cidrive32.exe RSIT-log

[xaron]

Zdravím
Mam ten istý problém ako tu:http://www.viry.cz/forum/viewtopic.php?f=13&t=99615
Mohli by ste sa mi na to pozrieť?

log1:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Jarmila at 2010-04-03 09:40:41
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (36%) free of 37 GB
Total RAM: 511 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:54, on 3. 4. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\cidrive32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\Jarmila\LOCALS~1\Temp\429.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jarmila\Plocha\RSIT.exe
C:\Program Files\trend micro\Jarmila.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe \RESET
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\DOCUME~1\Jarmila\LOCALS~1\Temp\429.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\cidrive32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [JetVoice] "C:\Program Files\JetVoice\JETVOICE.EXE" AUTORUN
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [psysnew] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\cidrive32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7816 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Low Battery Alarm Program.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}]
Kwyshell MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll [2004-12-03 100864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - Kwyshell MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll [2004-12-03 100864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"=Alaunch []
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-01-07 102491]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-01-07 692315]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-18 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-18 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe []
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-01-22 126976]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-07-15 32768]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-03-25 5566464]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-03-25 86016]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-01 77824]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-04-15 88202]
"EPM-DM"=c:\acer\epm\epm-dm.exe [2005-04-21 188416]
"ePowerManagement"=C:\Acer\ePM\ePM.exe [2005-03-15 2893824]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2005-04-28 483328]
"eRecoveryService"=C:\Program Files\Acer\eRecovery\Monitor.exe [2005-06-20 352256]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2008-04-14 143872]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
"zzzHPSETUP"=E:\Setup.exe \RESET []
"CHotkey"=C:\WINDOWS\mHotkey.exe [2004-09-21 550400]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-11-26 1629480]
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-11-26 1057064]
"Advanced DHTML Enable"=C:\DOCUME~1\Jarmila\LOCALS~1\Temp\429.exe [2010-03-21 135168]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Microsoft Driver Setup"=C:\WINDOWS\cidrive32.exe [2010-04-02 155648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Microsoft Driver Setup"=C:\WINDOWS\cidrive32.exe [2010-04-02 155648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"JetVoice"=C:\Program Files\JetVoice\JETVOICE.EXE AUTORUN []
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 []
"psysnew"=C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe [2010-04-03 118784]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\Jarmila\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-01-22 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Ine hry + Programy\liero\LieroX v0.56b Pack 1.7\LieroX.exe"="E:\Ine hry + Programy\liero\LieroX v0.56b Pack 1.7\LieroX.exe:*:Enabled:LieroX"
"C:\Documents and Settings\Jarmila\Plocha\Marcel\LieroX v0.56b Pack 1.7\LieroX.exe"="C:\Documents and Settings\Jarmila\Plocha\Marcel\LieroX v0.56b Pack 1.7\LieroX.exe:*:Disabled:LieroX"
"F:\CDS\Nero\Installation\Setupx.exe"="F:\CDS\Nero\Installation\Setupx.exe:*:Enabled:Nero ProductSetup"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\528.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\528.exe:*:Enabled:528"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\118.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\118.exe:*:Disabled:118"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\212.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\212.exe:*:Enabled:212"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\805.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\805.exe:*:Disabled:805"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\544.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\544.exe:*:Enabled:544"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\549.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\549.exe:*:Disabled:549"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\252.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\252.exe:*:Disabled:252"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\740.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\740.exe:*:Disabled:740"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\399.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\399.exe:*:Disabled:399"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\859.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\859.exe:*:Disabled:859"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\727.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\727.exe:*:Disabled:727"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\880.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\880.exe:*:Disabled:880"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\689.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\689.exe:*:Disabled:689"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\047.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\047.exe:*:Enabled:047"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\769.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\769.exe:*:Disabled:769"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\872.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\872.exe:*:Disabled:872"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\789.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\789.exe:*:Disabled:789"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\390.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\390.exe:*:Disabled:390"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\538.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\538.exe:*:Enabled:538"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\590.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\590.exe:*:Enabled:590"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\285.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\285.exe:*:Enabled:285"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\766.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\766.exe:*:Enabled:766"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\442.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\442.exe:*:Enabled:442"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\738.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\738.exe:*:Enabled:738"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\063.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\063.exe:*:Enabled:063"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\144.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\144.exe:*:Enabled:144"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\518.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\518.exe:*:Enabled:518"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\362.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\362.exe:*:Enabled:362"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\431.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\431.exe:*:Enabled:431"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\338.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\338.exe:*:Enabled:338"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\115.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\115.exe:*:Enabled:115"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\611.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\611.exe:*:Enabled:611"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\969.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\969.exe:*:Enabled:969"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\908.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\908.exe:*:Enabled:908"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\650.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\650.exe:*:Enabled:650"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\883.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\883.exe:*:Enabled:883"
"C:\Documents and Settings\Jarmila\Local Settings\Temp\429.exe"="C:\Documents and Settings\Jarmila\Local Settings\Temp\429.exe:*:Enabled:429"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53ee843a-b424-11de-9a54-0013ce1d9ad1}]
shell\AutoRun\command - G:\RECYCLER32\dmgr.exe
shell\open\command - G:\RECYCLER32\dmgr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84853c86-f416-11db-98a2-0013ce1d9ad1}]
shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sic32.exe
shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sic32.exe


