problém s notebookem

[Vasek2]

Tak jsem ho celej přeinstaloval, ale fungoval asi měsíc. A zase je to na houby. Jakmile zapnu Moillu Firefox, tak se mě to zpomalí. Začne si to brát 98% CPU paměti, a je to v háji. Seká se to, a nejde skoro vůbec pracovat. Já už nevím co s tím.

[Vasek2]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Vašek at 2010-04-12 17:52:36
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 6 GB (24%) free of 27 GB
Total RAM: 502 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:54:09, on 12.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Vašek\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Vašek.exe
c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=15561&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MIF269~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

--
End of file - 9340 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Driver Fetch.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\MpIdleTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"preload"=C:\Windows\RUNXMLPL.exe [2005-05-19 32768]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-01-23 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-01-23 126976]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-04-15 77824]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-04 102490]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-02-04 708698]
"EPM-DM"=c:\acer\epm\epm-dm.exe [2005-06-01 192512]
"ePowerManagement"=C:\Acer\ePM\ePM.exe [2005-03-15 2893824]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-18 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-18 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-07-15 32768]
"LaunchAp"=C:\Program Files\Launch Manager\LaunchAp.exe [2005-07-25 32768]
"PowerKey"=C:\Program Files\Launch Manager\PowerKey.exe [2002-08-30 94208]
"LManager"=C:\Program Files\Launch Manager\HotkeyApp.exe [2005-06-06 69632]
"CtrlVol"=C:\Program Files\Launch Manager\CtrlVol.exe [2003-09-16 20480]
"LMgrOSD"=C:\Program Files\Launch Manager\OSDCtrl.exe [2005-07-25 241664]
"Wbutton"=C:\Program Files\Launch Manager\Wbutton.exe [2005-07-25 81920]
"eRecoveryService"=C:\Program Files\Acer\eRecovery\Monitor.exe [2005-06-29 352256]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-02-21 1093208]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-03-09 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE_WMPWMP7_Install_1]
C:\Program Files\Windows Media Player\migrate.exe [2008-04-14 786432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Vašek^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~4\Office12\ONENOTEM.EXE [2008-10-25 98696]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
AVerQuick.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-01-23 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\groove.exe"="C:\Program Files\Microsoft Office\Office12\groove.exe:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe92397c-3a2a-11df-b478-000ae4eb96ab}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL s.exe


