8EB2}"= TCP:C:\HRY\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{A54E8448-4347-4DD5-94A1-17B381BE9C49}"= UDP:C:\HRY\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{F3C0361C-5CA2-49A0-B846-519AABED1115}"= TCP:C:\HRY\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{45303A8D-8A30-4046-8CD5-FB6878B98EDC}"= UDP:C:\HRY\Pollux Gamelabs\Lost Empire - Immortals\LostEmpire.exe:Lost Empire - Immortals
"{FF5AAD95-BAC0-478D-B956-9826B78015E9}"= TCP:C:\HRY\Pollux Gamelabs\Lost Empire - Immortals\LostEmpire.exe:Lost Empire - Immortals
"{A3DA7F9A-FA98-447F-9B93-EBDD19B6DB15}"= UDP:C:\HRY\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{AE8BF7AF-ECAF-496C-BF5C-63D3C0F69747}"= TCP:C:\HRY\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"TCP Query User{5BDC60BF-808C-4C91-AD20-1A058AE947F7}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{F76FCF68-EBE6-4959-BD80-E9D571163B2C}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{E5A898C8-0933-4CC7-A13D-B64534BCDBEE}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{A18EB6E2-CA46-46E2-B828-ABA696720337}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{DB354825-1744-4084-98E6-F5DF11328DB7}C:\\hry\\tony hawk's underground 2\\game\\thug2.exe"= UDP:C:\hry\tony hawk's underground 2\game\thug2.exe:THUG2
"UDP Query User{19154113-335D-437D-B7DA-B08705F577C4}C:\\hry\\tony hawk's underground 2\\game\\thug2.exe"= TCP:C:\hry\tony hawk's underground 2\game\thug2.exe:THUG2
"TCP Query User{8B85D333-FC72-4B97-9D67-BC6210D041F0}C:\\hry\\ubisoft\\heroes of might and magic v\\bin\\h5_game.exe"= UDP:C:\hry\ubisoft\heroes of might and magic v\bin\h5_game.exe:Heroes of Might and Magic V
"UDP Query User{8115F986-3A87-4A66-B5EC-BF797F5CFCEC}C:\\hry\\ubisoft\\heroes of might and magic v\\bin\\h5_game.exe"= TCP:C:\hry\ubisoft\heroes of might and magic v\bin\h5_game.exe:Heroes of Might and Magic V
"TCP Query User{344A6933-773B-4A33-BC4B-6112E31B7002}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{9014F564-ED35-41C1-AAD7-1668B2A84FCD}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{690B025E-8F06-47BC-9FDD-04854F649D26}C:\\users\\minerálka\\desktop\\caunter\\cstrike.exe"= UDP:C:\users\minerálka\desktop\caunter\cstrike.exe:cstrike.exe
"UDP Query User{80129768-074B-454A-BCF6-BFDF0C8C8614}C:\\users\\minerálka\\desktop\\caunter\\cstrike.exe"= TCP:C:\users\minerálka\desktop\caunter\cstrike.exe:cstrike.exe
"TCP Query User{D2A6FC75-6E23-4705-A5E4-413FB52972B9}C:\\program files\\qip infium\\infium.exe"= UDP:C:\program files\qip infium\infium.exe:QIP Infium Beta
"UDP Query User{5B8655C5-E3F6-4ACE-A76C-BFDBBFD093C9}C:\\program files\\qip infium\\infium.exe"= TCP:C:\program files\qip infium\infium.exe:QIP Infium Beta
"TCP Query User{0EF470AC-2F2E-43D4-A0DC-68803C08457D}C:\\users\\minerálka\\desktop\\caunter\\hl.exe"= UDP:C:\users\minerálka\desktop\caunter\hl.exe:hl.exe
"UDP Query User{58AA619C-ECDB-4609-A35F-4C1A3D05307B}C:\\users\\minerálka\\desktop\\caunter\\hl.exe"= TCP:C:\users\minerálka\desktop\caunter\hl.exe:hl.exe
"TCP Query User{16EAF848-8E9D-4882-93ED-88A76773E419}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{41EC68E1-E1A9-4082-A795-68976A9093B0}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"TCP Query User{6E27EC9C-3FA5-4888-AE32-B31B6272A8A1}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{DFA20ABA-8D8F-4638-B0BA-0946D4876B3D}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{CA57A9D1-8E5A-4316-A930-C86956FE47D2}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{CF111C1F-C647-41AF-94D8-F7AC665281AE}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{717B7ABD-C62C-4D7E-8D72-762C10E4E86F}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{212F67DD-7F1A-498E-AC58-18D1EC89D2BF}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"TCP Query User{8FC4E26D-16BB-4371-9798-450AA114FBF3}C:\\users\\minerálka\\appdata\\local\\temp\\rar$ex00.963\\strongdc.exe"= UDP:C:\users\minerálka\appdata\local\temp\rar$ex00.963\strongdc.exe:strongdc.exe
"UDP Query User{89B38143-52E6-49B9-9316-0220C0B4A267}C:\\users\\minerálka\\appdata\\local\\temp\\rar$ex00.963\\strongdc.exe"= TCP:C:\users\minerálka\appdata\local\temp\rar$ex00.963\strongdc.exe:strongdc.exe
"TCP Query User{F002EAC0-1060-4BE3-84E6-8472A1FD5400}C:\\program files\\strong dc++\\strongdc.exe"= UDP:C:\program files\strong dc++\strongdc.exe:StrongDC++
"UDP Query User{8A4B13BE-AFB1-4145-8B03-8588E2306D02}C:\\program files\\strong dc++\\strongdc.exe"= TCP:C:\program files\strong dc++\strongdc.exe:StrongDC++
"TCP Query User{360C7E05-C7FF-43F9-BF03-D2E79888273E}C:\\strongdc++\\strongdc.exe"= UDP:C:\strongdc++\strongdc.exe:StrongDC++
"UDP Query User{A4E5EB42-C2AB-4CFC-90E2-960D876F5304}C:\\strongdc++\\strongdc.exe"= TCP:C:\strongdc++\strongdc.exe:StrongDC++
