VIRY.CZ

Dobrý den, AVG hlásí
"Název objektu";"C:\WINDOWS\system32\autorun\Book\AcroBat\EN\Setup.exe"
"Název objektu";"C:\WINDOWS\system32\autorun\Book\AcroBat\EN\Setup.exe:\AdbeRdr60enu.exe"
"Název detekce";"Trojský kůň BackDoor.Generic12.BICR"

Při zadání úkolu odstranit infekce hlásí
"Přesouvaný objekt je větší povolená velikost archivu." a nabídne cestu k souboru.
Ten jsem otestoval ještě Spybotem, SUPERAntispawarem a Malwarebytes s výsledkem čisté.
AVG při opětovném testu hlásí viz výše.

Našel jsem vlákna s BackDoor.Generic12, ale s jinými napadenými soubory.
Prosím o radu jak se zbavit této infekce.

Přikládám RSIT log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Pavel at 2010-05-03 03:43:00
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 7 GB (20%) free of 36 GB
Total RAM: 958 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:43:35, on 3.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\SCROLL~1\MouseElf.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\mHotkey.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Genius\ioCentre4D\gBTMouseTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Genius\ioCentre4D\gBTAutoScroll.exe
C:\Program Files\Plaxo\3.23.0.11\PlaxoHelper_en.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\3.23.0.11\PlaxoSysTray.exe
C:\Program Files\12025SC Wireless Combo Set\PS2USBKbdDrv.exe
C:\Program Files\12025SC Wireless Combo Set\MouseDrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
D:\download\RSIT.exe
D:\download\Pavel.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?

LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?

LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program

Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program

Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1

\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program

Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program

Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6

\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {B71B15CF-3093-459C-B764-AEB2486F2273} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program

Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program

Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe

bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\SCROLL~1\MouseElf.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\12025SC Wireless Combo Set\StartAutorun.exe

MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\12025SC Wireless Combo Set\StartAutorun.exe

PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BTCentre] C:\Genius\ioCentre4D\gBTMouseTask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0

\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.23.0.11\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.23.0.11\PlaxoSysTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ZAFFRegisterTrustChecker] "C:\WINDOWS\system32\regsvr32.exe" -s

"C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustChecker.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ZAFFRegisterTrustChecker] "C:\WINDOWS\system32\regsvr32.exe" -s

"C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustChecker.dll" (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1

\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-

58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://download.avg.com
O15 - Trusted Zone: http://www.avg.com
O15 - Trusted Zone: http://download.avg.cz
O15 - Trusted Zone: http://www.czechtourism.com
O15 - Trusted Zone: http://www.czecot.com
O15 - Trusted Zone: download.divx.com
O15 - Trusted Zone: http://www.ieaddons.com
O15 - Trusted Zone: http://www.majorgeeks.com
O15 - Trusted Zone: http://email.seznam.cz
O15 - Trusted Zone: http://www.seznam.cz
O15 - Trusted Zone: http://download.slunecnice.cz
O15 - Trusted Zone: http://www.techspot.com
O15 - Trusted Zone: download.windowsupdate.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://download.zonealarm.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -

http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) -

http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) -

http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) -

http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

http://scan.safety.live.com/resource/do ... se5059.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftup ... 6325434171
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) -

http://download.zonelabs.com/bin/promot ... r37900.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -

http://www.teplice.cz/activex/AxisCamControl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -

http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D17CDB6E-AE6D-11CF-96B8-444553540000} -

https://download.macromedia.com/pub/sho ... wflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8

\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1

\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. -

C:\Acer\eManager\anbmServ.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8

\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

--
End of file - 13555 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\SLOW-PCfighter.job
C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010

-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-10 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-11-18 1196936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09

79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B71B15CF-3093-459C-B764-AEB2486F2273}
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8

\Toolbar\IEToolbar.dll [2009-11-25 1230080]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll

[2009-11-18 1196936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"=SiSPower.dll,ModeAgent []
"LManager"=C:\Program Files\Launch Manager\QtZgAcer.EXE [2005-10-12 315392]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\Monitor.exe [2005-11-16 385024]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-10-08 88363]
"AdslTaskBar"=stmctrl.dll,TaskBar []
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-10-07 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-10-07 688218]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-02-23 77824]
"SiS Windows KeyHook"=C:\WINDOWS\system32\keyhook.exe [2005-03-04 32768]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PCMService"=C:\Program Files\Arcade\PCMService.exe [2005-03-09 49152]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-18 59392]
"LaunchApp"=Alaunch []
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-18 208952]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"mouseElf"=C:\PROGRA~1\SCROLL~1\MouseElf.EXE [2004-09-20 196608]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"WireLessMouse"=C:\Program Files\12025SC Wireless Combo Set\StartAutorun.exe [2005-11-30 94208]
"WireLessKeyboard"=C:\Program Files\12025SC Wireless Combo Set\StartAutorun.exe [2005-11-30 94208]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2004-12-08 550912]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-03-18 2046816]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"BTCentre"=C:\Genius\ioCentre4D\gBTMouseTask.exe [2008-05-13 483328]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-02-15 141608]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PlaxoUpdate"=C:\Program Files\Plaxo\3.23.0.11\PlaxoHelper_en.exe [2009-10-01 403015]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"PlaxoSysTray"=C:\Program Files\Plaxo\3.23.0.11\PlaxoSysTray.exe [2009-10-01 20480]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144]
"SUPERAntiSpyware"=D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-04-27 2020592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-02-15 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMail]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipCheapCom]
[]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Pavel\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-31 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

[2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13

77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveTrack"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardpr

ofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\System32\FXSCLNT.exe"="C:\WINDOWS\System32\FXSCLNT.exe:*:Enabled:Microsoft Fax Console"
"C:\Program Files\HP\Digital Imaging\BIN\hpqtra08.exe"="C:\Program Files\HP\Digital

Imaging\BIN\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpqste08.exe"="C:\Program Files\HP\Digital

Imaging\BIN\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpofxm08.exe"="C:\Program Files\HP\Digital

Imaging\BIN\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hposfx08.exe"="C:\Program Files\HP\Digital

Imaging\BIN\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hposid01.exe"="C:\Program Files\HP\Digital

Imaging\BIN\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpqscnvw.exe"="C:\Program Files\HP\Digital

Imaging\BIN\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpqkygrp.exe"="C:\Program Files\HP\Digital

Imaging\BIN\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpqCopy.exe"="C:\Program Files\HP\Digital

Imaging\BIN\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpfccopy.exe"="C:\Program Files\HP\Digital

Imaging\BIN\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpzwiz01.exe"="C:\Program Files\HP\Digital

Imaging\BIN\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital

Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital

Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpoews01.exe"="C:\Program Files\HP\Digital

Imaging\BIN\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows

Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network

Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program

Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\RealVNC\VNC4\winvnc4.exe"="C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Disabled:VNC

Server"
"C:\Program Files\VoipCheapCom\VoipCheapCom.exe"="C:\Program

Files\VoipCheapCom\VoipCheapCom.exe:*:Disabled:VoipCheapCom"
"C:\WINDOWS\System32\ZoneLabs\vsmon.exe"="C:\WINDOWS\System32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector

Service"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8

\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\TomTom HOME 2\xulrunner\TomTomHOMERuntime.exe"="C:\Program Files\TomTom HOME 2

\xulrunner\TomTomHOMERuntime.exe:*:Enabled:TomTom HOME"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla

Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT

Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin

Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe"="C:\Program

Files\mozilla.org\SeaMonkey\seamonkey.exe:*:Disabled:SeaMonkey"
"C:\Program Files\Java\JRE6\BIN\javaw.exe"="C:\Program Files\Java\JRE6\BIN\javaw.exe:*:Enabled:Java(TM)

Platform SE binary"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\SeaMonkey\seamonkey.exe"="C:\Program