======List of files/folders created in the last 1 months======

2010-04-12 17:45:25 ----D---- C:\Program Files\trend micro
2010-04-12 17:44:58 ----D---- C:\rsit
2010-04-11 17:33:13 ----D---- C:\Documents and Settings\Vašek\Data aplikací\Opera
2010-04-11 17:27:34 ----D---- C:\Program Files\Opera
2010-04-11 07:17:51 ----D---- C:\610910758553aea689d1
2010-04-07 06:10:37 ----HD---- C:\WINDOWS\$NtUninstallKB941569$
2010-04-07 06:09:03 ----HD---- C:\WINDOWS\$NtUninstallKB929399$
2010-04-07 06:06:55 ----HD---- C:\WINDOWS\$NtUninstallKB939683$
2010-04-07 06:04:31 ----HD---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2010-04-06 17:13:42 ----SHD---- C:\FOUND.001
2010-04-06 17:06:57 ----A---- C:\WINDOWS\system32\PsisDecd.dll
2010-04-06 17:06:25 ----A---- C:\WINDOWS\system32\TVRate.dll
2010-04-06 17:06:25 ----A---- C:\WINDOWS\system32\34CoInstaller.dll
2010-04-06 17:03:55 ----R---- C:\WINDOWS\system32\AVerIO.dll
2010-04-06 17:03:37 ----R---- C:\WINDOWS\system32\CardID.dll
2010-04-06 17:03:14 ----R---- C:\WINDOWS\system32\sptlib02.dll
2010-04-06 17:03:14 ----R---- C:\WINDOWS\system32\sptlib01.dll
2010-04-06 17:02:24 ----D---- C:\Program Files\Common Files\AVerMedia
2010-04-06 17:02:24 ----D---- C:\Program Files\AVerMedia
2010-04-05 16:45:18 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-04-05 16:45:16 ----HD---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2010-04-05 16:44:20 ----D---- C:\Program Files\Windows Media Connect 2
2010-04-05 16:43:50 ----HD---- C:\WINDOWS\$NtUninstallwmp11$
2010-04-05 16:41:08 ----HD---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-04-05 16:39:33 ----D---- C:\WINDOWS\system32\LogFiles
2010-04-05 16:39:19 ----HD---- C:\WINDOWS\$NtUninstallWudf01000$
2010-04-05 14:21:02 ----HD---- C:\WINDOWS\$NtUninstallKB980182$
2010-03-29 17:21:12 ----A---- C:\WINDOWS\twspmm.ini
2010-03-29 17:21:10 ----D---- C:\Program Files\SPCA1528
2010-03-29 17:18:08 ----D---- C:\Program Files\Ask.com
2010-03-29 17:09:01 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2010-03-29 16:38:38 ----D---- C:\Program Files\SplitCam
2010-03-28 10:59:23 ----D---- C:\Documents and Settings\Vašek\Data aplikací\Google
2010-03-28 10:49:39 ----D---- C:\Program Files\Google
2010-03-28 07:08:51 ----A---- C:\WINDOWS\system32\msjint35.dll
2010-03-28 07:08:51 ----A---- C:\WINDOWS\system32\msexch35.dll
2010-03-28 07:08:48 ----A---- C:\WINDOWS\system32\msxbse35.dll
2010-03-28 07:08:48 ----A---- C:\WINDOWS\system32\mstext35.dll
2010-03-28 07:08:47 ----A---- C:\WINDOWS\system32\msrd2x35.dll
2010-03-28 07:08:45 ----A---- C:\WINDOWS\system32\mspdox35.dll
2010-03-28 07:08:45 ----A---- C:\WINDOWS\system32\msltus35.dll
2010-03-28 07:08:39 ----A---- C:\WINDOWS\system32\msjt4jlt.dll
2010-03-28 07:08:37 ----A---- C:\WINDOWS\system32\msjet35.dll
2010-03-28 07:08:37 ----A---- C:\WINDOWS\system32\msexcl35.dll
2010-03-28 07:08:35 ----A---- C:\WINDOWS\system32\VBAR332.DLL
2010-03-28 07:08:35 ----A---- C:\WINDOWS\system32\msrpfs35.dll
2010-03-28 07:08:34 ----A---- C:\WINDOWS\system32\msrepl35.dll
2010-03-28 07:08:34 ----A---- C:\WINDOWS\system32\msjter35.dll
2010-03-28 07:08:34 ----A---- C:\WINDOWS\system32\JETCOMP.exe
2010-03-28 07:08:33 ----A---- C:\WINDOWS\system32\odbctl32.dll
2010-03-28 07:05:44 ----D---- C:\Program Files\PRUFTECHNIK
2010-03-23 20:40:45 ----D---- C:\HLIDAMSI
2010-03-23 20:26:31 ----D---- C:\Program Files\hlidamsi
2010-03-21 18:15:22 ----D---- C:\OziExplorer
2010-03-16 20:28:56 ----SHD---- C:\FOUND.000
2010-03-16 19:57:32 ----D---- C:\Program Files\ESET
2010-03-16 19:14:40 ----D---- C:\WINDOWS\Prefetch
2010-03-16 15:26:17 ----HD---- C:\WINDOWS\$NtUninstallKB951978$
2010-03-16 15:25:30 ----HD---- C:\WINDOWS\$NtUninstallKB956744$
2010-03-16 15:20:15 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-03-16 15:20:13 ----D---- C:\WINDOWS\pss
2010-03-16 15:20:05 ----HD---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-03-16 15:17:42 ----D---- C:\Program Files\CCleaner