======List of files/folders created in the last 1 months======

2010-04-03 09:40:41 ----D---- C:\rsit
2010-04-03 09:40:41 ----D---- C:\Program Files\trend micro
2010-04-02 09:32:29 ----RSH---- C:\WINDOWS\cidrive32.exe
2010-03-28 09:58:20 ----D---- C:\WINDOWS\Binaries
2010-03-27 17:49:15 ----D---- C:\Program Files\šetric KROS auto
2010-03-12 18:21:34 ----HD---- C:\WINDOWS\$NtUninstallKB977165-v2$
2010-03-12 18:21:23 ----HD---- C:\WINDOWS\$NtUninstallKB975561$

======List of files/folders modified in the last 1 months======

2010-04-03 09:37:02 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt
2010-04-03 09:36:36 ----N---- C:\WINDOWS\system32\eRLog.ini
2010-04-02 22:16:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-30 19:21:32 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-28 09:58:16 ----A---- C:\WINDOWS\system32\ANGELVDD.DLL
2010-03-16 16:51:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-12 18:21:44 ----A---- C:\WINDOWS\imsins.BAK
2010-03-12 18:21:10 ----A---- C:\WINDOWS\system32\MRT.INI
2010-03-11 14:36:24 ----N---- C:\WINDOWS\system32\pngfilt.dll
2010-03-11 14:36:24 ----N---- C:\WINDOWS\system32\occache.dll
2010-03-11 14:36:24 ----N---- C:\WINDOWS\system32\mstime.dll
2010-03-11 14:36:24 ----N---- C:\WINDOWS\system32\msrating.dll
2010-03-11 14:36:24 ----N---- C:\WINDOWS\system32\mshtmled.dll
2010-03-11 14:36:24 ----A---- C:\WINDOWS\system32\wininet.dll
2010-03-11 14:36:24 ----A---- C:\WINDOWS\system32\webcheck.dll
2010-03-11 14:36:24 ----A---- C:\WINDOWS\system32\urlmon.dll
2010-03-11 14:36:24 ----A---- C:\WINDOWS\system32\url.dll
2010-03-11 14:36:24 ----A---- C:\WINDOWS\system32\mshtml.dll
2010-03-11 14:36:22 ----N---- C:\WINDOWS\system32\jsproxy.dll
2010-03-11 14:36:22 ----N---- C:\WINDOWS\system32\iernonce.dll
2010-03-11 14:36:22 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2010-03-11 14:36:22 ----N---- C:\WINDOWS\system32\ieaksie.dll
2010-03-11 14:36:22 ----N---- C:\WINDOWS\system32\ieakeng.dll
2010-03-11 14:36:22 ----N---- C:\WINDOWS\system32\extmgr.dll
2010-03-11 14:36:22 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2010-03-11 14:36:22 ----A---- C:\WINDOWS\system32\msfeeds.dll
2010-03-11 14:36:22 ----A---- C:\WINDOWS\system32\iertutil.dll
2010-03-11 14:36:22 ----A---- C:\WINDOWS\system32\iepeers.dll
2010-03-11 14:36:22 ----A---- C:\WINDOWS\system32\ieframe.dll
2010-03-11 14:36:22 ----A---- C:\WINDOWS\system32\ieencode.dll
2010-03-11 14:36:22 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2010-03-11 14:36:22 ----A---- C:\WINDOWS\system32\icardie.dll
2010-03-11 14:36:20 ----N---- C:\WINDOWS\system32\dxtrans.dll
2010-03-11 14:36:20 ----N---- C:\WINDOWS\system32\dxtmsft.dll
2010-03-11 14:36:20 ----N---- C:\WINDOWS\system32\corpol.dll
2010-03-11 14:36:20 ----A---- C:\WINDOWS\system32\advpack.dll
2010-03-10 15:17:16 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2010-03-10 15:17:16 ----A---- C:\WINDOWS\system32\ieudinit.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-11-26 36776]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-11-26 38440]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R2 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2010-03-28 51072]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 int15.sys;int15.sys; \??\C:\Program Files\Acer\eRecovery\int15.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-18 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-18 55936]
R2 osanbm;osanbm; C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 4010]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-04-15 1073375]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-01 2300928]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-12-06 126720]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2005-01-13 57984]
R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2005-02-21 36992]
R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2005-01-26 330368]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-10-20 6144]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-03-25 3449216]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-06-16 46080]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-01-07 191456]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-29 3222784]
R4 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys []
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-11-26 118952]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 hlwinnt;hlwinnt; \??\C:\WINDOWS\system32\hlwinnt.sys []
S3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-01-22 804317]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20040813.178\symidsco.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 anbmService;Notebook Manager Service; C:\Acer\eManager\anbmServ.exe [2004-08-16 1287168]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-11-26 1554728]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-03-25 127042]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