Files\SeaMonkey\seamonkey.exe:*:Enabled:SeaMonkey"
"C:\inet_srv\apache\bin\Apache.exe"="C:\inet_srv\apache\bin\Apache.exe:*:Enabled:Apache"
"C:\inet_srv\mysql\bin\mysqld.exe"="C:\inet_srv\mysql\bin\mysqld.exe:*:Enabled:mysqld"
"C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe"="C:\wamp\bin\apache\Apache2.2.11

\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprof

ile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network

Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bcc061e-63cf-11dd

-b8e5-0016362aab5e}]
shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6106344a-6bb0-11de

-ba54-0016362aab5e}]
shell\AutoRun\command - G:\InstallTomTomHOME.exe


======List of files/folders created in the last 1 months======

2010-05-03 03:43:00 ----D---- C:\rsit
2010-05-03 01:22:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-05-03 01:22:10 ----D---- C:\Documents and Settings\Pavel\Data aplikací\SUPERAntiSpyware.com
2010-05-03 01:21:08 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-04-30 13:19:04 ----SHD---- C:\FOUND.011
2010-04-18 14:07:30 ----D---- C:\Documents and Settings\Pavel\Data aplikací\GlarySoft
2010-04-18 14:02:06 ----D---- C:\Program Files\Ask.com
2010-04-14 11:09:16 ----HD---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 11:08:17 ----HD---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 11:02:59 ----HD---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 11:02:54 ----HD---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 11:02:49 ----HD---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 11:02:33 ----HD---- C:\WINDOWS\$NtUninstallKB979309$

======List of files/folders modified in the last 1 months======

2010-05-03 03:08:42 ----A---- C:\WINDOWS\system32\eRLog.ini
2010-05-03 03:08:20 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt
2010-05-02 16:29:12 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-04-27 22:53:56 ----A---- C:\WINDOWS\system.ini
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 39424]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-31 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys

[2009-07-31 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-25 108552]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 nvport;NVIDIA PORT IO Control Driver; \??\C:\WINDOWS\system32\Drivers\nvport.sys []
R1 SASDIFSV;SASDIFSV; \??\D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-02-25 13312]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS;

C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32

\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-18

63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-18 55936]
R2 osaio;osaio; C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 8704]
R2 osanbm;osanbm; C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 4010]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-10-08 1270540]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-02-24

2311680]
R3 BCM43XX;Broadcom 802.11 ovladač síťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-12-

21 369024]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-

04-13 13952]
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2004-12-08

16896]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 genmcmnUSB;USB Scroll Mouse Driver; C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-04-13 6144]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-03-02 240640]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys

[2004-11-05 32768]
R3 Stmatm;ATM/ADSL miniport; C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 60255]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-10-07 185824]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13

12288]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13

32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32

\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13

59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32

\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

[2008-04-13 26368]
S1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec

Shared\EENGINE\eeCtrl.sys []
S1 eusk2par;EUTRON SmartKey Parallel Driver; \??\C:\WINDOWS\system32\Drivers\eusk2par.sys []
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S2 KeyP;KeyP; C:\WINDOWS\SYSTEM32\DRIVERS\KeyP.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13

101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04

-13 18944]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

[2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys

[2005-03-08 21744]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13

59136]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
S3 TaurusUsb;ADSL Modem USB Service; C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-12-23 549421]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32

\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32

\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-05-15 100032]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-31 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09

153376]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-

13 92008]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576]
S2 anbmService;Notebook Manager Service; C:\Acer\eManager\anbmServ.exe [2004-08-16 1287168]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

[2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86;

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;

C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication

Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-05-15 2086592]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe [2009-06-17 6582912]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media

Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe

[2008-04-14 14336]
S4 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows

Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Předem děkuji za pomoc.

Dobré ráno.