2010-03-15 20:09:44 ----HD---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-15 20:09:13 ----HD---- C:\WINDOWS\$NtUninstallKB977165-v2$
2010-03-15 20:08:45 ----HD---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-03-15 20:08:23 ----HD---- C:\WINDOWS\$NtUninstallKB959426$
2010-03-15 20:07:59 ----HD---- C:\WINDOWS\$NtUninstallKB946648$
2010-03-15 20:07:37 ----HD---- C:\WINDOWS\$NtUninstallKB956803$
2010-03-15 20:07:22 ----HD---- C:\WINDOWS\$NtUninstallKB971468$
2010-03-15 20:07:01 ----HD---- C:\WINDOWS\$NtUninstallKB955759$
2010-03-15 20:06:41 ----HD---- C:\WINDOWS\$NtUninstallKB972270$
2010-03-15 20:06:10 ----HD---- C:\WINDOWS\$NtUninstallKB956572$
2010-03-15 20:05:39 ----HD---- C:\WINDOWS\$NtUninstallKB956844$
2010-03-15 20:05:21 ----HD---- C:\WINDOWS\$NtUninstallKB978251$
2010-03-15 20:04:58 ----HD---- C:\WINDOWS\$NtUninstallKB973869$
2010-03-15 20:04:36 ----HD---- C:\WINDOWS\$NtUninstallKB975560$
2010-03-15 20:04:05 ----HD---- C:\WINDOWS\$NtUninstallKB970430$
2010-03-15 20:03:36 ----HD---- C:\WINDOWS\$NtUninstallKB973687$
2010-03-15 20:03:06 ----HD---- C:\WINDOWS\$NtUninstallKB950762$
2010-03-15 20:02:50 ----HD---- C:\WINDOWS\$NtUninstallKB952287$
2010-03-15 20:02:28 ----HD---- C:\WINDOWS\$NtUninstallKB971737$
2010-03-15 20:02:03 ----HD---- C:\WINDOWS\$NtUninstallKB973354$
2010-03-15 20:01:25 ----HD---- C:\WINDOWS\$NtUninstallKB967715$
2010-03-15 20:00:53 ----HD---- C:\WINDOWS\$NtUninstallKB951066$
2010-03-15 20:00:34 ----HD---- C:\WINDOWS\$NtUninstallKB951748$
2010-03-15 20:00:13 ----HD---- C:\WINDOWS\$NtUninstallKB970238$
2010-03-15 19:59:55 ----HD---- C:\WINDOWS\$NtUninstallKB971486$
2010-03-15 19:59:41 ----HD---- C:\WINDOWS\$NtUninstallKB978706$
2010-03-15 19:59:24 ----HD---- C:\WINDOWS\$NtUninstallKB973815$
2010-03-15 19:59:09 ----HD---- C:\WINDOWS\$NtUninstallKB958644$
2010-03-15 19:58:48 ----HD---- C:\WINDOWS\$NtUninstallKB973687_1$
2010-03-15 19:58:27 ----HD---- C:\WINDOWS\$NtUninstallKB955069$
2010-03-15 19:57:54 ----HD---- C:\WINDOWS\$NtUninstallKB923561$
2010-03-15 19:57:28 ----HD---- C:\WINDOWS\$NtUninstallKB975467$
2010-03-15 19:56:49 ----HD---- C:\WINDOWS\$NtUninstallKB968389$
2010-03-15 19:56:20 ----HD---- C:\WINDOWS\$NtUninstallKB975713$
2010-03-15 19:55:53 ----HD---- C:\WINDOWS\$NtUninstallKB952954$
2010-03-15 19:55:38 ----HD---- C:\WINDOWS\$NtUninstallKB960859$
2010-03-15 19:55:11 ----HD---- C:\WINDOWS\$NtUninstallKB978207$
2010-03-15 19:54:44 ----HD---- C:\WINDOWS\$NtUninstallKB974318$
2010-03-15 19:54:15 ----HD---- C:\WINDOWS\$NtUninstallKB969059$
2010-03-15 19:53:52 ----HD---- C:\WINDOWS\$NtUninstallKB950974$
2010-03-15 19:53:30 ----HD---- C:\WINDOWS\$NtUninstallKB971657$
2010-03-15 19:53:10 ----HD---- C:\WINDOWS\$NtUninstallKB960225$
2010-03-15 19:52:46 ----HD---- C:\WINDOWS\$NtUninstallKB974112$
2010-03-15 19:52:26 ----HD---- C:\WINDOWS\$NtUninstallKB961501$
2010-03-15 19:52:02 ----HD---- C:\WINDOWS\$NtUninstallKB974571$
2010-03-15 19:51:35 ----HD---- C:\WINDOWS\$NtUninstallKB973507$
2010-03-15 19:51:05 ----HD---- C:\WINDOWS\$NtUninstallKB974392$
2010-03-15 19:49:59 ----HD---- C:\WINDOWS\$NtUninstallKB975025$
2010-03-15 19:43:55 ----HD---- C:\WINDOWS\$NtUninstallKB977914$
2010-03-15 19:39:05 ----HD---- C:\WINDOWS\$NtUninstallKB960803$
2010-03-15 19:33:26 ----HD---- C:\WINDOWS\$NtUninstallKB956802$
2010-03-15 19:27:54 ----HD---- C:\WINDOWS\$NtUninstallKB978037$
2010-03-15 19:22:14 ----HD---- C:\WINDOWS\$NtUninstallKB952004$
2010-03-15 19:16:29 ----HD---- C:\WINDOWS\$NtUninstallKB969947$
2010-03-15 18:55:06 ----D---- C:\WINDOWS\system32\cs-cz
2010-03-15 18:55:01 ----D---- C:\WINDOWS\l2schemas
2010-03-15 18:54:59 ----D---- C:\WINDOWS\system32\cs
2010-03-15 18:54:59 ----D---- C:\WINDOWS\system32\bits
2010-03-15 18:22:08 ----D---- C:\WINDOWS\network diagnostic
2010-03-15 18:03:59 ----HD---- C:\WINDOWS\$NtServicePackUninstall$
2010-03-15 18:03:45 ----D---- C:\WINDOWS\EHome
2010-03-15 15:35:08 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-03-15 15:32:11 ----A---- C:\WINDOWS\system32\hidserv.dll