[xaron]

log2:

info.txt logfile of random's system information tool 1.06 2010-04-03 09:40:58

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
-->C:\WINDOWS\NuNInst.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
602XML Filler-->MsiExec.exe /X{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}
ABBYY FineReader 8.0 Professional Edition-->MsiExec.exe /I{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}
Acer eManager for Notebook-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62}
Acer ePowerManagement-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x5
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A70500000002}
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Aktualizace systému Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Aktualizace systému Windows Internet Explorer 7 (KB980182)-->"C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Aktualizace zabezpečení produktu Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB977165-v2)-->"C:\WINDOWS\$NtUninstallKB977165-v2$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
ALFA 16.20.00-->MsiExec.exe /I{69E369F1-6A92-47B5-86D5-474A7E06B3DC}
DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
DeepBurner v1.7.1.213-->"C:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner\install.log"
Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\system32\OggDSuninst.exe"
DVD Solution-->"C:\Program Files\Uninstall_CDS.exe"
Ford Racing 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{797E03F8-C8A0-47ED-AA9F-D7076276E491}\setup.exe"
FORM studio-->"C:\Program Files\KASTNER software\FORM studio SK\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Kwyshell MidpX Emulator Package 1.0-->C:\Program Files\Kwyshell\MidpX\uninst.exe
Launch Manager-->C:\WINDOWS\UnInst32.exe LManager.UNI
Micro DVD Player-->C:\Program Files\Micro DVD Player\uninstall.exe
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000405-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP3 Parser (KB973685)-->MsiExec.exe /I{859DFA95-E4A6-48CD-B88E-A3E483E89B44}
Nero 7 Essentials-->MsiExec.exe /X{45B3A3BD-F90D-48FE-A147-D74878A51029}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NTI Backup NOW! 4-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{69CC0647-7F98-4358-AAB6-4F65C0705400} /l1033 BUN4
NTI CD & DVD-Maker Gold-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5242A858-AD61-4130-92D4-BDF5087CE562} /l1033 CDM7
NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
OMEGA-->MsiExec.exe /I{9826FB84-BE39-4864-ABB1-45B8F04F3098}
OpenOffice.org 3.1-->MsiExec.exe /I{B1995371-129A-4232-A0C8-E98500B4F317}
Oprava hotfix aplikace Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
PREMIER system 12.3 (661)-->"c:\Premier\SETUP\setup.exe" /u
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Scorpions WinCheater-->"C:\Program Files\Scorpions WinCheater\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
šetric KROS auto-->C:\Program Files\šetric KROS auto\Uninstall.exe
TurboCAD Professional 14-->MsiExec.exe /I{68FBB7BE-34F5-4FE9-AA07-E7894533CF0E}
Ulead VideoStudio 7 SE Basic-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}\setup.exe" -l0x9
USB Multimedia Keyboard Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08DA21BF-9912-409E-B802-943C6DC2DA81}\Setup.exe" -l0x9
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XviD Video Codec 15012003-1 (Koepi's developer build)-->"C:\Program Files\XviD\UninstXviD.exe"

======System event log======

Computer Name: ACER-078000C74C
Event Code: 7000
Message: Služba hlwinnt neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.


Record Number: 36371
Source Name: Service Control Manager
Time Written: 20100124174603.000000+060
Event Type: error
User:

Computer Name: ACER-078000C74C
Event Code: 1
Message: Filtr nástroje Obnovení systému zjistil neočekávanou chybu 0xC000000D při zpracování souboru autorun.inf na svazku HarddiskVolume1. Sledování svazku bylo ukončeno.

Record Number: 36370
Source Name: sr
Time Written: 20100124174533.000000+060
Event Type: error
User:

Computer Name: ACER-078000C74C
Event Code: 4
Message: Broadcom NetLink (TM) Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 36369
Source Name: b57w2k
Time Written: 20100124174349.000000+060
Event Type: warning
User:

Computer Name: ACER-078000C74C
Event Code: 7000
Message: Služba hlwinnt neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.


Record Number: 36350
Source Name: Service Control Manager
Time Written: 20100109092416.000000+060
Event Type: error
User:

Computer Name: ACER-078000C74C
Event Code: 1
Message: Filtr nástroje Obnovení systému zjistil neočekávanou chybu 0xC000000D při zpracování souboru autorun.inf na svazku HarddiskVolume1. Sledování svazku bylo ukončeno.

Record Number: 36349
Source Name: sr
Time Written: 20100109092341.000000+060
Event Type: error
User:

=====Application event log=====

Computer Name: ACER-078000C74C
Event Code: 62
Message: Programu WMI ADAP se nezdařilo zpracovat knihovnu výkonu .NET CLR Networking, neboť jeden z datových blobů, který měl mít třídy, má nulovou velikost.