1) ComboFix

• Stáhněte a uložte na Plochu ComboFix.
• Ještě před spuštěním vypněte rezidentní štít antiviru, či antispywaru.
• Spusťte ho s administrátorským oprávněním.
• Po spuštění se Vám zobrazí licenční podmínky, klikněte na 'Ano'.
• Budete také dotázáni na instalaci konzole pro zotavení, taktéž klikněte na 'Ano'.
• Celý sken bude trvat tak 5-10 minut, v závislosti na tom, kolika soubory se bude CF prodírat.
• Váš PC bude pravděpodobně restartován, tak se toho nelekněte.
• Než úplně skončí sken, nic nedělejte, hlavně neklikejte do spuštěného okna s ComboFixem.
• Po skončení skenu (či následném restartu) na Vás 'vypadne' log, který vkopírujete ve formě textu sem.
• Pokud žádný log 'nevypadne', naleznete jej v umístění C:\ComboFix.txt

Děkuji,
jakmile se večer dostanu k infikovanému počítači, pokusím se zálohovat důležité soubory a vložím sem log z ComboFix.

0K.

Zde je log ComboFix:

ComboFix 10-05-03.03 - Pavel 03.05.2010 23:37:59.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.958.511 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WindowsUpdate
c:\windows\system32\autorun.ini
F:\Autorun.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-03 do 2010-05-03 )))))))))))))))))))))))))))))))
.

2010-05-03 02:36 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-03 02:36 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-03 01:43 . 2010-05-03 01:43 -------- d-----w- C:\rsit
2010-05-02 23:21 . 2010-05-02 23:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-30 11:19 . 2010-04-30 11:19 -------- d-----w- C:\FOUND.011
2010-04-18 12:02 . 2010-04-18 12:02 -------- d-----w- c:\program files\Ask.com
2010-04-03 21:50 . 2010-04-03 21:50 -------- d-----w- c:\documents and settings\Pavel\.gimp-2.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-27 21:14 . 2010-03-27 21:14 -------- d-----w- c:\program files\Common Files\Skype
2010-03-13 13:29 . 2010-03-13 13:29 -------- d-----w- c:\program files\7-Zip
2010-03-10 06:17 . 2004-08-18 18:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 02:28 . 2008-12-29 11:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-03 17:46 . 2010-03-13 14:02 212992 ----a-w- c:\windows\system32\ssleay32.dll
2010-03-03 17:46 . 2010-03-13 14:02 53248 ----a-w- c:\windows\system32\icuio36.dll
2010-03-03 17:46 . 2010-03-13 14:02 464172 ----a-w- c:\windows\system32\libpq.dll
2010-03-03 17:46 . 2010-03-13 14:02 45056 ----a-w- c:\windows\system32\iculx36.dll
2010-03-03 17:46 . 2010-03-13 14:02 192512 ----a-w- c:\windows\system32\icule36.dll
2010-03-03 17:46 . 2010-03-13 14:02 1069056 ----a-w- c:\windows\system32\libeay32.dll
2010-03-03 17:46 . 2010-03-13 14:02 1064960 ----a-w- c:\windows\system32\icuuc36.dll
2010-03-03 17:46 . 2010-03-13 14:02 106496 ----a-w- c:\windows\system32\icutu36.dll
2010-03-03 17:46 . 2010-03-13 14:02 954368 ----a-w- c:\windows\system32\icuin36.dll
2010-03-03 17:46 . 2010-03-13 14:02 10166272 ----a-w- c:\windows\system32\icudt36.dll
2010-02-25 06:18 . 2004-08-18 18:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-18 18:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 08:16 . 2009-10-04 19:11 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-17 12:09 . 2004-08-18 18:00 2192128 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09 . 2004-08-18 18:00 2068992 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 09:03 . 2010-03-20 02:36 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:35 . 2004-08-18 18:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-18 18:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 11:02 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-11-18 16:40 1196936 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-11-18 1196936]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PlaxoUpdate"="c:\program files\Plaxo\3.23.0.11\PlaxoHelper_en.exe" [2009-10-01 403015]
"PlaxoSysTray"="c:\program files\Plaxo\3.23.0.11\PlaxoSysTray.exe" [2009-10-01 20480]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-27 2020592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SiSPower"="SiSPower.dll" [2005-02-25 49152]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2005-10-12 315392]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 385024]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 88363]
"AdslTaskBar"="stmctrl.dll" [2003-12-03 155648]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 688218]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 77824]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2005-03-04 32768]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PCMService"="c:\program files\Arcade\PCMService.exe" [2005-03-09 49152]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"mouseElf"="c:\progra~1\SCROLL~1\MouseElf.EXE" [2004-09-20 196608]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"WireLessMouse"="c:\program files\12025SC Wireless Combo Set\StartAutorun.exe" [2005-11-30 94208]
"WireLessKeyboard"="c:\program files\12025SC Wireless Combo Set\StartAutorun.exe" [2005-11-30 94208]
"CHotkey"="mHotkey.exe" [2004-12-08 550912]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-18 2046816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"BTCentre"="c:\genius\ioCentre4D\gBTMouseTask.exe" [2008-05-13 483328]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ZAFFRegisterTrustChecker"="-s" [X]
"ZAFFRegisterTrustCheckerIE"="-s" [X]