======List of files/folders modified in the last 1 months======

2010-04-12 17:39:44 ----N---- C:\WINDOWS\system32\eRLog.ini
2010-04-12 17:38:38 ----A---- C:\WINDOWS\ModemLog_SoftV90 Data Fax Modem with SmartCP.txt
2010-04-12 16:56:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-05 16:44:40 ----A---- C:\WINDOWS\win.ini
2010-03-28 07:09:06 ----A---- C:\WINDOWS\ODBC.INI
2010-03-28 07:09:00 ----A---- C:\WINDOWS\ODBCINST.INI
2010-03-25 18:33:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Hotkey;Hotkey; C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 9867]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-12-02 149040]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 int15.sys;int15.sys; \??\C:\Program Files\Acer\eRecovery\int15.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 osanbm;osanbm; \??\C:\WINDOWS\system32\drivers\osanbm.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
R3 BCM43XX;Broadcom 802.11 ovladač síťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-12-22 369024]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-12-15 207232]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-01-23 804317]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2010-03-07 6144]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-03-07 47360]
R3 POWERKEY;POWERKEY; \??\C:\Program Files\Launch Manager\POWERKEY.sys []
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-12-02 70912]
R3 SPLITCAM;Splitcam, WDM Camera Stream Splitter; C:\WINDOWS\system32\DRIVERS\splitcam.sys [2010-03-29 13824]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-02-04 193216]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
S1 mailKmd;mailKmd; C:\WINDOWS\system32\drivers\mailKmd.sys []
S1 Wbutton;Wbutton; C:\WINDOWS\system32\drivers\Wbutton.sys []
S2 Ca1528av;SPCA1528 Video Camera Service; C:\WINDOWS\System32\Drivers\Ca1528av.sys [2008-12-16 516480]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service; C:\WINDOWS\system32\DRIVERS\AVerBDA3x.sys [2006-11-14 1180544]
S3 Bulk1528;SPCA1528 Still Camera Service; C:\WINDOWS\System32\Drivers\Bulk1528.sys [2008-06-27 11648]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 anbmService;Notebook Manager Service; C:\Acer\eManager\anbmServ.exe [2005-06-06 1273344]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-12-09 17904]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-28 136176]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-03-07 651720]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

[motji]

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe


- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

[Vasek2]

ComboFix 10-04-12.01 - Vašek 12.04.2010 18:25:47.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.502.162 [GMT 2:00]
Spuštěný z: c:\documents and settings\Vašek\Dokumenty\Stažené soubory\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\system32\autorun.ini

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-12 do 2010-04-12 )))))))))))))))))))))))))))))))
.