Record Number: 794
Source Name: WinMgmt
Time Written: 20080403185225.000000+120
Event Type: warning
User:

Computer Name: ACER-078000C74C
Event Code: 62
Message: Programu WMI ADAP se nezdařilo zpracovat knihovnu výkonu .NET CLR Data, neboť jeden z datových blobů, který měl mít třídy, má nulovou velikost.

Record Number: 793
Source Name: WinMgmt
Time Written: 20080403185225.000000+120
Event Type: warning
User:

Computer Name: ACER-078000C74C
Event Code: 1000
Message: Chybující aplikace showtime.exe, verze 4.2.3.0, chybující modul nosusagestatistics.dll, verze 1.4.5.0, adresa chyby 0x00054978.

Record Number: 756
Source Name: Application Error
Time Written: 20080329201808.000000+060
Event Type: error
User:

Computer Name: ACER-078000C74C
Event Code: 1517
Message: Systém Windows uložil registr uživatele ACER-078000C74C\Jarmila, ale některá z aplikací nebo služeb během odhlášení registr nadále používala. Paměť používaná registrem uživatele nebyla uvolněna. Registr bude uvolněn, jakmile již nebude používán.


To je často způsobeno tím, že jsou služby spuštěny pomocí uživatelského účtu. Zkuste služby konfigurovat pro spuštění pomocí účtu místní nebo síťové služby.

Record Number: 734
Source Name: Userenv
Time Written: 20080327212854.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ACER-078000C74C
Event Code: 47
Message: Programu WMI ADAP se nezdařilo načíst data z podklíče PerfLib: SYSTEM\CurrentControlSet\Services\Outlook\Performance\Library, kód chyby: 0x80041009

Record Number: 733
Source Name: WinMgmt
Time Written: 20080327211127.000000+060
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

[xaron]

Spustil som avast a výsledok je taký že pc už pustím iba v núdzovom režime...

[Caroprd111]

Zdravím


Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
• Vložte do PC všechny flash disky, které používáte.
• Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
• Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
• Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
• Během skenování může být počítač restartován.

[xaron]

ComboFix 10-04-02.01 - Jarmila . 04. 2010 13:30:22.1.1 - FAT32x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.511.350 [GMT 2:00]
Running from: c:\documents and settings\Jarmila\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-0243556031-888888379-781863308-1455
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1859
c:\recycler\S-1-5-21-0515535705-7177546000-471108887-7442
c:\recycler\S-1-5-21-0641020824-1331997705-370491840-1535
c:\recycler\S-1-5-21-1096203896-5682187559-518680501-5153
c:\recycler\S-1-5-21-1310475763-7371936525-724227632-6686
c:\recycler\S-1-5-21-1906011270-3217598295-311871887-2753
c:\recycler\S-1-5-21-2387766308-5488781036-081213086-9709
c:\recycler\S-1-5-21-2608403537-6131557613-765056798-1532
c:\recycler\S-1-5-21-2851661864-6648177356-206654741-7147
c:\recycler\S-1-5-21-3313652937-0474777385-906652476-1686
c:\recycler\S-1-5-21-3379483511-9105113154-768883543-2750
c:\recycler\S-1-5-21-3453213546-2160664745-382609742-0430
c:\recycler\S-1-5-21-3726820304-6513296805-967078367-3088
c:\recycler\S-1-5-21-3784440246-8454135910-589932139-1875
c:\recycler\S-1-5-21-3836677715-4777499146-580665459-4069
c:\recycler\S-1-5-21-4322934154-6636757498-785154539-1934
c:\recycler\S-1-5-21-4652063218-5442454188-708193510-1628
c:\recycler\S-1-5-21-4952301653-5796955872-519341283-2344
c:\recycler\S-1-5-21-5687119958-4600444769-664326701-1387
c:\recycler\S-1-5-21-5952990063-3482542268-065906186-0880
c:\recycler\S-1-5-21-6325879434-2566337125-390369588-0296
c:\recycler\S-1-5-21-6911091051-1740875040-528391938-4196
c:\recycler\S-1-5-21-7025686813-6400803773-300059812-8808
c:\recycler\S-1-5-21-7354856783-7121225935-404657779-5463
c:\recycler\S-1-5-21-7655364987-7445876545-087921838-7339
c:\recycler\S-1-5-21-7655364987-7445876545-087921838-7339\Desktop.ini
c:\recycler\S-1-5-21-7655364987-7445876545-087921838-7339\winmap32.exe
c:\recycler\S-1-5-21-8670671608-0617154013-946737342-1372
c:\recycler\S-1-5-21-8779454878-8770977429-014059532-9119
c:\recycler\S-1-5-21-8919344948-8353449268-315395873-2178
c:\recycler\S-1-5-21-9209021964-0001867076-083012636-5157
c:\recycler\S-1-5-21-9380390908-5324352291-762796919-1184
c:\recycler\S-1-5-21-9804916377-2186869755-886001178-5371
c:\recycler\S-1-5-21-9924772690-3476179678-475833877-5009
c:\windows\AppPatch\AcAdProc.dll
c:\windows\cidrive32.exe
c:\windows\system32\autorun.ini
c:\windows\system32\dbfb.dll
c:\windows\Uninstall.ini

.
((((((((((((((((((((((((( Files Created from 2010-03-03 to 2010-04-03 )))))))))))))))))))))))))))))))
.