"TCP Query User{884B2C0D-433C-4E6F-999A-C1AA33D61920}C:\\users\\minerálka\\desktop\\cs 1.6\\cstrike.exe"= UDP:C:\users\minerálka\desktop\cs 1.6\cstrike.exe:cstrike.exe
"UDP Query User{3B7D23DD-39EA-4D78-9143-A708D3136BE4}C:\\users\\minerálka\\desktop\\cs 1.6\\cstrike.exe"= TCP:C:\users\minerálka\desktop\cs 1.6\cstrike.exe:cstrike.exe
"TCP Query User{2C0F06EF-1890-4C48-B318-E760BF9E5A0E}C:\\users\\minerálka\\desktop\\cs 1.6\\hl.exe"= UDP:C:\users\minerálka\desktop\cs 1.6\hl.exe:hl.exe
"UDP Query User{53EF475B-F90B-48E1-AC9D-55970A1A64B0}C:\\users\\minerálka\\desktop\\cs 1.6\\hl.exe"= TCP:C:\users\minerálka\desktop\cs 1.6\hl.exe:hl.exe
"TCP Query User{406FC4DF-F62D-44D9-AC09-7651B1A00112}C:\\hry\\counter-strike\\hl.exe"= UDP:C:\hry\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{E7EC6A80-4E9C-4BC4-8125-17769E53F649}C:\\hry\\counter-strike\\hl.exe"= TCP:C:\hry\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{D04BC04A-41B2-434C-A56C-E36751944BBF}C:\\program files\\counter-strike\\hl.exe"= UDP:C:\program files\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{1B098C28-5053-44B8-9342-8DBDB4E7EAD9}C:\\program files\\counter-strike\\hl.exe"= TCP:C:\program files\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{B250D2EF-68A4-4539-868E-C1D36F8AEACD}C:\\hry\\worms armageddon - new edition\\wa.exe"= UDP:C:\hry\worms armageddon - new edition\wa.exe:Worms Armageddon
"UDP Query User{206A53F8-CB45-41C7-AF33-B0EEB7BBC54D}C:\\hry\\worms armageddon - new edition\\wa.exe"= TCP:C:\hry\worms armageddon - new edition\wa.exe:Worms Armageddon
"TCP Query User{1FB42958-AA4E-42C2-9B79-C39A6D44EAC2}C:\\hry\\counter-strike source\\hl2.exe"= UDP:C:\hry\counter-strike source\hl2.exe:hl2
"UDP Query User{EF23F72B-63B1-4615-A8C0-84235266D6A6}C:\\hry\\counter-strike source\\hl2.exe"= TCP:C:\hry\counter-strike source\hl2.exe:hl2
"{A847B3C4-3CB1-4189-B88A-83EDFA145658}"= UDP:10030:BitComet 10030 TCP
"{1CFF84D5-0D65-477F-B510-53209133A8B7}"= TCP:10030:BitComet 10030 UDP
"TCP Query User{0BE7AA76-867E-44EB-B9BE-5B1D274D11C2}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{2155E340-A528-4F23-B951-918F19EC9CD9}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{20AD6E3F-C2B4-44FC-A034-7B0922D5E9DF}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{F97C8889-F8D6-4D65-A52E-63680935D2F3}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{836813A8-8F30-414E-9481-0E6F2E606D63}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{C5D6769E-211D-4144-9D7F-F845848D27EB}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{A2603CC5-EF89-4809-809F-3DFCBD157747}C:\\users\\minerálka\\program files\\dna\\btdna.exe"= UDP:C:\users\minerálka\program files\dna\btdna.exe:btdna.exe
"UDP Query User{34DED444-2A48-4E93-ABF0-F0FA7F31BE45}C:\\users\\minerálka\\program files\\dna\\btdna.exe"= TCP:C:\users\minerálka\program files\dna\btdna.exe:btdna.exe
"{E983E069-78F1-4CFC-83FF-5ACFBC82820E}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{DA8DA637-40DE-4F47-9001-1EB50A378B04}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{57E56020-A635-4B90-AF5A-A3AE1EDDE3B2}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"TCP Query User{034C7DB9-B8C5-4608-957A-7F5D200102F1}C:\\users\\minerálka\\program files\\dna\\btdna.exe"= UDP:C:\users\minerálka\program files\dna\btdna.exe:btdna.exe
"UDP Query User{95108D4B-4467-4F77-B854-F7658E3EC780}C:\\users\\minerálka\\program files\\dna\\btdna.exe"= TCP:C:\users\minerálka\program files\dna\btdna.exe:btdna.exe
"{74D7CDEF-E93C-432E-89FC-F89AE0510F70}"= UDP:C:\HRY\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{D2A83225-CDB3-4349-911E-A35CBEB72CEA}"= TCP:C:\HRY\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"TCP Query User{B49CC18E-A8B6-4333-830A-AF5CDDFF8576}C:\\cs\\hl.exe"= UDP:C:\cs\hl.exe:Half-Life Launcher
"UDP Query User{D2374F27-2DB6-44C1-9D7F-B0E2222E303A}C:\\cs\\hl.exe"= TCP:C:\cs\hl.exe:Half-Life Launcher
"TCP Query User{9EBE99D1-0502-4D7C-92D4-D12520C021FD}C:\\cs\\hlds.exe"= UDP:C:\cs\hlds.exe:HLDS Launcher
"UDP Query User{E47E4BE0-D5F3-43CD-A544-6495ABDA84BE}C:\\cs\\hlds.exe"= TCP:C:\cs\hlds.exe:HLDS Launcher
"TCP Query User{740EB043-15D1-47C6-86DE-FEE10DF0FA15}C:\\cs s\\hl2.exe"= UDP:C:\cs s\hl2.exe:hl2
"UDP Query User{E0F95D1D-46C6-4D25-868B-E8779FD2ED7D}C:\\cs s\\hl2.exe"= TCP:C:\cs s\hl2.exe:hl2
"{9B49BE1B-90F2-4E2D-B4B8-071F6CBED4F2}"= UDP:C:\CS\cstrike.exe:Counter-Strike 1.6
"{9A892455-42C2-4908-BFD3-3AD09AD871CB}"= TCP:C:\CS\cstrike.exe:Counter-Strike 1.6
"TCP Query User{14C203BE-33AD-42B5-82E3-4711908CE9B7}C:\\cs\\hl.exe"= UDP:C:\cs\hl.exe:Half-Life Launcher
"UDP Query User{494AB8CD-B03D-4EBC-B222-965C222998AE}C:\\cs\\hl.exe"= TCP:C:\cs\hl.exe:Half-Life Launcher
"TCP Query User{E122F611-77F0-4AF7-8426-B1C6D62214EA}C:\\qip\\qip.exe"= UDP:C:\qip\qip.exe:Quiet Internet Pager
"UDP Query User{014E0651-761B-45D1-A37E-271983A81B9A}C:\\qip\\qip.exe"= TCP:C:\qip\qip.exe:Quiet Internet Pager

