Pomalé PC

[nanovo]

Prosím o kontrolu - PC je pomalé, na obrazovke ostávajú po zavretí okná, problém s pripájaním na internet – stále hľadá zariadenie,alebo píše, že je zaneprázdnené a pripojiť sa dá len po reštarte.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:37:00, on 27.4.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe
C:\Program Files\ToolKitService\ToolkitService.exe
C:\windows\system32\wuauclt.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\windows\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe
C:\windows\system32\RunDLL32.exe
C:\Program Files\Hi Suite\Hi Suite.exe
C:\Program Files\CardDetector\HUAWEIX70\CardDetector.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\OrangeBS\BEWInternetSK\Launcher\Launcher.exe
C:\Program Files\ToolKitService\tktray.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OrangeBS\BEWInternetSK\systray\systrayapp.exe
C:\Program Files\OrangeBS\BEWInternetSK\connectivity\connectivitymanager.exe
C:\Program Files\OrangeBS\BEWInternetSK\PhoneTools\TextMessaging.exe
C:\Program Files\OrangeBS\BEWInternetSK\Deskboard\deskboard.exe
C:\Program Files\OrangeBS\BEWInternetSK\connectivity\CoreCom\CoreCom.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\7\FTCOMModule.exe
C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
C:\Program Files\Hi Suite\ADB\adb.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\OrangeBS\BEWInternetSK\connectivity\CoreCom\OraConfigRecover.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Desktop\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2269050
R3 - URLSearchHook: (no name) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - (no file)
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
O2 - BHO: C:\Program Files\2YourFace\bho.dll - {1185823F-F22F-4027-80E5-4F68ACD5DE5E} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: ToolKit IE Helper - {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - C:\Program Files\ToolKitService\splash.dll
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
O2 - BHO: (no name) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O3 - Toolbar: (no name) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - (no file)
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: eToolKit Toolbar - {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - C:\Program Files\ToolKitService\toolbar.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [DelReg] C:\Program Files\MSI\DualCoreCenter\DelReg.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [bgsmsnd.exe] C:\windows\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [Mobile Partner] C:\Program Files\Hi Suite\Hi Suite.exe -s
O4 - HKLM\..\Run: [CardDetectorHUAWEIX70] C:\Program Files\CardDetector\HUAWEIX70\CardDetector.exe
O4 - HKLM\..\Run: [BEWINTERNET-SKSessionManager] C:\Program Files\OrangeBS\BEWInternetSK\SessionManager\SessionManager.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [tktray] C:\Program Files\ToolKitService\tktray.exe
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_] "C:\Program Files\Hi Suite\UpdateDog\ouc.exe"
O4 - HKUS\S-1-5-21-1078081533-1682526488-682003330-1013\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4B2C923-8E94-4116-B9D9-F48831E7A54A}: NameServer = 213.151.200.30 213.151.208.161
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\windows\system32\sfrem01.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Toolkit Service (ToolkitSvc) - ToolKit Development, Ltd. - C:\Program Files\ToolKitService\ToolkitService.exe

--
End of file - 9978 bytes

[Rudy]

Poprosím o log RSIT: http://forum.viry.cz/viewtopic.php?f=13&t=105895 .

[nanovo]

Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2012-04-27 20:24:27
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 61 GB (64%) free of 96 GB
Total RAM: 2047 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:24:34, on 27.4.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe
C:\Program Files\ToolKitService\ToolkitService.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\windows\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe
C:\windows\system32\RunDLL32.exe
C:\Program Files\Hi Suite\Hi Suite.exe
C:\Program Files\CardDetector\HUAWEIX70\CardDetector.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\OrangeBS\BEWInternetSK\Launcher\Launcher.exe
C:\Program Files\ToolKitService\tktray.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OrangeBS\BEWInternetSK\systray\systrayapp.exe
C:\Program Files\OrangeBS\BEWInternetSK\connectivity\connectivitymanager.exe
C:\Program Files\OrangeBS\BEWInternetSK\PhoneTools\TextMessaging.exe
C:\Program Files\OrangeBS\BEWInternetSK\Deskboard\deskboard.exe
C:\Program Files\OrangeBS\BEWInternetSK\connectivity\CoreCom\CoreCom.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\7\FTCOMModule.exe
C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
C:\Program Files\Hi Suite\ADB\adb.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\OrangeBS\BEWInternetSK\connectivity\CoreCom\OraConfigRecover.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Desktop\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2269050
R3 - URLSearchHook: (no name) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - (no file)
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
O2 - BHO: C:\Program Files\2YourFace\bho.dll - {1185823F-F22F-4027-80E5-4F68ACD5DE5E} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: ToolKit IE Helper - {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - C:\Program Files\ToolKitService\splash.dll
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
O2 - BHO: (no name) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O3 - Toolbar: (no name) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - (no file)
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: eToolKit Toolbar - {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - C:\Program Files\ToolKitService\toolbar.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [DelReg] C:\Program Files\MSI\DualCoreCenter\DelReg.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [bgsmsnd.exe] C:\windows\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [Mobile Partner] C:\Program Files\Hi Suite\Hi Suite.exe -s
O4 - HKLM\..\Run: [CardDetectorHUAWEIX70] C:\Program Files\CardDetector\HUAWEIX70\CardDetector.exe
O4 - HKLM\..\Run: [BEWINTERNET-SKSessionManager] C:\Program Files\OrangeBS\BEWInternetSK\SessionManager\SessionManager.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [tktray] C:\Program Files\ToolKitService\tktray.exe
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_] "C:\Program Files\Hi Suite\UpdateDog\ouc.exe"
O4 - HKUS\S-1-5-21-1078081533-1682526488-682003330-1013\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4B2C923-8E94-4116-B9D9-F48831E7A54A}: NameServer = 213.151.200.30 213.151.208.161
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\windows\system32\sfrem01.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Toolkit Service (ToolkitSvc) - ToolKit Development, Ltd. - C:\Program Files\ToolKitService\ToolkitService.exe

--
End of file - 9945 bytes

======Scheduled tasks folder======

C:\windows\tasks\Google Software Updater.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1682526488-682003330-1004Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1682526488-682003330-1004UA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\wq29b75l.default

prefs.js - "browser.startup.homepage" - "about:home"
prefs.js - "extensions.enabledItems" - "xmlfiller@software602.cz:3.16.2, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, {20a82645-c095-46ed-80e3-08825760534b}:0.0.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]
"Description"=ZoneAlarm Toolbar Api
"Path"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pack.google.com/Google Updater;version=14]
"Description"=Google Updater
"Path"=C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
xmlfiller@software602.cz
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIFillerPlugin.xpt
nsILegitCheckPlugin.xpt
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npfiller.dll
npLegitCheckPlugin.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
fcmdSrch.xml
google.xml
slovnik-sk.xml
toolkitsearch.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\wq29b75l.default\extensions\
engine@conduit.com
xmlfiller@software602.cz
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70EA269E-56DF-49C2-86B2-1A1924ED88B4}]
ToolKit IE Helper - C:\Program Files\ToolKitService\splash.dll [2011-12-26 109640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2011-01-16 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{9384bd4c-dd14-4be9-80f7-f6277511e4f5}
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
{D3B22A92-87A2-47b6-B3E6-A64877B5C242} - eToolKit Toolbar - C:\Program Files\ToolKitService\toolbar.dll [2011-12-30 875592]
{872b5b88-9db5-4310-bdd0-ac189557e5f5} - DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\windows\RTHDCPL.EXE [2008-09-30 16864768]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-05-16 213936]
"DelReg"=C:\Program Files\MSI\DualCoreCenter\DelReg.exe [2008-05-13 196608]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-10-07 1461080]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"bgsmsnd.exe"=C:\windows\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe [2006-06-02 106496]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"NvCplDaemon"=C:\windows\system32\NvCpl.dll [2011-12-17 15467840]
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2011-12-17 1634112]
"Mobile Partner"=C:\Program Files\Hi Suite\Hi Suite.exe [2012-03-24 518656]
"CardDetectorHUAWEIX70"=C:\Program Files\CardDetector\HUAWEIX70\CardDetector.exe [2008-02-04 278528]
"BEWINTERNET-SKSessionManager"=C:\Program Files\OrangeBS\BEWInternetSK\SessionManager\SessionManager.exe [2008-02-01 107248]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-08 133104]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-10-11 1961984]
"ctfmon.exe"=C:\windows\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-01-16 39408]
"tktray"=C:\Program Files\ToolKitService\tktray.exe [2012-01-23 453712]
"HW_OPENEYE_OUC_"=C:\Program Files\Hi Suite\UpdateDog\ouc.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\windows\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Video Accelerator]
C:\Program Files\Leawo\Video Accelerator\VideoAccelerator.exe -auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Akcelerátor spuštění AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
DualCoreCenter.lnk - C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\PROGRAMY, HRY, SUBORY\USB PROGRAMY\Anno.2070-RELOADED\Nový pr1\Files\TargetDir\AutoPatcher.exe"="D:\PROGRAMY, HRY, SUBORY\USB PROGRAMY\Anno.2070-RELOADED\Nový pr1\Files\TargetDir\AutoPatcher.exe:*:Disabled:Anno 2070 Auto-Patcher"
"D:\HRY\StarCraft II\StarCraft II.exe"="D:\HRY\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"D:\HRY\StarCraft II\Versions\Base15405\SC2.exe"="D:\HRY\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II"
"C:\Program Files\OrangeBS\BEWInternetSK\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeBS\BEWInternetSK\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\windows\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"VIDC.GTCC"=GTCODEC.DLL
"VIDC.MKVC"=KMVIDC32.DLL
"msacm.vorbis"=vorbis.acm
"wave2"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv

======File associations======

.scr - open - "C:\windows\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2012-04-22 21:03:00 ----D---- C:\Program Files\Common Files\Skype
2012-04-15 22:30:55 ----HDC---- C:\windows\$NtUninstallKB2641653$
2012-04-15 22:28:36 ----HDC---- C:\windows\$NtUninstallKB2647518$
2012-04-15 17:59:10 ----D---- C:\Documents and Settings\Admin\Application Data\PriceGong
2012-04-15 17:07:54 ----HDC---- C:\windows\$NtUninstallKB2564958$
2012-04-15 17:07:35 ----HDC---- C:\windows\$NtUninstallKB2544893-v2$
2012-04-15 17:07:30 ----HDC---- C:\windows\$NtUninstallKB2646524$
2012-04-15 17:07:24 ----HDC---- C:\windows\$NtUninstallKB2631813$
2012-04-15 17:06:59 ----HDC---- C:\windows\$NtUninstallKB2598479$
2012-04-15 17:06:15 ----HDC---- C:\windows\$NtUninstallKB2641690$
2012-04-15 17:06:07 ----HDC---- C:\windows\$NtUninstallKB2624667$
2012-04-15 17:03:10 ----HDC---- C:\windows\$NtUninstallKB2592799$
2012-04-15 17:02:53 ----HDC---- C:\windows\$NtUninstallKB2603381$
2012-04-15 17:01:48 ----HDC---- C:\windows\$NtUninstallKB2633952$
2012-04-15 17:01:45 ----HDC---- C:\windows\$NtUninstallKB2619339$
2012-04-15 17:01:29 ----HDC---- C:\windows\$NtUninstallKB2618451$
2012-04-15 17:01:03 ----HDC---- C:\windows\$NtUninstallKB2544521$
2012-04-15 17:00:58 ----HDC---- C:\windows\$NtUninstallKB2620712$
2012-04-15 17:00:54 ----HDC---- C:\windows\$NtUninstallKB2584146$
2012-04-15 17:00:46 ----HDC---- C:\windows\$NtUninstallKB2633171$
2012-04-04 21:43:22 ----D---- C:\Documents and Settings\All Users\Application Data\Mirillis
2012-04-04 21:43:22 ----D---- C:\Documents and Settings\Admin\Application Data\Mirillis
2012-04-04 21:42:55 ----D---- C:\Program Files\Mirillis
2012-04-04 21:26:22 ----DC---- C:\windows\system32\DRVSTORE
2012-04-01 15:27:18 ----A---- C:\windows\system32\drivers\irsir.sys
2012-04-01 12:19:51 ----D---- C:\Program Files\CardDetector
2012-04-01 12:04:51 ----RA---- C:\windows\system32\tmp53.tmp
2012-03-31 10:54:46 ----A---- C:\Documents and Settings\Admin\Application Data\pcouffin.sys
2012-03-31 10:54:46 ----A---- C:\Documents and Settings\Admin\Application Data\inst.exe
2012-03-30 23:06:49 ----D---- C:\Documents and Settings\Admin\Application Data\Audacity
2012-03-28 19:09:49 ----D---- C:\Program Files\Common Files\HP
2012-03-28 18:59:43 ----A---- C:\windows\hpoins09.dat

======List of files/folders modified in the last 1 month======

2012-04-27 20:24:29 ----D---- C:\Program Files\trend micro
2012-04-27 20:23:20 ----D---- C:\windows\temp
2012-04-27 20:21:16 ----D---- C:\Documents and Settings\Admin\Application Data\AIMP3
2012-04-27 20:00:33 ----A---- C:\windows\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2012-04-27 18:25:10 ----A---- C:\windows\NeroDigital.ini
2012-04-27 18:23:45 ----D---- C:\windows\Prefetch
2012-04-27 18:22:58 ----D---- C:\Documents and Settings\Admin\Application Data\vlc
2012-04-27 13:31:37 ----A---- C:\windows\ModemLog_Communications cable between two computers.txt
2012-04-27 13:31:37 ----A---- C:\windows\ModemLog_Communications cable between two computers #2.txt
2012-04-27 12:59:52 ----A---- C:\windows\SchedLgU.Txt
2012-04-27 12:55:35 ----AD---- C:\WINDOWS
2012-04-26 17:44:45 ----D---- C:\windows\system32\CatRoot2
2012-04-26 09:12:55 ----D---- C:\Documents and Settings\Admin\Application Data\Skype
2012-04-25 20:29:21 ----D---- C:\Program Files\Mozilla Firefox
2012-04-24 18:42:13 ----D---- C:\Program Files\ToolKitService
2012-04-22 21:03:05 ----SHD---- C:\windows\Installer
2012-04-22 21:03:04 ----D---- C:\Config.Msi
2012-04-22 21:03:00 ----RD---- C:\Program Files\Skype
2012-04-22 21:03:00 ----D---- C:\Program Files\Common Files
2012-04-22 21:02:58 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2012-04-20 19:03:25 ----A---- C:\windows\win.ini
2012-04-17 22:06:51 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-04-17 22:05:44 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-04-17 22:05:32 ----D---- C:\windows\system32
2012-04-17 22:04:30 ----D---- C:\Program Files\Common Files\System
2012-04-16 09:51:01 ----RSD---- C:\windows\assembly
2012-04-16 09:49:18 ----D---- C:\windows\Microsoft.NET
2012-04-16 09:44:01 ----D---- C:\Program Files\Microsoft Silverlight
2012-04-15 22:31:00 ----HD---- C:\windows\inf
2012-04-15 22:30:57 ----RSHDC---- C:\windows\system32\dllcache
2012-04-15 22:30:54 ----HD---- C:\windows\$hf_mig$
2012-04-15 22:30:43 ----A---- C:\windows\system32\PerfStringBackup.INI
2012-04-15 22:30:26 ----D---- C:\windows\WinSxS
2012-04-15 17:03:11 ----D---- C:\windows\system32\drivers
2012-04-09 12:16:06 ----D---- C:\temp
2012-04-04 21:43:02 ----SD---- C:\Documents and Settings\Admin\Application Data\Microsoft
2012-04-04 21:42:55 ----D---- C:\Program Files
2012-04-01 19:54:00 ----SD---- C:\windows\Tasks
2012-04-01 15:24:28 ----D---- C:\windows\system32\ias
2012-04-01 12:59:15 ----D---- C:\Program Files\OrangeBS
2012-04-01 12:06:16 ----D---- C:\Program Files\Artopik
2012-04-01 10:30:53 ----D---- C:\windows\Network Diagnostic
2012-03-31 20:46:38 ----D---- C:\ALFA
2012-03-31 10:55:47 ----D---- C:\Documents and Settings\Admin\Application Data\DVDVideoSoft
2012-03-31 10:54:46 ----D---- C:\Documents and Settings\Admin\Application Data\Vso
2012-03-31 10:54:17 ----HD---- C:\Program Files\InstallShield Installation Information
2012-03-28 19:08:43 ----D---- C:\Program Files\HP
2012-03-28 19:08:25 ----D---- C:\windows\twain_32
2012-03-28 17:23:31 ----D---- C:\Program Files\Hewlett-Packard

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 imagedrv;imagedrv; C:\windows\System32\Drivers\imagedrv.sys [2005-09-01 5888]
R0 imagesrv;imagesrv; C:\windows\system32\DRIVERS\imagesrv.sys [2005-09-01 127488]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\windows\System32\drivers\prohlp02.sys [2004-01-26 95552]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\windows\System32\drivers\sfdrv01.sys [2006-05-10 51200]
R0 sfhlp01;StarForce Protection Helper Driver; C:\windows\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\windows\System32\drivers\sfhlp02.sys [2006-05-10 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\windows\System32\drivers\sfsync02.sys [2005-08-10 19968]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\windows\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2010-10-22 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 easdrv;easdrv; C:\windows\system32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 epfwtdi;epfwtdi; C:\windows\system32\DRIVERS\epfwtdi.sys [2009-10-07 55256]
R1 intelppm;Intel Processor Driver; C:\windows\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\windows\System32\drivers\prodrv06.sys [2004-01-26 52224]
R2 Angelnt;Angelnt; C:\windows\System32\Drivers\ANGELNT.SYS [2012-03-08 51072]
R2 eamon;EAMON; C:\windows\system32\DRIVERS\eamon.sys [2009-10-07 40824]
R2 epfw;epfw; C:\windows\system32\DRIVERS\epfw.sys [2009-10-07 73760]
R2 irda;IrDA Protocol; C:\windows\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 NPF;NetGroup Packet Filter Driver; C:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 3xHybrid;3xHybrid service; C:\windows\system32\DRIVERS\3xHybrid.sys [2009-02-04 946816]
R3 DualCoreCenter;DualCoreCenter; \??\C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys []
R3 Epfwndis;Eset Personal Firewall; C:\windows\system32\DRIVERS\Epfwndis.sys [2009-10-07 32072]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys [2007-08-08 101120]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RtkHDAud.sys [2008-10-02 4878336]
R3 irsir;Microsoft Serial Infrared Driver; C:\windows\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Mouse HID Driver; C:\windows\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2011-12-17 13733696]
R3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\windows\system32\PCANDIS5.SYS []
R3 Rasirda;WAN Miniport (IrDA); C:\windows\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\windows\System32\Drivers\RootMdm.sys [2006-02-28 5888]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\windows\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 RushTopDevice2;RushTopDevice2; \??\C:\Program Files\MSI\DualCoreCenter\RushTop.sys []
R3 StillCam;Still Serial Digital Camera Driver; C:\windows\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 USBSTOR;USB Mass Storage Driver; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 aikj8fcn;aikj8fcn; C:\windows\system32\drivers\aikj8fcn.sys []
S3 androidusb;ADB Interface Driver; C:\windows\System32\Drivers\hwadb.sys [2010-06-24 25728]
S3 catchme;catchme; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\windows\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 DCamUSBDXGTech;Trust 350FT PowerC@m Flash (Video Camera); C:\windows\System32\Drivers\GT891x1.SYS [2001-12-11 314792]
S3 GT890x;Trust 350FT PowerC@m Flash (Still Camera); C:\windows\System32\Drivers\GT890x.SYS [2001-07-05 18088]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\windows\system32\DRIVERS\HPZid412.sys [2006-02-01 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\windows\system32\DRIVERS\HPZipr12.sys [2006-02-01 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\windows\system32\DRIVERS\HPZius12.sys [2006-02-01 21568]
S3 MPE;BDA MPE Filter; C:\windows\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\windows\system32\DRIVERS\MSIRCOMM.sys [2008-04-14 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\windows\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\windows\system32\PCAMPR5.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\windows\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 STIrUsb;SigmaTel USB-IrDA Dongle; C:\windows\system32\DRIVERS\irstusb.sys [2001-08-17 26624]
S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usb_rndisx;USB RNDIS Adapter; C:\windows\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 usbaudio;USB Audio Driver (WDM); C:\windows\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\windows\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 Wdf01000;Wdf01000; C:\windows\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-10-07 472280]
R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2008-02-01 65536]
R2 Irmon;Infrared Monitor; C:\windows\system32\svchost.exe [2008-04-14 14336]
R2 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-12-08 3616768]
R2 NVSvc;NVIDIA Driver Helper Service; C:\windows\system32\nvsvc32.exe [2011-12-17 148288]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-17 2348864]
R2 PnkBstrA;PnkBstrA; C:\windows\system32\PnkBstrA.exe [2012-02-25 66872]
R2 ToolkitSvc;Toolkit Service; C:\Program Files\ToolKitService\ToolkitService.exe [2012-01-23 687168]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-25 136176]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-22 194104]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-11-22 69632]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:\windows\system32\sfrem01.exe [2006-05-10 353912]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-11-19 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-10-07 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-25 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