2010-04-03 07:56 . 2010-04-03 07:56 -------- d-----w- c:\program files\Alwil Software
2010-04-03 07:40 . 2010-04-03 07:40 -------- d-----w- C:\rsit
2010-04-03 07:40 . 2010-04-03 07:40 -------- d-----w- c:\program files\trend micro
2010-03-28 07:58 . 2010-03-28 07:58 -------- d-----w- c:\windows\Binaries
2010-03-27 15:49 . 2010-03-27 15:49 731242 ----a-w- c:\windows\šetric KROS auto.scr
2010-03-27 15:49 . 2010-03-27 15:49 -------- d-----w- c:\program files\šetric KROS auto
2010-03-12 15:17 . 2009-10-23 14:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-03 07:58 . 2006-10-14 19:21 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-28 07:58 . 2006-10-30 16:48 405 ----a-w- c:\windows\system32\ANGELDOS.SYS
2010-03-28 07:58 . 2006-10-30 16:48 11520 ----a-w- c:\windows\system32\drivers\angelusb.sys
2010-03-28 07:58 . 2006-10-30 16:48 51072 ----a-w- c:\windows\system32\drivers\ANGELNT.SYS
2010-03-28 07:58 . 2003-07-28 07:07 20480 ----a-w- c:\windows\system32\ANGELVDD.DLL
2010-03-16 14:51 . 1979-12-31 22:00 63976 ----a-w- c:\windows\system32\perfc005.dat
2010-03-16 14:51 . 1979-12-31 22:00 383832 ----a-w- c:\windows\system32\perfh005.dat
2010-03-11 12:36 . 1979-12-31 22:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 1979-12-31 22:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 1979-12-31 22:00 17408 ------w- c:\windows\system32\corpol.dll
2010-02-21 09:04 . 2010-02-21 09:04 -------- d-----w- c:\program files\KASTNER software
2010-02-07 12:52 . 2010-02-07 12:52 -------- d-----w- c:\program files\Common Files\Freedom Scientific
2010-02-07 12:52 . 2010-02-07 12:52 -------- d-----w- c:\program files\Common Files\soft602
2010-02-07 12:52 . 2010-02-07 12:52 -------- d-----w- c:\program files\Software602
2004-03-11 11:27 . 2005-10-21 13:25 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"zzzHPSETUP"="e:\setup.exe \RESET" [X]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 102491]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 692315]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-22 126976]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-14 32768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-03-25 5566464]
"nwiz"="nwiz.exe" [2005-03-25 1495040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-03-25 86016]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 77824]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-15 88202]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-04-21 188416]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-15 2893824]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2005-04-28 483328]
"eRecoveryService"="c:\program files\Acer\eRecovery\Monitor.exe" [2005-06-20 352256]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"CHotkey"="mHotkey.exe" [2004-09-21 550400]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Jarmila\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-15 384512]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [30. 10. 2006 18:48 51072]
S2 hlwinnt;hlwinnt;\??\c:\windows\system32\hlwinnt.sys --> c:\windows\system32\hlwinnt.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://global.acer.com
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Link to &MidpX - c:\program files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
FF - ProfilePath - c:\documents and settings\Jarmila\Data aplikací\Mozilla\Firefox\Profiles\z8kqy8pd.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-JetVoice - c:\program files\JetVoice\JETVOICE.EXE
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKLM-Run-IgfxTray - c:\windows\system32\igfxtray.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
AddRemove-PREMIER system 12.3 (661) - c:\premier\SETUP\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-03 13:38
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4080)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SOUNDMAN.EXE
c:\windows\AGRSMMSG.exe
c:\windows\system32\rundll32.exe
c:\windows\mHotkey.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\acer\eManager\anbmServ.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
.
**************************************************************************
.
Completion time: 2010-04-03 13:39:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-03 11:39

Pre-Run: Volných bajtů: 16 590 274 560
Post-Run: Volných bajtů: 17 872 027 648

- - End Of File - - 5D6FC467818147D3E492D4B1A05B3FE4

[Caroprd111]

Pokud nemáte, přesuňte Combofix na plochu

• Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

Driver::
hlwinnt

File::
c:\windows\system32\hlwinnt.sys

• Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
• Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
  
  
• Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci


Tohle znáte
"zzzHPSETUP"="e:\setup.exe \RESET"


Tohle otestujte na http://www.virustotal.com/cs/
c:\windows\system32\ANGELDOS.SYS
c:\windows\system32\ANGELVDD.DLL

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)

[xaron]

ComboFix 10-04-02.01 - Jarmila . 04. 2010 14:17:16.2.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.511.150 [GMT 2:00]
Running from: c:\documents and settings\Jarmila\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Jarmila\Plocha\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\system32\hlwinnt.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HLWINNT
-------\Service_hlwinnt


((((((((((((((((((((((((( Files Created from 2010-03-03 to 2010-04-03 )))))))))))))))))))))))))))))))
.