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R1 PSched;Plánovač paketů technologie QoS;C:\Windows\system32\DRIVERS\pacer.sys [2007-11-02 15:58]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\system32\drivers\sp_rsdrv2.sys [2008-05-01 18:05]
R2 acedrv11;acedrv11;C:\Windows\system32\drivers\acedrv11.sys [2008-01-23 10:19]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
S3 gdrv;gdrv;C:\Windows\gdrv.sys [2008-02-27 20:44]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 []
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-11 23:11]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-13 13:45:00 C:\Windows\Tasks\User_Feed_Synchronization-{3351F03D-A165-475D-BD0A-22FAB31AB5E2}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 15:47:23
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-13 15:48:28
ComboFix-quarantined-files.txt 2008-05-13 13:48:19

Adresářů: 18, Volných bajtů: 160,591,978,496
Adresářů: 24, Volných bajtů: 170,526,879,744

436 --- E O F --- 2008-05-13 01:01:55

[fredik]

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi comobofix a /u musí být mezera

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Vypadá to že máš upraveného Noda. Pokud je tomu tak, tak bych ti doporučil ho odinstalovat a případně sáhnout po některé z free verzi antiviru.

Pokud ještě používáš BearShare tak bych ti taky doporučil ho odinstalovat.

Smaž tyto dva adresáře/složky:
C:\Users\All Users\SuspenzorPC
C:\ProgramData\SuspenzorPC

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >

Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Stáhni si a spusť T-cleaner a postupuj podle instrukcí.
- případně můžeš také pročistit Pc od dočasných souborů např. pomocí: CCleaner

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

V následujícím příspěvku sem vlož tyto logy/výsledky:
- log z SUPERAntiSpyware
- nový log z HJT