[Rudy]

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Program Files\ConduitEngine
C:\Program Files\Google\GoogleToolbarNotifier
C:\windows\tasks\Google Software Updater.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1682526488-682003330-1004Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1682526488-682003330-1004UA.job
C:\windows\system32\tmp53.tmp

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

[nanovo]

Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2012-04-27 20:50:53
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 62 GB (64%) free of 96 GB
Total RAM: 2047 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:51:23, on 27.4.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\windows\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\system32\svchost.exe
C:\Program Files\ToolKitService\ToolkitService.exe
C:\windows\system32\wuauclt.exe
C:\windows\notepad.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\windows\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe
C:\windows\system32\RunDLL32.exe
C:\Program Files\Hi Suite\Hi Suite.exe
C:\Program Files\CardDetector\HUAWEIX70\CardDetector.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\ToolKitService\tktray.exe
C:\Program Files\OrangeBS\BEWInternetSK\Launcher\Launcher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeBS\BEWInternetSK\systray\systrayapp.exe
C:\Program Files\OrangeBS\BEWInternetSK\connectivity\connectivitymanager.exe
C:\Program Files\OrangeBS\BEWInternetSK\PhoneTools\TextMessaging.exe
C:\Program Files\OrangeBS\BEWInternetSK\Deskboard\deskboard.exe
C:\Program Files\OrangeBS\BEWInternetSK\connectivity\CoreCom\CoreCom.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\7\FTCOMModule.exe
C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
C:\Program Files\OrangeBS\BEWInternetSK\connectivity\CoreCom\OraConfigRecover.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hi Suite\ADB\adb.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\wuauclt.exe
C:\Documents and Settings\Admin\Desktop\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2269050
R3 - URLSearchHook: (no name) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - (no file)
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
O2 - BHO: C:\Program Files\2YourFace\bho.dll - {1185823F-F22F-4027-80E5-4F68ACD5DE5E} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ToolKit IE Helper - {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - C:\Program Files\ToolKitService\splash.dll
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
O3 - Toolbar: (no name) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - (no file)
O3 - Toolbar: eToolKit Toolbar - {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - C:\Program Files\ToolKitService\toolbar.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [DelReg] C:\Program Files\MSI\DualCoreCenter\DelReg.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [bgsmsnd.exe] C:\windows\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [Mobile Partner] C:\Program Files\Hi Suite\Hi Suite.exe -s
O4 - HKLM\..\Run: [CardDetectorHUAWEIX70] C:\Program Files\CardDetector\HUAWEIX70\CardDetector.exe
O4 - HKLM\..\Run: [BEWINTERNET-SKSessionManager] C:\Program Files\OrangeBS\BEWInternetSK\SessionManager\SessionManager.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [tktray] C:\Program Files\ToolKitService\tktray.exe
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_] "C:\Program Files\Hi Suite\UpdateDog\ouc.exe"
O4 - HKUS\S-1-5-21-1078081533-1682526488-682003330-1013\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4B2C923-8E94-4116-B9D9-F48831E7A54A}: NameServer = 213.151.200.30 213.151.208.161
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\windows\system32\sfrem01.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Toolkit Service (ToolkitSvc) - ToolKit Development, Ltd. - C:\Program Files\ToolKitService\ToolkitService.exe

--
End of file - 9703 bytes

======Scheduled tasks folder======

C:\windows\tasks\Google Software Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\wq29b75l.default

prefs.js - "browser.startup.homepage" - "about:home"
prefs.js - "extensions.enabledItems" - "xmlfiller@software602.cz:3.16.2, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, {20a82645-c095-46ed-80e3-08825760534b}:0.0.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]
"Description"=ZoneAlarm Toolbar Api
"Path"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pack.google.com/Google Updater;version=14]
"Description"=Google Updater
"Path"=C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
xmlfiller@software602.cz
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIFillerPlugin.xpt
nsILegitCheckPlugin.xpt
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npfiller.dll
npLegitCheckPlugin.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
fcmdSrch.xml
google.xml
slovnik-sk.xml
toolkitsearch.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\wq29b75l.default\extensions\
engine@conduit.com
xmlfiller@software602.cz
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70EA269E-56DF-49C2-86B2-1A1924ED88B4}]
ToolKit IE Helper - C:\Program Files\ToolKitService\splash.dll [2011-12-26 109640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{9384bd4c-dd14-4be9-80f7-f6277511e4f5}
{D3B22A92-87A2-47b6-B3E6-A64877B5C242} - eToolKit Toolbar - C:\Program Files\ToolKitService\toolbar.dll [2011-12-30 875592]
{872b5b88-9db5-4310-bdd0-ac189557e5f5} - DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\windows\RTHDCPL.EXE [2008-09-30 16864768]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-05-16 213936]
"DelReg"=C:\Program Files\MSI\DualCoreCenter\DelReg.exe [2008-05-13 196608]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-10-07 1461080]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"bgsmsnd.exe"=C:\windows\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe [2006-06-02 106496]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"NvCplDaemon"=C:\windows\system32\NvCpl.dll [2011-12-17 15467840]
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2011-12-17 1634112]
"Mobile Partner"=C:\Program Files\Hi Suite\Hi Suite.exe [2012-03-24 518656]
"CardDetectorHUAWEIX70"=C:\Program Files\CardDetector\HUAWEIX70\CardDetector.exe [2008-02-04 278528]
"BEWINTERNET-SKSessionManager"=C:\Program Files\OrangeBS\BEWInternetSK\SessionManager\SessionManager.exe [2008-02-01 107248]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-08 133104]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-10-11 1961984]
"ctfmon.exe"=C:\windows\system32\ctfmon.exe [2008-04-14 15360]
"tktray"=C:\Program Files\ToolKitService\tktray.exe [2012-01-23 453712]
"HW_OPENEYE_OUC_"=C:\Program Files\Hi Suite\UpdateDog\ouc.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Video Accelerator]
C:\Program Files\Leawo\Video Accelerator\VideoAccelerator.exe -auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Akcelerátor spuštění AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
DualCoreCenter.lnk - C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\PROGRAMY, HRY, SUBORY\USB PROGRAMY\Anno.2070-RELOADED\Nový pr1\Files\TargetDir\AutoPatcher.exe"="D:\PROGRAMY, HRY, SUBORY\USB PROGRAMY\Anno.2070-RELOADED\Nový pr1\Files\TargetDir\AutoPatcher.exe:*:Disabled:Anno 2070 Auto-Patcher"
"D:\HRY\StarCraft II\StarCraft II.exe"="D:\HRY\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"D:\HRY\StarCraft II\Versions\Base15405\SC2.exe"="D:\HRY\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II"
"C:\Program Files\OrangeBS\BEWInternetSK\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeBS\BEWInternetSK\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\windows\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"VIDC.GTCC"=GTCODEC.DLL
"VIDC.MKVC"=KMVIDC32.DLL
"msacm.vorbis"=vorbis.acm
"wave2"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv

======File associations======

.scr - open - "C:\windows\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2012-04-27 20:45:52 ----D---- C:\_OTM
2012-04-22 21:03:00 ----D---- C:\Program Files\Common Files\Skype
2012-04-15 22:30:55 ----HDC---- C:\windows\$NtUninstallKB2641653$
2012-04-15 22:28:36 ----HDC---- C:\windows\$NtUninstallKB2647518$
2012-04-15 17:59:10 ----D---- C:\Documents and Settings\Admin\Application Data\PriceGong
2012-04-15 17:07:54 ----HDC---- C:\windows\$NtUninstallKB2564958$
2012-04-15 17:07:35 ----HDC---- C:\windows\$NtUninstallKB2544893-v2$
2012-04-15 17:07:30 ----HDC---- C:\windows\$NtUninstallKB2646524$
2012-04-15 17:07:24 ----HDC---- C:\windows\$NtUninstallKB2631813$
2012-04-15 17:06:59 ----HDC---- C:\windows\$NtUninstallKB2598479$
2012-04-15 17:06:15 ----HDC---- C:\windows\$NtUninstallKB2641690$
2012-04-15 17:06:07 ----HDC---- C:\windows\$NtUninstallKB2624667$
2012-04-15 17:03:10 ----HDC---- C:\windows\$NtUninstallKB2592799$
2012-04-15 17:02:53 ----HDC---- C:\windows\$NtUninstallKB2603381$
2012-04-15 17:01:48 ----HDC---- C:\windows\$NtUninstallKB2633952$
2012-04-15 17:01:45 ----HDC---- C:\windows\$NtUninstallKB2619339$
2012-04-15 17:01:29 ----HDC---- C:\windows\$NtUninstallKB2618451$
2012-04-15 17:01:03 ----HDC---- C:\windows\$NtUninstallKB2544521$
2012-04-15 17:00:58 ----HDC---- C:\windows\$NtUninstallKB2620712$
2012-04-15 17:00:54 ----HDC---- C:\windows\$NtUninstallKB2584146$
2012-04-15 17:00:46 ----HDC---- C:\windows\$NtUninstallKB2633171$
2012-04-04 21:43:22 ----D---- C:\Documents and Settings\All Users\Application Data\Mirillis
2012-04-04 21:43:22 ----D---- C:\Documents and Settings\Admin\Application Data\Mirillis
2012-04-04 21:42:55 ----D---- C:\Program Files\Mirillis
2012-04-04 21:26:22 ----DC---- C:\windows\system32\DRVSTORE
2012-04-01 15:27:18 ----A---- C:\windows\system32\drivers\irsir.sys
2012-04-01 12:19:51 ----D---- C:\Program Files\CardDetector
2012-03-31 10:54:46 ----A---- C:\Documents and Settings\Admin\Application Data\pcouffin.sys
2012-03-31 10:54:46 ----A---- C:\Documents and Settings\Admin\Application Data\inst.exe
2012-03-30 23:06:49 ----D---- C:\Documents and Settings\Admin\Application Data\Audacity
2012-03-28 19:09:49 ----D---- C:\Program Files\Common Files\HP
2012-03-28 18:59:43 ----A---- C:\windows\hpoins09.dat

======List of files/folders modified in the last 1 month======

2012-04-27 20:51:22 ----A---- C:\windows\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2012-04-27 20:51:17 ----D---- C:\Program Files\trend micro
2012-04-27 20:50:55 ----D---- C:\windows\temp
2012-04-27 20:49:10 ----D---- C:\windows\Prefetch
2012-04-27 20:47:47 ----A---- C:\windows\ModemLog_Communications cable between two computers.txt
2012-04-27 20:47:46 ----A---- C:\windows\ModemLog_Communications cable between two computers #2.txt
2012-04-27 20:47:36 ----SD---- C:\windows\Tasks
2012-04-27 20:46:31 ----A---- C:\windows\SchedLgU.Txt
2012-04-27 20:46:02 ----D---- C:\windows\system32
2012-04-27 20:46:02 ----AD---- C:\WINDOWS
2012-04-27 20:45:54 ----D---- C:\Program Files\Google
2012-04-27 20:45:54 ----D---- C:\Program Files
2012-04-27 20:21:16 ----D---- C:\Documents and Settings\Admin\Application Data\AIMP3
2012-04-27 18:25:10 ----A---- C:\windows\NeroDigital.ini
2012-04-27 18:22:58 ----D---- C:\Documents and Settings\Admin\Application Data\vlc
2012-04-26 17:44:45 ----D---- C:\windows\system32\CatRoot2
2012-04-26 09:12:55 ----D---- C:\Documents and Settings\Admin\Application Data\Skype
2012-04-25 20:29:21 ----D---- C:\Program Files\Mozilla Firefox
2012-04-24 18:42:13 ----D---- C:\Program Files\ToolKitService
2012-04-22 21:03:05 ----SHD---- C:\windows\Installer
2012-04-22 21:03:04 ----D---- C:\Config.Msi
2012-04-22 21:03:00 ----RD---- C:\Program Files\Skype
2012-04-22 21:03:00 ----D---- C:\Program Files\Common Files
2012-04-22 21:02:58 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2012-04-20 19:03:25 ----A---- C:\windows\win.ini
2012-04-17 22:06:51 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-04-17 22:05:44 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-04-17 22:04:30 ----D---- C:\Program Files\Common Files\System
2012-04-16 09:51:01 ----RSD---- C:\windows\assembly
2012-04-16 09:49:18 ----D---- C:\windows\Microsoft.NET
2012-04-16 09:44:01 ----D---- C:\Program Files\Microsoft Silverlight
2012-04-15 22:31:00 ----HD---- C:\windows\inf
2012-04-15 22:30:57 ----RSHDC---- C:\windows\system32\dllcache
2012-04-15 22:30:54 ----HD---- C:\windows\$hf_mig$
2012-04-15 22:30:43 ----A---- C:\windows\system32\PerfStringBackup.INI
2012-04-15 22:30:26 ----D---- C:\windows\WinSxS
2012-04-15 17:03:11 ----D---- C:\windows\system32\drivers
2012-04-09 12:16:06 ----D---- C:\temp
2012-04-04 21:43:02 ----SD---- C:\Documents and Settings\Admin\Application Data\Microsoft
2012-04-01 15:24:28 ----D---- C:\windows\system32\ias
2012-04-01 12:59:15 ----D---- C:\Program Files\OrangeBS
2012-04-01 12:06:16 ----D---- C:\Program Files\Artopik
2012-04-01 10:30:53 ----D---- C:\windows\Network Diagnostic
2012-03-31 20:46:38 ----D---- C:\ALFA
2012-03-31 10:55:47 ----D---- C:\Documents and Settings\Admin\Application Data\DVDVideoSoft
2012-03-31 10:54:46 ----D---- C:\Documents and Settings\Admin\Application Data\Vso
2012-03-31 10:54:17 ----HD---- C:\Program Files\InstallShield Installation Information
2012-03-28 19:08:43 ----D---- C:\Program Files\HP
2012-03-28 19:08:25 ----D---- C:\windows\twain_32
2012-03-28 17:23:31 ----D---- C:\Program Files\Hewlett-Packard

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 imagedrv;imagedrv; C:\windows\System32\Drivers\imagedrv.sys [2005-09-01 5888]
R0 imagesrv;imagesrv; C:\windows\system32\DRIVERS\imagesrv.sys [2005-09-01 127488]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\windows\System32\drivers\prohlp02.sys [2004-01-26 95552]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\windows\System32\drivers\sfdrv01.sys [2006-05-10 51200]
R0 sfhlp01;StarForce Protection Helper Driver; C:\windows\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\windows\System32\drivers\sfhlp02.sys [2006-05-10 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\windows\System32\drivers\sfsync02.sys [2005-08-10 19968]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\windows\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2010-10-22 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 easdrv;easdrv; C:\windows\system32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 epfwtdi;epfwtdi; C:\windows\system32\DRIVERS\epfwtdi.sys [2009-10-07 55256]
R1 intelppm;Intel Processor Driver; C:\windows\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\windows\System32\drivers\prodrv06.sys [2004-01-26 52224]
R2 Angelnt;Angelnt; C:\windows\System32\Drivers\ANGELNT.SYS [2012-03-08 51072]
R2 eamon;EAMON; C:\windows\system32\DRIVERS\eamon.sys [2009-10-07 40824]
R2 epfw;epfw; C:\windows\system32\DRIVERS\epfw.sys [2009-10-07 73760]
R2 irda;IrDA Protocol; C:\windows\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 NPF;NetGroup Packet Filter Driver; C:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 3xHybrid;3xHybrid service; C:\windows\system32\DRIVERS\3xHybrid.sys [2009-02-04 946816]
R3 DualCoreCenter;DualCoreCenter; \??\C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys []
R3 Epfwndis;Eset Personal Firewall; C:\windows\system32\DRIVERS\Epfwndis.sys [2009-10-07 32072]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\windows\system32\DRIVERS\HPZid412.sys [2006-02-01 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\windows\system32\DRIVERS\HPZipr12.sys [2006-02-01 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\windows\system32\DRIVERS\HPZius12.sys [2006-02-01 21568]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys [2007-08-08 101120]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RtkHDAud.sys [2008-10-02 4878336]
R3 irsir;Microsoft Serial Infrared Driver; C:\windows\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Mouse HID Driver; C:\windows\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2011-12-17 13733696]
R3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\windows\system32\PCANDIS5.SYS []
R3 Rasirda;WAN Miniport (IrDA); C:\windows\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\windows\System32\Drivers\RootMdm.sys [2006-02-28 5888]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\windows\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 RushTopDevice2;RushTopDevice2; \??\C:\Program Files\MSI\DualCoreCenter\RushTop.sys []
R3 StillCam;Still Serial Digital Camera Driver; C:\windows\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\windows\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 aeojv28a;aeojv28a; C:\windows\system32\drivers\aeojv28a.sys []
S3 androidusb;ADB Interface Driver; C:\windows\System32\Drivers\hwadb.sys [2010-06-24 25728]
S3 catchme;catchme; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\windows\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 DCamUSBDXGTech;Trust 350FT PowerC@m Flash (Video Camera); C:\windows\System32\Drivers\GT891x1.SYS [2001-12-11 314792]
S3 GT890x;Trust 350FT PowerC@m Flash (Still Camera); C:\windows\System32\Drivers\GT890x.SYS [2001-07-05 18088]
S3 MPE;BDA MPE Filter; C:\windows\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\windows\system32\DRIVERS\MSIRCOMM.sys [2008-04-14 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\windows\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\windows\system32\PCAMPR5.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\windows\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 STIrUsb;SigmaTel USB-IrDA Dongle; C:\windows\system32\DRIVERS\irstusb.sys [2001-08-17 26624]
S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usb_rndisx;USB RNDIS Adapter; C:\windows\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 usbaudio;USB Audio Driver (WDM); C:\windows\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 Wdf01000;Wdf01000; C:\windows\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-10-07 472280]
R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2008-02-01 65536]
R2 Irmon;Infrared Monitor; C:\windows\system32\svchost.exe [2008-04-14 14336]
R2 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-12-08 3616768]
R2 NVSvc;NVIDIA Driver Helper Service; C:\windows\system32\nvsvc32.exe [2011-12-17 148288]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-17 2348864]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-11-22 69632]
R2 PnkBstrA;PnkBstrA; C:\windows\system32\PnkBstrA.exe [2012-02-25 66872]
R2 ToolkitSvc;Toolkit Service; C:\Program Files\ToolKitService\ToolkitService.exe [2012-01-23 687168]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-25 136176]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-22 194104]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:\windows\system32\sfrem01.exe [2006-05-10 353912]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-11-19 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-10-07 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-25 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Dvouklikem na soubor C:\Program Files\trend micro\Admin.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2269050
R3 - URLSearchHook: (no name) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - (no file)
O2 - BHO: C:\Program Files\2YourFace\bho.dll - {1185823F-F22F-4027-80E5-4F68ACD5DE5E} - (no file)
O3 - Toolbar: (no name) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - (no file)
O4 - HKUS\S-1-5-21-1078081533-1682526488-682003330-1013\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