2010-04-12 15:45 . 2010-04-12 15:45 -------- d-----w- c:\program files\trend micro
2010-04-12 15:44 . 2010-04-12 15:45 -------- d-----w- C:\rsit
2010-04-11 15:27 . 2010-04-11 15:27 -------- d-----w- c:\program files\Opera
2010-04-11 05:17 . 2010-04-11 05:17 -------- d-----w- C:\610910758553aea689d1
2010-04-06 15:13 . 2010-04-06 15:13 -------- d-----w- C:\FOUND.001
2010-04-06 15:08 . 2008-04-13 17:46 15232 ----a-w- c:\windows\system32\drivers\MPE.sys
2010-04-06 15:08 . 2008-04-13 17:46 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2010-04-06 15:06 . 2008-04-14 02:21 363520 ----a-w- c:\windows\system32\PsisDecd.dll
2010-04-06 15:06 . 2008-04-14 02:21 363520 ----a-w- c:\windows\system32\dllcache\psisdecd.dll
2010-04-06 15:06 . 2008-04-13 17:46 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys
2010-04-06 15:06 . 2008-04-13 17:46 11776 ----a-w- c:\windows\system32\dllcache\bdasup.sys
2010-04-06 15:06 . 2006-11-14 09:11 1180544 ----a-w- c:\windows\system32\drivers\AVerBDA3x.sys
2010-04-06 15:06 . 2006-08-03 09:14 81920 ----a-w- c:\windows\system32\TVRate.dll
2010-04-06 15:06 . 2006-01-24 08:12 3072 ----a-w- c:\windows\system32\34CoInstaller.dll
2010-04-06 15:03 . 2005-04-28 11:08 49152 ------r- c:\windows\system32\AVerIO.dll
2010-04-06 15:03 . 2005-04-28 11:08 3456 ------r- c:\windows\system32\AVerIO.sys
2010-04-06 15:03 . 2006-12-08 16:51 65536 ------r- c:\windows\system32\CardID.dll
2010-04-06 15:03 . 2006-11-17 19:35 262144 ------r- c:\windows\system32\sptlib01.dll
2010-04-06 15:03 . 2006-05-09 18:38 249856 ------r- c:\windows\system32\sptlib02.dll
2010-04-06 15:02 . 2010-04-06 15:02 -------- d-----w- c:\program files\Common Files\AVerMedia
2010-04-06 15:02 . 2010-04-06 15:02 -------- d-----w- c:\program files\AVerMedia
2010-04-05 20:02 . 2001-10-24 09:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-04-05 20:02 . 2001-10-24 09:54 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2010-04-05 14:44 . 2010-04-05 14:44 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-05 14:39 . 2010-04-05 14:39 -------- d-----w- c:\windows\system32\LogFiles
2010-04-05 14:39 . 2010-04-05 14:39 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-03-31 03:53 . 2008-04-13 17:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-03-31 03:51 . 2008-04-13 17:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-03-31 03:50 . 2008-04-13 17:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-03-31 03:49 . 2008-04-13 17:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-03-31 03:48 . 2008-04-13 17:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-03-29 15:21 . 2008-12-16 13:44 516480 ----a-w- c:\windows\system32\drivers\Ca1528av.sys
2010-03-29 15:21 . 2008-06-27 14:41 11648 ----a-w- c:\windows\system32\drivers\Bulk1528.sys
2010-03-29 15:21 . 2002-01-19 13:33 131072 ----a-w- c:\windows\system\SP5X_32.DLL
2010-03-29 15:21 . 2010-03-29 15:21 -------- d-----w- c:\program files\SPCA1528
2010-03-29 15:18 . 2010-03-29 15:18 -------- d-----w- c:\program files\Ask.com
2010-03-29 15:12 . 2008-04-13 17:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-03-29 15:10 . 2008-04-13 17:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-03-29 15:09 . 2008-04-14 02:22 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-03-29 15:09 . 2008-04-14 02:22 54272 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-03-29 15:08 . 2010-03-29 15:08 13824 ----a-w- c:\windows\system32\drivers\splitcam.sys
2010-03-29 14:38 . 2010-03-29 14:38 -------- d-----w- c:\program files\SplitCam
2010-03-28 08:49 . 2010-03-28 08:49 -------- d-----w- c:\program files\Google
2010-03-28 05:05 . 2010-03-28 05:05 -------- d-----w- c:\program files\PRUFTECHNIK
2010-03-27 07:20 . 2010-03-27 07:20 -------- d-----w- c:\documents and settings\Kačka
2010-03-23 18:40 . 2010-03-23 18:40 -------- d-----w- C:\HLIDAMSI
2010-03-23 18:26 . 2010-03-23 18:26 -------- d-----w- c:\program files\hlidamsi
2010-03-21 16:15 . 2010-03-21 16:15 -------- d-----w- C:\OziExplorer
2010-03-16 18:28 . 2010-03-16 18:28 -------- d-----w- C:\FOUND.000
2010-03-16 17:57 . 2010-03-16 17:57 -------- d-----w- c:\program files\ESET
2010-03-16 13:20 . 2008-04-14 02:22 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-03-16 13:17 . 2010-03-16 13:17 -------- d-----w- c:\program files\CCleaner
2010-03-15 23:20 . 2009-08-13 14:24 512000 ------w- c:\windows\system32\dllcache\jscript.dll
2010-03-15 16:55 . 2010-03-15 16:55 -------- d-----w- c:\windows\system32\cs-cz
2010-03-15 16:55 . 2010-03-15 16:55 -------- d-----w- c:\windows\l2schemas
2010-03-15 16:54 . 2010-03-15 16:55 -------- d-----w- c:\windows\system32\cs
2010-03-15 16:54 . 2010-03-15 16:55 -------- d-----w- c:\windows\system32\bits
2010-03-15 16:03 . 2010-03-15 16:03 -------- d-----w- c:\windows\EHome
2010-03-15 13:35 . 2010-02-12 09:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-15 13:32 . 2008-04-14 02:21 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-03-15 04:04 . 2008-04-14 01:29 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-03-15 04:04 . 2008-04-13 17:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-03-15 04:04 . 2008-04-13 17:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-25 16:33 . 1979-12-31 22:00 47230 ----a-w- c:\windows\system32\perfc005.dat
2010-03-25 16:33 . 1979-12-31 22:00 311548 ----a-w- c:\windows\system32\perfh005.dat
2010-03-15 17:07 . 2004-09-17 10:11 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-15 17:07 . 2004-09-17 10:11 2684 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-09 19:37 . 2010-03-09 19:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-09 19:14 . 2010-03-09 19:14 -------- d-----w- c:\program files\Java
2010-03-09 19:14 . 2010-03-09 19:14 -------- d-----w- c:\program files\Common Files\Java
2010-03-09 13:18 . 2010-03-09 13:18 -------- d-----w- c:\program files\MSXML 4.0
2010-03-07 18:58 . 2010-03-07 18:58 -------- d-----w- c:\program files\Microsoft.NET
2010-03-07 18:56 . 2010-03-07 18:56 -------- d-----w- c:\program files\Microsoft Office2003
2010-03-07 18:47 . 2010-03-07 18:47 -------- d-----w- c:\program files\VideoLAN
2010-03-07 18:44 . 2010-03-07 18:44 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-03-07 18:44 . 2010-03-07 18:44 -------- d-----w- c:\program files\VSO
2010-03-07 18:38 . 2010-03-07 18:38 -------- d-----w- c:\program files\TT
2010-03-07 11:46 . 2010-03-07 11:46 -------- d-----w- c:\program files\Nero
2010-03-07 11:46 . 2010-03-07 11:46 -------- d-----w- c:\program files\Common Files\Nero
2010-03-07 10:30 . 2010-03-07 10:30 -------- d-----w- c:\program files\Microsoft Works
2010-03-07 10:30 . 2010-03-07 10:30 -------- d-----w- c:\program files\MSBuild
2010-03-07 10:18 . 2010-03-07 10:18 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-03-07 10:07 . 2010-03-07 10:07 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-07 10:01 . 2010-03-07 10:01 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-03-07 09:50 . 2010-03-07 09:50 -------- d-----w- c:\program files\TotalUninstallPortable
2010-03-07 09:38 . 2010-03-07 09:38 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-03-07 09:38 . 2010-03-07 09:38 -------- d-----w- c:\program files\ACD Systems
2010-03-07 08:32 . 2010-03-07 08:32 -------- d-----w- c:\program files\TotalCommanderPortable
2010-03-07 07:54 . 2010-03-07 07:54 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-07 07:50 . 2010-03-07 07:50 0 ----a-w- c:\windows\nsreg.dat
2010-03-07 07:44 . 2005-07-13 09:32 1024 ---h--r- c:\windows\system32\NTIBUN4.dll
2010-03-07 07:44 . 2005-07-13 09:32 1024 ---h--r- c:\windows\system32\NTIMPEG2.dll
2010-03-07 07:44 . 2005-07-13 09:32 1024 ---h--r- c:\windows\system32\NTIMP3.dll
2010-03-07 07:44 . 2005-07-13 09:32 1024 ---h--r- c:\windows\system32\NTIFCD3.dll
2010-03-07 07:44 . 2005-07-13 09:32 1024 ---h--r- c:\windows\system32\NTICDMK7.dll
2010-03-07 07:44 . 2005-07-13 09:31 6144 ----a-w- c:\windows\system32\drivers\NTIDrvr.sys
2010-03-07 07:42 . 2010-03-07 07:42 -------- d-----w- c:\program files\acer
2010-03-07 07:41 . 2010-03-07 07:41 -------- d-----w- c:\program files\Launch Manager
2010-02-26 05:44 . 1979-12-31 22:00 668160 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 1979-12-31 22:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 08:16 . 2010-03-07 07:59 181632 ------w- c:\windows\system32\MpSigStub.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 102490]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 708698]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-06-01 192512]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-15 2893824]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-14 32768]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-06-06 69632]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-07-25 81920]
"eRecoveryService"="c:\program files\Acer\eRecovery\Monitor.exe" [2005-06-29 352256]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-09 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2010-4-6 581632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Vašek^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\Vašek\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 00:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE_WMPWMP7_Install_1]
2008-04-14 02:22 786432 ----a-w- c:\program files\Windows Media Player\migrate.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [7.3.2010 9:41 2343]
S1 mailKmd;mailKmd; [x]
S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\drivers\Ca1528av.sys [29.3.2010 17:21 516480]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28.3.2010 10:49 136176]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [6.4.2010 17:06 1180544]
S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\drivers\Bulk1528.sys [29.3.2010 17:21 11648]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 08:49]