2010-04-03 07:56 . 2010-04-03 07:56 -------- d-----w- c:\program files\Alwil Software
2010-04-03 07:40 . 2010-04-03 07:40 -------- d-----w- C:\rsit
2010-04-03 07:40 . 2010-04-03 07:40 -------- d-----w- c:\program files\trend micro
2010-03-28 07:58 . 2010-03-28 07:58 -------- d-----w- c:\windows\Binaries
2010-03-27 15:49 . 2010-03-27 15:49 731242 ----a-w- c:\windows\šetric KROS auto.scr
2010-03-27 15:49 . 2010-03-27 15:49 -------- d-----w- c:\program files\šetric KROS auto
2010-03-12 15:17 . 2009-10-23 14:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-03 12:22 . 2006-10-14 19:21 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-28 07:58 . 2006-10-30 16:48 405 ----a-w- c:\windows\system32\ANGELDOS.SYS
2010-03-28 07:58 . 2006-10-30 16:48 11520 ----a-w- c:\windows\system32\drivers\angelusb.sys
2010-03-28 07:58 . 2006-10-30 16:48 51072 ----a-w- c:\windows\system32\drivers\ANGELNT.SYS
2010-03-28 07:58 . 2003-07-28 07:07 20480 ----a-w- c:\windows\system32\ANGELVDD.DLL
2010-03-16 14:51 . 1979-12-31 22:00 63976 ----a-w- c:\windows\system32\perfc005.dat
2010-03-16 14:51 . 1979-12-31 22:00 383832 ----a-w- c:\windows\system32\perfh005.dat
2010-03-11 12:36 . 1979-12-31 22:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 1979-12-31 22:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 1979-12-31 22:00 17408 ------w- c:\windows\system32\corpol.dll
2010-02-21 09:04 . 2010-02-21 09:04 -------- d-----w- c:\program files\KASTNER software
2010-02-07 12:52 . 2010-02-07 12:52 -------- d-----w- c:\program files\Common Files\Freedom Scientific
2010-02-07 12:52 . 2010-02-07 12:52 -------- d-----w- c:\program files\Common Files\soft602
2010-02-07 12:52 . 2010-02-07 12:52 -------- d-----w- c:\program files\Software602
2004-03-11 11:27 . 2005-10-21 13:25 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"zzzHPSETUP"="e:\setup.exe \RESET" [X]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 102491]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 692315]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-22 126976]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-14 32768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-03-25 5566464]
"nwiz"="nwiz.exe" [2005-03-25 1495040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-03-25 86016]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 77824]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-15 88202]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-04-21 188416]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-15 2893824]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2005-04-28 483328]
"eRecoveryService"="c:\program files\Acer\eRecovery\Monitor.exe" [2005-06-20 352256]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"CHotkey"="mHotkey.exe" [2004-09-21 550400]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Jarmila\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-15 384512]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

S2 Angelnt;Angelnt;c:\windows\System32\Drivers\ANGELNT.SYS [2010-03-28 51072]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://global.acer.com
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Link to &MidpX - c:\program files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
FF - ProfilePath - c:\documents and settings\Jarmila\Data aplikací\Mozilla\Firefox\Profiles\z8kqy8pd.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-03 14:25
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3164)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SOUNDMAN.EXE
c:\windows\AGRSMMSG.exe
c:\windows\system32\rundll32.exe
c:\windows\mHotkey.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\acer\eManager\anbmServ.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
.
**************************************************************************
.
Completion time: 2010-04-03 14:26:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-03 12:26
ComboFix2.txt 2010-04-03 11:39

Pre-Run: Volných bajtů: 17 880 580 096
Post-Run: Volných bajtů: 17 771 888 640

- - End Of File - - 32D7A8012E9E778163271F0AA05A0148

Tohle znáte
"zzzHPSETUP"="e:\setup.exe \RESET"

nepoznam

http://www.virustotal.com/cs/analisis/a ... 1270298459

http://www.virustotal.com/cs/analisis/e ... 1270298663

[Caroprd111]

Otevřete si Poznámkový blok a zkopírujte do něj text (z bílého políčka):

Kód: Vybrat vše

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zzzHPSETUP"=-

Nyní uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek, klik na uložit, pak na soubor standardně 2X kliknete a potvrďte dialogové okno.


Jak to vypadá s PC

[xaron]

Otevřete si Poznámkový blok a zkopírujte do něj text (z bílého políčka):

Kód: Vybrat vše

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zzzHPSETUP"=-

Nyní uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek, klik na uložit, pak na soubor standardně 2X kliknete a potvrďte dialogové okno.