Klikněte na >FixChecked<. Restartujte PC.

[nanovo]

Už je to urobené. Nekázali ste - ale prikladám scan - ak sa zíde

Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2012-04-27 22:08:08
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 62 GB (64%) free of 96 GB
Total RAM: 2047 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:08:34, on 27.4.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\windows\Explorer.EXE
C:\windows\system32\PnkBstrA.exe
C:\windows\system32\svchost.exe
C:\Program Files\ToolKitService\ToolkitService.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\windows\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe
C:\windows\system32\RunDLL32.exe
C:\Program Files\Hi Suite\Hi Suite.exe
C:\Program Files\CardDetector\HUAWEIX70\CardDetector.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\ToolKitService\tktray.exe
C:\Program Files\OrangeBS\BEWInternetSK\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OrangeBS\BEWInternetSK\systray\systrayapp.exe
C:\Program Files\OrangeBS\BEWInternetSK\connectivity\connectivitymanager.exe
C:\Program Files\OrangeBS\BEWInternetSK\PhoneTools\TextMessaging.exe
C:\Program Files\OrangeBS\BEWInternetSK\Deskboard\deskboard.exe
C:\Program Files\OrangeBS\BEWInternetSK\connectivity\CoreCom\CoreCom.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\7\FTCOMModule.exe
C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
C:\Program Files\Hi Suite\ADB\adb.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\OrangeBS\BEWInternetSK\connectivity\CoreCom\OraConfigRecover.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\wuauclt.exe
C:\Documents and Settings\Admin\Desktop\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ToolKit IE Helper - {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - C:\Program Files\ToolKitService\splash.dll
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
O3 - Toolbar: eToolKit Toolbar - {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - C:\Program Files\ToolKitService\toolbar.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [DelReg] C:\Program Files\MSI\DualCoreCenter\DelReg.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [bgsmsnd.exe] C:\windows\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [Mobile Partner] C:\Program Files\Hi Suite\Hi Suite.exe -s
O4 - HKLM\..\Run: [CardDetectorHUAWEIX70] C:\Program Files\CardDetector\HUAWEIX70\CardDetector.exe
O4 - HKLM\..\Run: [BEWINTERNET-SKSessionManager] C:\Program Files\OrangeBS\BEWInternetSK\SessionManager\SessionManager.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [tktray] C:\Program Files\ToolKitService\tktray.exe
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_] "C:\Program Files\Hi Suite\UpdateDog\ouc.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4B2C923-8E94-4116-B9D9-F48831E7A54A}: NameServer = 213.151.200.30 213.151.208.161
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\windows\system32\sfrem01.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Toolkit Service (ToolkitSvc) - ToolKit Development, Ltd. - C:\Program Files\ToolKitService\ToolkitService.exe

--
End of file - 9219 bytes

======Scheduled tasks folder======

C:\windows\tasks\Google Software Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\wq29b75l.default

prefs.js - "browser.startup.homepage" - "about:home"
prefs.js - "extensions.enabledItems" - "xmlfiller@software602.cz:3.16.2, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, {20a82645-c095-46ed-80e3-08825760534b}:0.0.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]
"Description"=ZoneAlarm Toolbar Api
"Path"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pack.google.com/Google Updater;version=14]
"Description"=Google Updater
"Path"=C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
xmlfiller@software602.cz
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIFillerPlugin.xpt
nsILegitCheckPlugin.xpt
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npfiller.dll
npLegitCheckPlugin.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
fcmdSrch.xml
google.xml
slovnik-sk.xml
toolkitsearch.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\wq29b75l.default\extensions\
engine@conduit.com
xmlfiller@software602.cz
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70EA269E-56DF-49C2-86B2-1A1924ED88B4}]
ToolKit IE Helper - C:\Program Files\ToolKitService\splash.dll [2011-12-26 109640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D3B22A92-87A2-47b6-B3E6-A64877B5C242} - eToolKit Toolbar - C:\Program Files\ToolKitService\toolbar.dll [2011-12-30 875592]
{872b5b88-9db5-4310-bdd0-ac189557e5f5} - DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\windows\RTHDCPL.EXE [2008-09-30 16864768]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-05-16 213936]
"DelReg"=C:\Program Files\MSI\DualCoreCenter\DelReg.exe [2008-05-13 196608]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-10-07 1461080]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"bgsmsnd.exe"=C:\windows\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe [2006-06-02 106496]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"NvCplDaemon"=C:\windows\system32\NvCpl.dll [2011-12-17 15467840]
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2011-12-17 1634112]
"Mobile Partner"=C:\Program Files\Hi Suite\Hi Suite.exe [2012-03-24 518656]
"CardDetectorHUAWEIX70"=C:\Program Files\CardDetector\HUAWEIX70\CardDetector.exe [2008-02-04 278528]
"BEWINTERNET-SKSessionManager"=C:\Program Files\OrangeBS\BEWInternetSK\SessionManager\SessionManager.exe [2008-02-01 107248]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-08 133104]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-10-11 1961984]
"ctfmon.exe"=C:\windows\system32\ctfmon.exe [2008-04-14 15360]
"tktray"=C:\Program Files\ToolKitService\tktray.exe [2012-01-23 453712]
"HW_OPENEYE_OUC_"=C:\Program Files\Hi Suite\UpdateDog\ouc.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Video Accelerator]
C:\Program Files\Leawo\Video Accelerator\VideoAccelerator.exe -auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Akcelerátor spuštění AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
DualCoreCenter.lnk - C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\PROGRAMY, HRY, SUBORY\USB PROGRAMY\Anno.2070-RELOADED\Nový pr1\Files\TargetDir\AutoPatcher.exe"="D:\PROGRAMY, HRY, SUBORY\USB PROGRAMY\Anno.2070-RELOADED\Nový pr1\Files\TargetDir\AutoPatcher.exe:*:Disabled:Anno 2070 Auto-Patcher"
"D:\HRY\StarCraft II\StarCraft II.exe"="D:\HRY\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"D:\HRY\StarCraft II\Versions\Base15405\SC2.exe"="D:\HRY\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II"
"C:\Program Files\OrangeBS\BEWInternetSK\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeBS\BEWInternetSK\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\windows\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"VIDC.GTCC"=GTCODEC.DLL
"VIDC.MKVC"=KMVIDC32.DLL
"msacm.vorbis"=vorbis.acm
"wave2"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv

======File associations======

.scr - open - "C:\windows\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2012-04-27 20:45:52 ----D---- C:\_OTM
2012-04-22 21:03:00 ----D---- C:\Program Files\Common Files\Skype
2012-04-15 22:30:55 ----HDC---- C:\windows\$NtUninstallKB2641653$
2012-04-15 22:28:36 ----HDC---- C:\windows\$NtUninstallKB2647518$
2012-04-15 17:59:10 ----D---- C:\Documents and Settings\Admin\Application Data\PriceGong
2012-04-15 17:07:54 ----HDC---- C:\windows\$NtUninstallKB2564958$
2012-04-15 17:07:35 ----HDC---- C:\windows\$NtUninstallKB2544893-v2$
2012-04-15 17:07:30 ----HDC---- C:\windows\$NtUninstallKB2646524$
2012-04-15 17:07:24 ----HDC---- C:\windows\$NtUninstallKB2631813$
2012-04-15 17:06:59 ----HDC---- C:\windows\$NtUninstallKB2598479$
2012-04-15 17:06:15 ----HDC---- C:\windows\$NtUninstallKB2641690$
2012-04-15 17:06:07 ----HDC---- C:\windows\$NtUninstallKB2624667$
2012-04-15 17:03:10 ----HDC---- C:\windows\$NtUninstallKB2592799$
2012-04-15 17:02:53 ----HDC---- C:\windows\$NtUninstallKB2603381$
2012-04-15 17:01:48 ----HDC---- C:\windows\$NtUninstallKB2633952$
2012-04-15 17:01:45 ----HDC---- C:\windows\$NtUninstallKB2619339$
2012-04-15 17:01:29 ----HDC---- C:\windows\$NtUninstallKB2618451$
2012-04-15 17:01:03 ----HDC---- C:\windows\$NtUninstallKB2544521$
2012-04-15 17:00:58 ----HDC---- C:\windows\$NtUninstallKB2620712$
2012-04-15 17:00:54 ----HDC---- C:\windows\$NtUninstallKB2584146$
2012-04-15 17:00:46 ----HDC---- C:\windows\$NtUninstallKB2633171$
2012-04-04 21:43:22 ----D---- C:\Documents and Settings\All Users\Application Data\Mirillis
2012-04-04 21:43:22 ----D---- C:\Documents and Settings\Admin\Application Data\Mirillis
2012-04-04 21:42:55 ----D---- C:\Program Files\Mirillis
2012-04-04 21:26:22 ----DC---- C:\windows\system32\DRVSTORE
2012-04-01 15:27:18 ----A---- C:\windows\system32\drivers\irsir.sys
2012-04-01 12:19:51 ----D---- C:\Program Files\CardDetector
2012-03-31 10:54:46 ----A---- C:\Documents and Settings\Admin\Application Data\pcouffin.sys
2012-03-31 10:54:46 ----A---- C:\Documents and Settings\Admin\Application Data\inst.exe
2012-03-30 23:06:49 ----D---- C:\Documents and Settings\Admin\Application Data\Audacity
2012-03-28 19:09:49 ----D---- C:\Program Files\Common Files\HP
2012-03-28 18:59:43 ----A---- C:\windows\hpoins09.dat

======List of files/folders modified in the last 1 month======

2012-04-27 22:08:33 ----D---- C:\windows\temp
2012-04-27 22:08:28 ----D---- C:\Program Files\trend micro
2012-04-27 22:06:57 ----A---- C:\windows\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2012-04-27 22:04:09 ----A---- C:\windows\ModemLog_Communications cable between two computers.txt
2012-04-27 22:04:09 ----A---- C:\windows\ModemLog_Communications cable between two computers #2.txt
2012-04-27 22:02:40 ----A---- C:\windows\SchedLgU.Txt
2012-04-27 20:49:10 ----D---- C:\windows\Prefetch
2012-04-27 20:47:36 ----SD---- C:\windows\Tasks
2012-04-27 20:46:02 ----D---- C:\windows\system32
2012-04-27 20:46:02 ----AD---- C:\WINDOWS
2012-04-27 20:45:54 ----D---- C:\Program Files\Google
2012-04-27 20:45:54 ----D---- C:\Program Files
2012-04-27 20:21:16 ----D---- C:\Documents and Settings\Admin\Application Data\AIMP3
2012-04-27 18:25:10 ----A---- C:\windows\NeroDigital.ini
2012-04-27 18:22:58 ----D---- C:\Documents and Settings\Admin\Application Data\vlc
2012-04-26 17:44:45 ----D---- C:\windows\system32\CatRoot2
2012-04-26 09:12:55 ----D---- C:\Documents and Settings\Admin\Application Data\Skype
2012-04-25 20:29:21 ----D---- C:\Program Files\Mozilla Firefox
2012-04-24 18:42:13 ----D---- C:\Program Files\ToolKitService
2012-04-22 21:03:05 ----SHD---- C:\windows\Installer
2012-04-22 21:03:04 ----D---- C:\Config.Msi
2012-04-22 21:03:00 ----RD---- C:\Program Files\Skype
2012-04-22 21:03:00 ----D---- C:\Program Files\Common Files
2012-04-22 21:02:58 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2012-04-20 19:03:25 ----A---- C:\windows\win.ini
2012-04-17 22:06:51 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-04-17 22:05:44 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-04-17 22:04:30 ----D---- C:\Program Files\Common Files\System
2012-04-16 09:51:01 ----RSD---- C:\windows\assembly
2012-04-16 09:49:18 ----D---- C:\windows\Microsoft.NET
2012-04-16 09:44:01 ----D---- C:\Program Files\Microsoft Silverlight
2012-04-15 22:31:00 ----HD---- C:\windows\inf
2012-04-15 22:30:57 ----RSHDC---- C:\windows\system32\dllcache
2012-04-15 22:30:54 ----HD---- C:\windows\$hf_mig$
2012-04-15 22:30:43 ----A---- C:\windows\system32\PerfStringBackup.INI
2012-04-15 22:30:26 ----D---- C:\windows\WinSxS
2012-04-15 17:03:11 ----D---- C:\windows\system32\drivers
2012-04-09 12:16:06 ----D---- C:\temp
2012-04-04 21:43:02 ----SD---- C:\Documents and Settings\Admin\Application Data\Microsoft
2012-04-01 15:24:28 ----D---- C:\windows\system32\ias
2012-04-01 12:59:15 ----D---- C:\Program Files\OrangeBS
2012-04-01 12:06:16 ----D---- C:\Program Files\Artopik
2012-04-01 10:30:53 ----D---- C:\windows\Network Diagnostic
2012-03-31 20:46:38 ----D---- C:\ALFA
2012-03-31 10:55:47 ----D---- C:\Documents and Settings\Admin\Application Data\DVDVideoSoft
2012-03-31 10:54:46 ----D---- C:\Documents and Settings\Admin\Application Data\Vso
2012-03-31 10:54:17 ----HD---- C:\Program Files\InstallShield Installation Information
2012-03-28 19:08:43 ----D---- C:\Program Files\HP
2012-03-28 19:08:25 ----D---- C:\windows\twain_32
2012-03-28 17:23:31 ----D---- C:\Program Files\Hewlett-Packard

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 imagedrv;imagedrv; C:\windows\System32\Drivers\imagedrv.sys [2005-09-01 5888]
R0 imagesrv;imagesrv; C:\windows\system32\DRIVERS\imagesrv.sys [2005-09-01 127488]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\windows\System32\drivers\prohlp02.sys [2004-01-26 95552]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\windows\System32\drivers\sfdrv01.sys [2006-05-10 51200]
R0 sfhlp01;StarForce Protection Helper Driver; C:\windows\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\windows\System32\drivers\sfhlp02.sys [2006-05-10 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\windows\System32\drivers\sfsync02.sys [2005-08-10 19968]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\windows\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2010-10-22 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 easdrv;easdrv; C:\windows\system32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 epfwtdi;epfwtdi; C:\windows\system32\DRIVERS\epfwtdi.sys [2009-10-07 55256]
R1 intelppm;Intel Processor Driver; C:\windows\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\windows\System32\drivers\prodrv06.sys [2004-01-26 52224]
R2 Angelnt;Angelnt; C:\windows\System32\Drivers\ANGELNT.SYS [2012-03-08 51072]
R2 eamon;EAMON; C:\windows\system32\DRIVERS\eamon.sys [2009-10-07 40824]
R2 epfw;epfw; C:\windows\system32\DRIVERS\epfw.sys [2009-10-07 73760]
R2 irda;IrDA Protocol; C:\windows\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 NPF;NetGroup Packet Filter Driver; C:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 3xHybrid;3xHybrid service; C:\windows\system32\DRIVERS\3xHybrid.sys [2009-02-04 946816]
R3 DualCoreCenter;DualCoreCenter; \??\C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys []
R3 Epfwndis;Eset Personal Firewall; C:\windows\system32\DRIVERS\Epfwndis.sys [2009-10-07 32072]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\windows\system32\DRIVERS\HPZid412.sys [2006-02-01 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\windows\system32\DRIVERS\HPZipr12.sys [2006-02-01 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\windows\system32\DRIVERS\HPZius12.sys [2006-02-01 21568]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys [2007-08-08 101120]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RtkHDAud.sys [2008-10-02 4878336]
R3 irsir;Microsoft Serial Infrared Driver; C:\windows\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Mouse HID Driver; C:\windows\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2011-12-17 13733696]
R3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\windows\system32\PCANDIS5.SYS []
R3 Rasirda;WAN Miniport (IrDA); C:\windows\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\windows\System32\Drivers\RootMdm.sys [2006-02-28 5888]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\windows\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 RushTopDevice2;RushTopDevice2; \??\C:\Program Files\MSI\DualCoreCenter\RushTop.sys []
R3 StillCam;Still Serial Digital Camera Driver; C:\windows\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\windows\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 ailqzt25;ailqzt25; C:\windows\system32\drivers\ailqzt25.sys []
S3 androidusb;ADB Interface Driver; C:\windows\System32\Drivers\hwadb.sys [2010-06-24 25728]
S3 catchme;catchme; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\windows\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 DCamUSBDXGTech;Trust 350FT PowerC@m Flash (Video Camera); C:\windows\System32\Drivers\GT891x1.SYS [2001-12-11 314792]
S3 GT890x;Trust 350FT PowerC@m Flash (Still Camera); C:\windows\System32\Drivers\GT890x.SYS [2001-07-05 18088]
S3 MPE;BDA MPE Filter; C:\windows\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\windows\system32\DRIVERS\MSIRCOMM.sys [2008-04-14 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\windows\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\windows\system32\PCAMPR5.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\windows\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 STIrUsb;SigmaTel USB-IrDA Dongle; C:\windows\system32\DRIVERS\irstusb.sys [2001-08-17 26624]
S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usb_rndisx;USB RNDIS Adapter; C:\windows\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 usbaudio;USB Audio Driver (WDM); C:\windows\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 Wdf01000;Wdf01000; C:\windows\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-10-07 472280]
R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2008-02-01 65536]
R2 Irmon;Infrared Monitor; C:\windows\system32\svchost.exe [2008-04-14 14336]
R2 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-12-08 3616768]
R2 NVSvc;NVIDIA Driver Helper Service; C:\windows\system32\nvsvc32.exe [2011-12-17 148288]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-17 2348864]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-11-22 69632]
R2 PnkBstrA;PnkBstrA; C:\windows\system32\PnkBstrA.exe [2012-02-25 66872]
R2 ToolkitSvc;Toolkit Service; C:\Program Files\ToolKitService\ToolkitService.exe [2012-01-23 687168]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-25 136176]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-22 194104]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:\windows\system32\sfrem01.exe [2006-05-10 353912]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-11-19 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-10-07 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-25 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

[Rudy]

Čisto. Nastala nějaká změna?