2010-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 08:49]

2010-04-12 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 14:50]

2010-04-12 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 16:02]

2010-04-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 16:02]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=15561&l=dis
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MIF269~1\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\documents and settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\kckatjec.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BLT&o=15558&locale=en_EU&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-12 18:30
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-04-12 18:32:07
ComboFix-quarantined-files.txt 2010-04-12 16:32

Před spuštěním: 6 548 635 648
Po spuštění: 6 520 668 160

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 634F068EB17C517417FDAD90049A7A81

[motji]

Změnilo se něco?

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Folder::
C:\FOUND.000
c:\program files\Ask.com
C:\FOUND.001

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

Driver::
mailKmd

DDS::
uStart Page = hxxp://eu.ask.com?o=15561&l=dis
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/

Firefox::
FF - ProfilePath - c:\documents and settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\kckatjec.default\
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... e=en_EU&q=

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci


Dejte soubor otestovat na http://www.virustotal.com

c:\windows\system32\wmpns.dll

-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače


Tuto složku znáte?
C:\HLIDAMSI
c:\program files\hlidamsi
C:\OziExplorer


start-spustit - napište chkdsk /f/r
-[enter]
souhlas - restartuje se pc a nechá se disk zkontrolovat

[Vasek2]

ComboFix 10-04-12.01 - Vašek 13.04.2010 17:14:04.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.502.270 [GMT 2:00]
Spuštěný z: c:\documents and settings\Vašek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Vašek\Plocha\CFScript.txt.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\system32\autorun.ini

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_mailKmd


((((((((((((((((((((((((( Soubory vytvořené od 2010-03-13 do 2010-04-13 )))))))))))))))))))))))))))))))
.