Jak to vypadá s PC

hotovo
no zatial ide dobre a asi aj rychlejsie

[Caroprd111]

Poprosím o nový log z RSIT.

[xaron]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jarmila at 2010-04-03 15:17:51
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 17 GB (46%) free of 37 GB
Total RAM: 511 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:17:55, on 3. 4. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jarmila\Plocha\RSIT.exe
C:\Program Files\trend micro\Jarmila.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6235 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}]
Kwyshell MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll [2004-12-03 100864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - Kwyshell MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll [2004-12-03 100864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"=Alaunch []
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-01-07 102491]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-01-07 692315]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-18 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-18 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-01-22 126976]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-07-15 32768]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-03-25 5566464]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-03-25 86016]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-01 77824]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-04-15 88202]
"EPM-DM"=c:\acer\epm\epm-dm.exe [2005-04-21 188416]
"ePowerManagement"=C:\Acer\ePM\ePM.exe [2005-03-15 2893824]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2005-04-28 483328]
"eRecoveryService"=C:\Program Files\Acer\eRecovery\Monitor.exe [2005-06-20 352256]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2008-04-14 143872]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2004-09-21 550400]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-11-26 1629480]
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-11-26 1057064]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\Jarmila\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-01-22 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18086744-b2ad-11dc-9923-0013ce1d9ad1}]
shell\AutoRun\command - G:\RECYCLER32\dmgr.exe
shell\open\command - G:\RECYCLER32\dmgr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cb74960-39a4-11de-9a15-0013ce1d9ad1}]
shell\AutoRun\command - F:\RECYCLER32\dmgr.exe
shell\open\command - F:\RECYCLER32\dmgr.exe


======List of files/folders created in the last 1 months======

2010-04-03 14:26:40 ----D---- C:\WINDOWS\temp
2010-04-03 14:26:38 ----A---- C:\ComboFix.txt
2010-04-03 13:23:08 ----A---- C:\WINDOWS\zip.exe
2010-04-03 13:23:08 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-04-03 13:23:08 ----A---- C:\WINDOWS\SWSC.exe
2010-04-03 13:23:08 ----A---- C:\WINDOWS\SWREG.exe
2010-04-03 13:23:08 ----A---- C:\WINDOWS\sed.exe
2010-04-03 13:23:08 ----A---- C:\WINDOWS\PEV.exe
2010-04-03 13:23:08 ----A---- C:\WINDOWS\NIRCMD.exe
2010-04-03 13:23:08 ----A---- C:\WINDOWS\MBR.exe
2010-04-03 13:23:08 ----A---- C:\WINDOWS\grep.exe
2010-04-03 13:23:03 ----D---- C:\WINDOWS\ERDNT
2010-04-03 13:18:49 ----D---- C:\Qoobox
2010-04-03 10:51:26 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-03 09:56:18 ----D---- C:\Program Files\Alwil Software
2010-04-03 09:56:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-04-03 09:40:41 ----D---- C:\rsit
2010-04-03 09:40:41 ----D---- C:\Program Files\trend micro
2010-03-28 09:58:20 ----D---- C:\WINDOWS\Binaries
2010-03-27 17:49:15 ----D---- C:\Program Files\šetric KROS auto
2010-03-12 18:21:34 ----HD---- C:\WINDOWS\$NtUninstallKB977165-v2$
2010-03-12 18:21:23 ----HD---- C:\WINDOWS\$NtUninstallKB975561$