[nanovo]

PC je svižnejší, ale s tým prihlásením na net - po starom: aj dnes len po 2. reštarte nebol problém s pripojením. A ešte toto: Mrzne pri otváraní usb a ext. disku. Keď zapnem tlačiareň mihá obrazovkou. Včera vyskočilo okno s hláškou – e tookit pipe error.

[Rudy]

1. znovu spusťte OTM a klikněte na >Cleanup<. OTM po sobě uklidí.
2. Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

3. k toolkit pipe: Máte nainstalovaný nějaký translator?

[nanovo]

Translator nemám (prekladám cez Mozillu a Google).

Neviem, ako vložím ten dlhý Combofix log ?

[Rudy]

Vynechte odstavec Snapshot a zbytek vložte.

[nanovo]

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70EA269E-56DF-49C2-86B2-1A1924ED88B4}]
2011-12-26 16:47 109640 ----a-w- c:\program files\ToolKitService\splash.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 08:49 176936 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D3B22A92-87A2-47b6-B3E6-A64877B5C242}"= "c:\program files\ToolKitService\toolbar.dll" [2011-12-30 875592]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d3b22a92-87a2-47b6-b3e6-a64877b5c242}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D3B22A92-87A2-47B6-B3E6-A64877B5C242}"= "c:\program files\ToolKitService\toolbar.dll" [2011-12-30 875592]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d3b22a92-87a2-47b6-b3e6-a64877b5c242}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"tktray"="c:\program files\ToolKitService\tktray.exe" [2012-01-23 453712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-30 16864768]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936]
"DelReg"="c:\program files\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 196608]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-10-07 1461080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"bgsmsnd.exe"="c:\windows\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe" [2006-06-01 106496]
"NvMediaCenter"="NvMCTray.dll" [2011-12-17 108352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-12-17 15467840]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-12-17 1634112]
"Mobile Partner"="c:\program files\Hi Suite\Hi Suite.exe" [2012-03-24 518656]
"CardDetectorHUAWEIX70"="c:\program files\CardDetector\HUAWEIX70\CardDetector.exe" [2008-02-04 278528]
"BEWINTERNET-SKSessionManager"="c:\program files\OrangeBS\BEWInternetSK\SessionManager\SessionManager.exe" [2008-02-01 107248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Akcelerátor spuštění AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2010-8-30 192512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\J:\0autocheck autochk *
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 00:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\HRY\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"d:\\HRY\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Program Files\\OrangeBS\\BEWInternetSK\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.10.2010 15:39 691696]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [5.2.2009 16:04 51072]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 9:21 472280]
R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [8.12.2009 20:26 3616768]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.6.2010 19:07 35088]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [29.12.2011 20:50 2348864]
R2 ToolkitSvc;Toolkit Service;c:\program files\ToolKitService\toolkitservice.exe [16.3.2012 22:30 687168]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [4.12.2007 20:34 946816]
R3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [30.8.2010 13:55 28672]
R3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [30.8.2010 13:55 55296]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25.6.2011 22:58 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 8:50 158856]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\hwadb.sys [24.3.2012 21:18 25728]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [25.6.2011 22:58 136176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-01-16 09:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\wq29b75l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{9384BD4C-DD14-4BE9-80F7-F6277511E4F5} - (no file)
HKCU-Run-HW_OPENEYE_OUC_ - c:\program files\Hi Suite\UpdateDog\ouc.exe
MSConfigStartUp-Video Accelerator - c:\program files\Leawo\Video Accelerator\VideoAccelerator.exe
AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe
AddRemove-ŠT 180 - c:\documents and settings\Admin\My Documents\My Games\FarmingSimulator2011\mods\ST180_uinstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-28 11:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
ComboFix 12-04-28.01 - Admin 28.04.2012 11:54:28.10.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2047.1237 [GMT 2:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\Application Data\inst.exe
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\wq29b75l.default\weave\toFetch
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\wq29b75l.default\weave\toFetch\adblockplus.json
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\wq29b75l.default\weave\toFetch\bookmarks.json
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\wq29b75l.default\weave\toFetch\clients.json
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\wq29b75l.default\weave\toFetch\forms.json
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\wq29b75l.default\weave\toFetch\history.json
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\wq29b75l.default\weave\toFetch\passwords.json
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\wq29b75l.default\weave\toFetch\prefs.json
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\wq29b75l.default\weave\toFetch\tabs.json
c:\documents and settings\Admin\Application Data\PriceGong
c:\documents and settings\Admin\Application Data\vso_ts_preview.xml
c:\documents and settings\Admin\WINDOWS
c:\program files\MicrosoftFixit.Printing.FISC.234256306852524927.3.3.Run.exe
c:\windows\system32\acelpdec.ax
c:\windows\system32\BdaPlgIn.ax
c:\windows\system32\declrds.ax
c:\windows\system32\g711codc.ax
c:\windows\system32\iac25_32.ax
c:\windows\system32\ipsink.ax
c:\windows\system32\ir41_32.ax
c:\windows\system32\Ivfsrc.ax
c:\windows\system32\ksolay.ax
c:\windows\system32\ksproxy.ax
c:\windows\system32\kstvtune.ax
c:\windows\system32\kswdmcap.ax
c:\windows\system32\ksxbar.ax
c:\windows\system32\l3codecx.ax
c:\windows\system32\mpeg2data.ax
c:\windows\system32\mpg2splt.ax
c:\windows\system32\mpg4ds32.ax
c:\windows\system32\msadds32.ax
c:\windows\system32\MSDvbNP.ax
c:\windows\system32\msscds32.ax
c:\windows\system32\paypal.url
c:\windows\system32\PsisRndr.ax
c:\windows\system32\tm20dec.ax
c:\windows\system32\urttemp
c:\windows\system32\urttemp\fusion.dll
c:\windows\system32\urttemp\mscoree.dll
c:\windows\system32\urttemp\mscoree.dll.local
c:\windows\system32\urttemp\mscorsn.dll
c:\windows\system32\urttemp\mscorwks.dll
c:\windows\system32\urttemp\msvcr71.dll
c:\windows\system32\urttemp\regtlib.exe
c:\windows\system32\vbisurf.ax
c:\windows\system32\vidcap.ax
c:\windows\system32\wiasf.ax
c:\windows\system32\winx.url
c:\windows\system32\wmv8ds32.ax
c:\windows\system32\wmvds32.ax
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-28 )))))))))))))))))))))))))))))))
.
.
2012-04-27 18:45 . 2012-04-27 18:45 -------- d-----w- C:\_OTM
2012-04-22 19:03 . 2012-04-22 19:03 -------- d-----w- c:\program files\Common Files\Skype
2012-04-04 19:43 . 2012-04-04 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Mirillis
2012-04-04 19:43 . 2012-04-04 19:43 -------- d-----w- c:\documents and settings\Admin\Application Data\Mirillis
2012-04-04 19:43 . 2012-04-27 16:36 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Mirillis
2012-04-04 19:42 . 2012-04-04 19:42 -------- d-----w- c:\program files\Mirillis
2012-04-04 19:26 . 2012-04-04 19:26 -------- dc----w- c:\windows\system32\DRVSTORE
2012-04-01 13:27 . 2001-08-17 11:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2012-04-01 13:27 . 2001-08-17 11:51 18688 ----a-w- c:\windows\system32\drivers\irsir.sys
2012-04-01 10:19 . 2012-04-01 10:19 -------- d-----w- c:\program files\CardDetector
2012-03-31 08:54 . 2012-03-31 08:54 47360 ----a-w- c:\documents and settings\Admin\Application Data\pcouffin.sys
2012-03-30 21:06 . 2012-04-08 22:10 -------- d-----w- c:\documents and settings\Admin\Application Data\Audacity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-08 20:17 . 2009-02-05 14:04 51072 ----a-w- c:\windows\system32\drivers\ANGELNT.SYS
2012-03-08 20:17 . 2009-02-05 14:04 20480 ----a-w- c:\windows\system32\ANGELVDD.DLL
2012-03-08 20:17 . 2009-02-05 14:04 11520 ----a-w- c:\windows\system32\drivers\angelusb.sys
2012-02-25 19:06 . 2012-02-25 16:10 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-02-25 19:06 . 2011-07-26 11:07 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-02-25 16:19 . 2011-07-26 11:07 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-02-25 16:10 . 2012-02-25 16:10 22328 ----a-w- c:\documents and settings\Admin\Application Data\PnkBstrK.sys
2012-02-24 13:13 . 2011-12-29 16:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2008-04-13 23:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2011-09-27 15:49 . 2011-09-27 15:33 14604912 ----a-w- c:\program files\ashampoo_undeleter_1.00_sm.exe
2011-09-26 18:17 . 2011-09-26 18:17 2451576 ----a-w- c:\program files\rcsetup140.exe
2011-01-06 15:18 . 2011-01-06 15:03 13388728 ----a-w- c:\program files\FitLinieFullSetup.exe
2010-11-30 19:46 . 2010-11-30 19:38 6274424 ----a-w- c:\program files\Silverlight.exe
2012-03-23 12:45 . 2011-03-25 12:14 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-25 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll


.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1078081533-1682526488-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1078081533-1682526488-682003330-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:19,d3,37,96,8c,74,13,9a,b1,ee,91,40,4e,97,51,15,2b,2e,dd,3f,a1,71,f1,
39,79,43,6b,1c,df,bf,4a,9b,34,d8,3a,a1,c7,b1,13,5b,23,7d,4f,84,9a,45,e0,65,\
"??"=hex:db,2e,90,50,8b,d4,b8,be,c5,d6,e7,de,ab,9e,65,1d
.
[HKEY_USERS\S-1-5-21-1078081533-1682526488-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:73,8a,7e,e1,cb,22,ec,95,c4,f0,29,31,61,55,f1,66,f0,36,60,98,b2,
87,cd,bb,44,86,b3,ab,61,12,f9,1a,f4,b2,78,12,33,85,d0,26,bf,70,85,0b,64,3d,\
"rkeysecu"=hex:cf,e9,d8,47,79,d8,88,fb,4b,d5,75,cd,4f,97,08,ca
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1792)
c:\windows\system32\dfshim.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\program files\OrangeBS\BEWInternetSK\Launcher\Launcher.exe
c:\program files\MSI\DualCoreCenter\DualCoreCenter.exe
c:\program files\OrangeBS\BEWInternetSK\systray\systrayapp.exe
c:\program files\OrangeBS\BEWInternetSK\connectivity\connectivitymanager.exe
c:\program files\OrangeBS\BEWInternetSK\PhoneTools\TextMessaging.exe
c:\program files\OrangeBS\BEWInternetSK\Deskboard\deskboard.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
c:\program files\OrangeBS\BEWInternetSK\connectivity\CoreCom\CoreCom.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\7\FTCOMModule.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Hi Suite\ADB\adb.exe
c:\program files\OrangeBS\BEWInternetSK\connectivity\CoreCom\OraConfigRecover.exe
.
**************************************************************************
.
Completion time: 2012-04-28 12:03:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-28 10:03
ComboFix2.txt 2010-07-18 16:23
.
Pre-Run: 64 651 018 240 bytes free
Post-Run: 19 adresárov, 64 597 422 080 voľných bajtov
.
- - End Of File - - 2C388B5EB609D9EC59257D1AC22F6801

[Rudy]

1. Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Regnull::
[HKEY_USERS\S-1-5-21-1078081533-1682526488-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
[HKEY_USERS\S-1-5-21-1078081533-1682526488-682003330-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-1078081533-1682526488-682003330-1004\Software\SecuROM\License information*]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhnětě nad ikonu ComboFix a pusťte CF se spustí a vykoná příkazy ze skriptu.



2. Spusťte znovu OTM a klikněte na >Cleanup<. OTM po sobě uklidí.

[nanovo]

Po týchto úkonoch sa nedalo zas pripojiť na net.
Po mojom reštarte PC zamrzol (ostala iba tmavšia uvítacia obrazovka).
PC sa dal vypnúť len "gombíkom" vzadu.
Po 2. reštarte čierna obrazovka, kde chcelo potvrdiť normál. režim.
Problém s pripojením na net je stále

Ak treba výpis:

ComboFix 12-04-28.01 - Admin 28.04.2012 18:31:51.11.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2047.1242 [GMT 2:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-28 )))))))))))))))))))))))))))))))
.
.
2012-04-27 18:45 . 2012-04-27 18:45 -------- d-----w- C:\_OTM
2012-04-22 19:03 . 2012-04-22 19:03 -------- d-----w- c:\program files\Common Files\Skype
2012-04-04 19:43 . 2012-04-04 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Mirillis
2012-04-04 19:43 . 2012-04-04 19:43 -------- d-----w- c:\documents and settings\Admin\Application Data\Mirillis
2012-04-04 19:43 . 2012-04-27 16:36 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Mirillis
2012-04-04 19:42 . 2012-04-04 19:42 -------- d-----w- c:\program files\Mirillis
2012-04-04 19:26 . 2012-04-04 19:26 -------- dc----w- c:\windows\system32\DRVSTORE
2012-04-01 13:27 . 2001-08-17 11:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2012-04-01 13:27 . 2001-08-17 11:51 18688 ----a-w- c:\windows\system32\drivers\irsir.sys
2012-04-01 10:19 . 2012-04-01 10:19 -------- d-----w- c:\program files\CardDetector
2012-03-31 08:54 . 2012-03-31 08:54 47360 ----a-w- c:\documents and settings\Admin\Application Data\pcouffin.sys
2012-03-30 21:06 . 2012-04-08 22:10 -------- d-----w- c:\documents and settings\Admin\Application Data\Audacity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-08 20:17 . 2009-02-05 14:04 51072 ----a-w- c:\windows\system32\drivers\ANGELNT.SYS
2012-03-08 20:17 . 2009-02-05 14:04 20480 ----a-w- c:\windows\system32\ANGELVDD.DLL
2012-03-08 20:17 . 2009-02-05 14:04 11520 ----a-w- c:\windows\system32\drivers\angelusb.sys
2012-02-25 19:06 . 2012-02-25 16:10 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-02-25 19:06 . 2011-07-26 11:07 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-02-25 16:19 . 2011-07-26 11:07 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-02-25 16:10 . 2012-02-25 16:10 22328 ----a-w- c:\documents and settings\Admin\Application Data\PnkBstrK.sys
2012-02-24 13:13 . 2011-12-29 16:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2008-04-13 23:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2011-09-27 15:49 . 2011-09-27 15:33 14604912 ----a-w- c:\program files\ashampoo_undeleter_1.00_sm.exe
2011-09-26 18:17 . 2011-09-26 18:17 2451576 ----a-w- c:\program files\rcsetup140.exe
2011-01-06 15:18 . 2011-01-06 15:03 13388728 ----a-w- c:\program files\FitLinieFullSetup.exe
2010-11-30 19:46 . 2010-11-30 19:38 6274424 ----a-w- c:\program files\Silverlight.exe
2012-03-23 12:45 . 2011-03-25 12:14 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-25 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70EA269E-56DF-49C2-86B2-1A1924ED88B4}]
2011-12-26 16:47 109640 ----a-w- c:\program files\ToolKitService\splash.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 08:49 176936 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D3B22A92-87A2-47b6-B3E6-A64877B5C242}"= "c:\program files\ToolKitService\toolbar.dll" [2011-12-30 875592]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d3b22a92-87a2-47b6-b3e6-a64877b5c242}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D3B22A92-87A2-47B6-B3E6-A64877B5C242}"= "c:\program files\ToolKitService\toolbar.dll" [2011-12-30 875592]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d3b22a92-87a2-47b6-b3e6-a64877b5c242}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"tktray"="c:\program files\ToolKitService\tktray.exe" [2012-01-23 453712]
"HW_OPENEYE_OUC_"="c:\program files\Hi Suite\UpdateDog\ouc.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-30 16864768]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936]
"DelReg"="c:\program files\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 196608]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-10-07 1461080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"bgsmsnd.exe"="c:\windows\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe" [2006-06-01 106496]
"NvMediaCenter"="NvMCTray.dll" [2011-12-17 108352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-12-17 15467840]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-12-17 1634112]
"Mobile Partner"="c:\program files\Hi Suite\Hi Suite.exe" [2012-03-24 518656]
"CardDetectorHUAWEIX70"="c:\program files\CardDetector\HUAWEIX70\CardDetector.exe" [2008-02-04 278528]
"BEWINTERNET-SKSessionManager"="c:\program files\OrangeBS\BEWInternetSK\SessionManager\SessionManager.exe" [2008-02-01 107248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Akcelerátor spuštění AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2010-8-30 192512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\J:\0autocheck autochk *
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 00:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\HRY\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"d:\\HRY\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Program Files\\OrangeBS\\BEWInternetSK\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.10.2010 15:39 691696]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [5.2.2009 16:04 51072]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 9:21 472280]
R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [8.12.2009 20:26 3616768]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.6.2010 19:07 35088]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [29.12.2011 20:50 2348864]
R2 ToolkitSvc;Toolkit Service;c:\program files\ToolKitService\toolkitservice.exe [16.3.2012 22:30 687168]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [4.12.2007 20:34 946816]
R3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [30.8.2010 13:55 28672]
R3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [30.8.2010 13:55 55296]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25.6.2011 22:58 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 8:50 158856]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\hwadb.sys [24.3.2012 21:18 25728]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [25.6.2011 22:58 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-01-16 09:34]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\wq29b75l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-28 18:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1078081533-1682526488-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1764)
c:\windows\system32\dfshim.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-28 18:36:06
ComboFix-quarantined-files.txt 2012-04-28 16:36
ComboFix2.txt 2012-04-28 10:03
ComboFix3.txt 2010-07-18 16:23
.
Pre-Run: 64 659 083 264 bytes free
Post-Run: 19 adresárov, 64 634 015 744 voľných bajtov
.
- - End Of File - - 34CBF4BFA088A2EF8478A6203C81FA57