2010-04-12 19:05 . 2010-04-12 19:05 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-12 19:04 . 2010-04-12 19:04 -------- d-----w- C:\b4b11989d7c26c126b91cd5cb3
2010-04-12 19:03 . 2010-04-12 19:03 -------- d-----w- c:\windows\system32\LogFiles
2010-04-12 19:03 . 2010-04-12 19:03 -------- d-----w- c:\program files\SPCA1528
2010-04-12 19:00 . 2010-04-12 19:00 -------- d-----w- c:\windows\LastGood(2).Tmp
2010-04-12 15:45 . 2010-04-12 15:45 -------- d-----w- c:\program files\trend micro
2010-04-12 15:44 . 2010-04-12 15:45 -------- d-----w- C:\rsit
2010-04-11 15:27 . 2010-04-11 15:27 -------- d-----w- c:\program files\Opera
2010-04-11 05:17 . 2010-04-11 05:17 -------- d-----w- C:\610910758553aea689d1
2010-04-06 15:13 . 2010-04-06 15:13 -------- d-----w- C:\FOUND.001
2010-04-06 15:02 . 2010-04-06 15:02 -------- d-----w- c:\program files\Common Files\AVerMedia
2010-04-06 15:02 . 2010-04-06 15:02 -------- d-----w- c:\program files\AVerMedia
2010-04-05 20:02 . 2001-10-24 09:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-04-05 20:02 . 2001-10-24 09:54 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2010-04-05 14:44 . 2010-04-05 14:44 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-05 14:39 . 2010-04-05 14:39 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-03-31 03:53 . 2008-04-13 17:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-03-31 03:51 . 2008-04-13 17:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-03-31 03:50 . 2008-04-13 17:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-03-31 03:49 . 2008-04-13 17:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-03-31 03:48 . 2008-04-13 17:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-03-29 15:21 . 2008-12-16 13:44 516480 ----a-w- c:\windows\system32\drivers\Ca1528av.sys
2010-03-29 15:21 . 2008-06-27 14:41 11648 ----a-w- c:\windows\system32\drivers\Bulk1528.sys
2010-03-29 15:21 . 2002-01-19 13:33 131072 ----a-w- c:\windows\system\SP5X_32.DLL
2010-03-29 15:18 . 2010-03-29 15:18 -------- d-----w- c:\program files\Ask.com
2010-03-29 15:12 . 2008-04-13 17:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-03-29 15:10 . 2008-04-13 17:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-03-29 15:09 . 2008-04-14 02:22 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-03-29 15:08 . 2010-03-29 15:08 13824 ----a-w- c:\windows\system32\drivers\splitcam.sys
2010-03-29 14:38 . 2010-03-29 14:38 -------- d-----w- c:\program files\SplitCam
2010-03-28 08:49 . 2010-03-28 08:49 -------- d-----w- c:\program files\Google
2010-03-28 05:05 . 2010-03-28 05:05 -------- d-----w- c:\program files\PRUFTECHNIK
2010-03-27 07:20 . 2010-03-27 07:20 -------- d-----w- c:\documents and settings\Kačka
2010-03-23 18:40 . 2010-03-23 18:40 -------- d-----w- C:\HLIDAMSI
2010-03-23 18:26 . 2010-03-23 18:26 -------- d-----w- c:\program files\hlidamsi
2010-03-21 16:15 . 2010-03-21 16:15 -------- d-----w- C:\OziExplorer
2010-03-16 18:28 . 2010-03-16 18:28 -------- d-----w- C:\FOUND.000
2010-03-16 17:57 . 2010-03-16 17:57 -------- d-----w- c:\program files\ESET
2010-03-16 13:20 . 2008-04-14 02:22 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-03-16 13:17 . 2010-03-16 13:17 -------- d-----w- c:\program files\CCleaner
2010-03-15 23:20 . 2009-08-13 14:24 512000 ------w- c:\windows\system32\dllcache\jscript.dll
2010-03-15 16:55 . 2010-03-15 16:55 -------- d-----w- c:\windows\system32\cs-cz
2010-03-15 16:55 . 2010-03-15 16:55 -------- d-----w- c:\windows\l2schemas
2010-03-15 16:54 . 2010-03-15 16:55 -------- d-----w- c:\windows\system32\cs
2010-03-15 16:54 . 2010-03-15 16:55 -------- d-----w- c:\windows\system32\bits
2010-03-15 16:03 . 2010-03-15 16:03 -------- d-----w- c:\windows\EHome
2010-03-15 13:35 . 2010-02-12 09:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-15 13:32 . 2008-04-14 02:21 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-03-15 04:04 . 2008-04-14 01:29 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-03-15 04:04 . 2008-04-13 17:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-03-15 04:04 . 2008-04-13 17:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-25 16:33 . 1979-12-31 22:00 47230 ----a-w- c:\windows\system32\perfc005.dat
2010-03-25 16:33 . 1979-12-31 22:00 311548 ----a-w- c:\windows\system32\perfh005.dat
2010-03-15 17:07 . 2004-09-17 10:11 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-15 17:07 . 2004-09-17 10:11 2684 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-09 19:37 . 2010-03-09 19:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-09 19:14 . 2010-03-09 19:14 -------- d-----w- c:\program files\Java
2010-03-09 19:14 . 2010-03-09 19:14 -------- d-----w- c:\program files\Common Files\Java
2010-03-09 13:18 . 2010-03-09 13:18 -------- d-----w- c:\program files\MSXML 4.0
2010-03-07 18:58 . 2010-03-07 18:58 -------- d-----w- c:\program files\Microsoft.NET
2010-03-07 18:56 . 2010-03-07 18:56 -------- d-----w- c:\program files\Microsoft Office2003
2010-03-07 18:47 . 2010-03-07 18:47 -------- d-----w- c:\program files\VideoLAN
2010-03-07 18:44 . 2010-03-07 18:44 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-03-07 18:44 . 2010-03-07 18:44 -------- d-----w- c:\program files\VSO
2010-03-07 18:38 . 2010-03-07 18:38 -------- d-----w- c:\program files\TT
2010-03-07 11:46 . 2010-03-07 11:46 -------- d-----w- c:\program files\Nero
2010-03-07 11:46 . 2010-03-07 11:46 -------- d-----w- c:\program files\Common Files\Nero
2010-03-07 10:30 . 2010-03-07 10:30 -------- d-----w- c:\program files\Microsoft Works
2010-03-07 10:30 . 2010-03-07 10:30 -------- d-----w- c:\program files\MSBuild
2010-03-07 10:18 . 2010-03-07 10:18 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-03-07 10:07 . 2010-03-07 10:07 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-07 10:01 . 2010-03-07 10:01 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-03-07 09:50 . 2010-03-07 09:50 -------- d-----w- c:\program files\TotalUninstallPortable
2010-03-07 09:38 . 2010-03-07 09:38 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-03-07 09:38 . 2010-03-07 09:38 -------- d-----w- c:\program files\ACD Systems
2010-03-07 08:32 . 2010-03-07 08:32 -------- d-----w- c:\program files\TotalCommanderPortable
2010-03-07 07:54 . 2010-03-07 07:54 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-07 07:50 . 2010-03-07 07:50 0 ----a-w- c:\windows\nsreg.dat
2010-03-07 07:44 . 2005-07-13 09:32 1024 ---h--r- c:\windows\system32\NTIBUN4.dll
2010-03-07 07:44 . 2005-07-13 09:32 1024 ---h--r- c:\windows\system32\NTIMPEG2.dll
2010-03-07 07:44 . 2005-07-13 09:32 1024 ---h--r- c:\windows\system32\NTIMP3.dll
2010-03-07 07:44 . 2005-07-13 09:32 1024 ---h--r- c:\windows\system32\NTIFCD3.dll
2010-03-07 07:44 . 2005-07-13 09:32 1024 ---h--r- c:\windows\system32\NTICDMK7.dll
2010-03-07 07:44 . 2005-07-13 09:31 6144 ----a-w- c:\windows\system32\drivers\NTIDrvr.sys
2010-03-07 07:42 . 2010-03-07 07:42 -------- d-----w- c:\program files\acer
2010-03-07 07:41 . 2010-03-07 07:41 -------- d-----w- c:\program files\Launch Manager
2010-02-26 05:44 . 1979-12-31 22:00 668160 ----a-w- c:\windows\system32\WININET.DLL
2010-02-26 05:43 . 1979-12-31 22:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 08:16 . 2010-03-07 07:59 181632 ------w- c:\windows\system32\MpSigStub.exe
.