======List of files/folders modified in the last 1 months======

2010-04-03 14:25:46 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt
2010-04-03 14:25:12 ----N---- C:\WINDOWS\system32\eRLog.ini
2010-04-03 14:23:26 ----A---- C:\WINDOWS\system.ini
2010-04-03 14:16:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-30 19:21:32 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-28 09:58:16 ----A---- C:\WINDOWS\system32\ANGELVDD.DLL
2010-03-16 16:51:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-12 18:21:44 ----A---- C:\WINDOWS\imsins.BAK
2010-03-12 18:21:10 ----A---- C:\WINDOWS\system32\MRT.INI
2010-03-11 14:36:24 ----N---- C:\WINDOWS\system32\pngfilt.dll
2010-03-11 14:36:24 ----N---- C:\WINDOWS\system32\occache.dll
2010-03-11 14:36:24 ----N---- C:\WINDOWS\system32\mstime.dll
2010-03-11 14:36:24 ----N---- C:\WINDOWS\system32\msrating.dll
2010-03-11 14:36:24 ----N---- C:\WINDOWS\system32\mshtmled.dll
2010-03-11 14:36:24 ----A---- C:\WINDOWS\system32\wininet.dll
2010-03-11 14:36:24 ----A---- C:\WINDOWS\system32\webcheck.dll
2010-03-11 14:36:24 ----A---- C:\WINDOWS\system32\urlmon.dll
2010-03-11 14:36:24 ----A---- C:\WINDOWS\system32\url.dll
2010-03-11 14:36:24 ----A---- C:\WINDOWS\system32\mshtml.dll
2010-03-11 14:36:22 ----N---- C:\WINDOWS\system32\jsproxy.dll
2010-03-11 14:36:22 ----N---- C:\WINDOWS\system32\iernonce.dll
2010-03-11 14:36:22 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2010-03-11 14:36:22 ----N---- C:\WINDOWS\system32\ieaksie.dll
2010-03-11 14:36:22 ----N---- C:\WINDOWS\system32\ieakeng.dll
2010-03-11 14:36:22 ----N---- C:\WINDOWS\system32\extmgr.dll
2010-03-11 14:36:22 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2010-03-11 14:36:22 ----A---- C:\WINDOWS\system32\msfeeds.dll
2010-03-11 14:36:22 ----A---- C:\WINDOWS\system32\iertutil.dll
2010-03-11 14:36:22 ----A---- C:\WINDOWS\system32\iepeers.dll
2010-03-11 14:36:22 ----A---- C:\WINDOWS\system32\ieframe.dll
2010-03-11 14:36:22 ----A---- C:\WINDOWS\system32\ieencode.dll
2010-03-11 14:36:22 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2010-03-11 14:36:22 ----A---- C:\WINDOWS\system32\icardie.dll
2010-03-11 14:36:20 ----N---- C:\WINDOWS\system32\dxtrans.dll
2010-03-11 14:36:20 ----N---- C:\WINDOWS\system32\dxtmsft.dll
2010-03-11 14:36:20 ----N---- C:\WINDOWS\system32\corpol.dll
2010-03-11 14:36:20 ----A---- C:\WINDOWS\system32\advpack.dll
2010-03-10 15:17:16 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2010-03-10 15:17:16 ----A---- C:\WINDOWS\system32\ieudinit.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-11-26 36776]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-11-26 38440]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R2 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2010-03-28 51072]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 int15.sys;int15.sys; \??\C:\Program Files\Acer\eRecovery\int15.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-18 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-18 55936]
R2 osanbm;osanbm; C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 4010]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-04-15 1073375]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-01 2300928]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-12-06 126720]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2005-01-13 57984]
R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2005-02-21 36992]
R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2005-01-26 330368]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-10-20 6144]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-03-25 3449216]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-06-16 46080]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-01-07 191456]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-29 3222784]
R4 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys []
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-11-26 118952]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-01-22 804317]
S3 mbr;mbr; \??\C:\DOCUME~1\Jarmila\LOCALS~1\Temp\mbr.sys []
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20040813.178\symidsco.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 anbmService;Notebook Manager Service; C:\Acer\eManager\anbmServ.exe [2004-08-16 1287168]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-11-26 1554728]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-03-25 127042]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

[Caroprd111]

Měl jste při skenu ComboFixem v PC všechny přenosné paměťové zařízení (SD karty, flash disky atd.)

[xaron]

ano 2x USB kluc

[Caroprd111]

Vložte do PC všechny flash disky, které používáte.

Stáhněte na plochu UsbFix http://pagesperso-orange.fr/NosTools/Ch ... UsbFix.exe

• Spusťte, poté zvolte jazyk E - Enter
• Zvolte 1 - Enter
• Po dokončení na Vás vyskočí log, vložte mi ho sem, případně ho najdete v C:\UsbFix.txt

[xaron]

############################## | UsbFix V6.100 |

User : Jarmila (Administrators) # ACER-078000C74C
Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 15:41:02 | 3. 4. 2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Pentium(R) M processor 1.73GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled

C:\ -> Místní pevný disk # 36,09 Go (16,61 Go free) [ACER] # FAT32
D:\ -> Místní pevný disk # 36,47 Go (36,46 Go free) [ACERDATA] # FAT32
E:\ -> Disk CD-ROM
F:\ -> Vyměnitelný disk # 3,72 Go (3,59 Go free) [KINGSTON] # FAT32
G:\ -> Vyměnitelný disk # 1,87 Go (1,86 Go free) # FAT

################## | Files # Infected Folders |

C:\WINDOWS\antiv.exe
F:\autorun.inf -> Called file : "F:\RECYCLER32\dmgr.exe" ( Found ! )
F:\autorun.inf
G:\autorun.inf -> Called file : "G:\RECYCLER32\dmgr.exe" ( Found ! )
G:\autorun.inf

################## | Registry |

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{18086744-b2ad-11dc-9923-0013ce1d9ad1}
Shell\AutoRun\command =G:\RECYCLER32\dmgr.exe
Shell\open\command =G:\RECYCLER32\dmgr.exe

HKCU\..\..\Explorer\MountPoints2\{7cb74960-39a4-11de-9a15-0013ce1d9ad1}
Shell\AutoRun\command =F:\RECYCLER32\dmgr.exe
Shell\open\command =F:\RECYCLER32\dmgr.exe

################## | Vaccin |


################## | ! End of report # UsbFix V6.100 ! |