------- Sigcheck -------

[-] 2010-02-26 . 1125069D3487AF4D295F9B8B352C9E11 . 3094016 . . [6.00.2900.5945] . . c:\windows\system32\mshtml.dll
[-] 2010-02-26 . 1125069D3487AF4D295F9B8B352C9E11 . 3094016 . . [6.00.2900.5945] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2010-02-26 . 1125069D3487AF4D295F9B8B352C9E11 . 3094016 . . [6.00.2900.5945] . . c:\windows\SoftwareDistribution\Download\b1b4e46ec95abfe1dfdb832136d8e792\sp3gdr\mshtml.dll
[-] 2010-02-26 . 23CB63CC448E14C4069E9CE40483E987 . 3094528 . . [6.00.2900.5945] . . c:\windows\SoftwareDistribution\Download\b1b4e46ec95abfe1dfdb832136d8e792\sp3qfe\mshtml.dll
[-] 2010-02-26 . 23CB63CC448E14C4069E9CE40483E987 . 3094528 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3QFE\mshtml.dll
[7] 2009-12-22 . 6EF9C15EF7A9DCECD686AEBF9AF6E057 . 3084800 . . [6.00.2900.3660] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
[7] 2009-12-22 . 25B289964AE031D4ECF189B8CD50F306 . 3092480 . . [6.00.2900.3660] . . c:\windows\$hf_mig$\KB978207\SP2QFE\mshtml.dll
[7] 2009-12-22 . 41A55A865F00CE20284132E8FDE1FFB3 . 3092480 . . [6.00.2900.5921] . . c:\windows\$NtUninstallKB980182$\mshtml.dll
[7] 2009-12-22 . 41A55A865F00CE20284132E8FDE1FFB3 . 3092480 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3GDR\mshtml.dll
[7] 2009-12-22 . BD2EE2BDF5954172F509A16EBEA06D85 . 3094528 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\mshtml.dll
[7] 2008-04-14 . DAF9947DE2A6EA20AE524B7C50487E57 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[7] 2008-04-14 . DAF9947DE2A6EA20AE524B7C50487E57 . 3066880 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB978207$\mshtml.dll
[7] 2004-08-18 . EF74351C9098210CC9C1A3679DB62041 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB978207_0$\mshtml.dll

[-] 2010-02-26 . 6626FD55F67A8AE1335771D41A11EF13 . 668160 . . [6.00.2900.5945] . . c:\windows\system32\WININET.DLL
[-] 2010-02-26 . 6626FD55F67A8AE1335771D41A11EF13 . 668160 . . [6.00.2900.5945] . . c:\windows\system32\dllcache\wininet.dll
[-] 2010-02-26 . 6626FD55F67A8AE1335771D41A11EF13 . 668160 . . [6.00.2900.5945] . . c:\windows\SoftwareDistribution\Download\b1b4e46ec95abfe1dfdb832136d8e792\sp3gdr\wininet.dll
[-] 2010-02-26 . FD0F4E4BC28B18715BC1323ACD48E1A6 . 669696 . . [6.00.2900.5945] . . c:\windows\SoftwareDistribution\Download\b1b4e46ec95abfe1dfdb832136d8e792\sp3qfe\wininet.dll
[-] 2010-02-26 . FD0F4E4BC28B18715BC1323ACD48E1A6 . 669696 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3QFE\wininet.dll
[7] 2009-12-22 . 7FFC51A7327D72DC59881BA088975EB6 . 663040 . . [6.00.2900.3660] . . c:\windows\$NtServicePackUninstall$\wininet.dll
[7] 2009-12-22 . A0C158A24DA9F9C48B5B067948B31AA4 . 669696 . . [6.00.2900.3660] . . c:\windows\$hf_mig$\KB978207\SP2QFE\wininet.dll
[7] 2009-12-22 . 50C587017A3F2FB5B1B1B4267CB2EA91 . 668160 . . [6.00.2900.5921] . . c:\windows\$NtUninstallKB980182$\wininet.dll
[7] 2009-12-22 . 50C587017A3F2FB5B1B1B4267CB2EA91 . 668160 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3GDR\wininet.dll
[7] 2009-12-22 . 5F072B7F1CF448D6ED5FF79511890E60 . 669696 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\wininet.dll
[7] 2008-04-14 . 3FE5E65A7ED9EC98AEE9167CA07812D3 . 667136 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2008-04-14 . 3FE5E65A7ED9EC98AEE9167CA07812D3 . 667136 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB978207$\wininet.dll
[7] 2004-08-18 . 50D263E3454E8357D13BB598129185AD . 657408 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB978207_0$\wininet.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 102490]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 708698]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-06-01 192512]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-15 2893824]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-14 32768]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-06-06 69632]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-07-25 81920]
"eRecoveryService"="c:\program files\Acer\eRecovery\Monitor.exe" [2005-06-29 352256]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-09 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Vašek^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\Vašek\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 00:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE_WMPWMP7_Install_1]
2008-04-14 02:22 786432 ----a-w- c:\program files\Windows Media Player\migrate.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [7.3.2010 9:41 2343]
S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\drivers\Ca1528av.sys [29.3.2010 17:21 516480]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28.3.2010 10:49 136176]
S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\drivers\Bulk1528.sys [29.3.2010 17:21 11648]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 08:49]

2010-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 08:49]

2010-04-13 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 14:50]

2010-04-13 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 16:02]

2010-04-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 16:02]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MIF269~1\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\documents and settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\kckatjec.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-13 17:21
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2968)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\acer\eManager\anbmServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~3\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2010-04-13 17:25:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-13 15:25
ComboFix2.txt 2010-04-12 16:32

Před spuštěním: 5 269 340 160
Po spuštění: 5 179 572 224

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - FBF6CD5F3857BEC198097001B504AF42

[motji]

Jak to ted vypadá s počítačem?

[Vasek2]

No, o něco je to lepší, ale stane se mi občas, že ten HD zase začne chroctat, a je to zpomalený. Tak nevím.

[motji]

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.