c:\documents and settings\Pavel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-1-4 331776]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 10:15 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMail
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipCheapCom

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 16:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\System32\\FXSCLNT.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\TomTom HOME 2\\xulrunner\\TomTomHOMERuntime.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\mozilla.org\\SeaMonkey\\seamonkey.exe"=
"c:\\Program Files\\Java\\JRE6\\BIN\\javaw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SeaMonkey\\seamonkey.exe"=
"c:\\inet_srv\\apache\\bin\\Apache.exe"=
"c:\\inet_srv\\mysql\\bin\\mysqld.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [16.6.2009 20:48 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [16.6.2009 20:48 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [16.6.2009 20:48 108552]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27.4.2010 17:30 61440]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [25.6.2009 10:55 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [25.6.2009 10:55 297752]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13.11.2009 12:31 92008]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [5.11.2006 12:28 6656]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [14.6.2006 14:32 60255]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [29.8.2006 12:33 24786]
S2 KeyP;KeyP;c:\windows\system32\DRIVERS\KeyP.sys --> c:\windows\system32\DRIVERS\KeyP.sys [?]
S3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [14.6.2006 14:32 549421]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - INT15.SYS
*NewlyCreated* - SWPRV
*NewlyCreated* - VSS
.
Obsah adresáře 'Naplánované úlohy'

2010-05-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]

2010-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-05-03 c:\windows\Tasks\GlaryInitialize.job
- d:\program files\Glary Utilities\initialize.exe [2010-04-18 11:03]

2010-05-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-11-18 16:40]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: avg.com\download
Trusted Zone: avg.com\www
Trusted Zone: avg.cz\download
Trusted Zone: czechtourism.com\www
Trusted Zone: czecot.com\www
Trusted Zone: divx.com\download
Trusted Zone: ieaddons.com\www
Trusted Zone: majorgeeks.com\www
Trusted Zone: microsoft.com\support
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: seznam.cz\email
Trusted Zone: seznam.cz\www
Trusted Zone: slunecnice.cz\download
Trusted Zone: techspot.com\www
Trusted Zone: windowsupdate.com\download
Trusted Zone: zonealarm.com\download
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37900.cab
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\uz9bie8w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=42&tp=ab&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\uz9bie8w.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\uz9bie8w.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-03 23:44
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-467697230-2095831606-1801553527-1005\Software\Hewlett-Packard\HPDJ Printing System Config\HP PSC 1500 series\Quicksets\B*]
"008"=dword:00000000
"009"=dword:00000000
"010"=dword:00000000
"012"=dword:0000292c
"013"=dword:0000288c
"015"=dword:00000000
"017"=dword:0000283c
"021"=dword:00000000
"022"=dword:00000001
"025"=dword:00000000
"026"=dword:00000000
"028"=dword:000028a4
"031"=dword:000028b8
"033"=dword:00000000
"036"=dword:00000001
"038"=dword:00000000
"042"=dword:00000000
"043"=dword:00000000
"046"=dword:00002955
"049"=dword:00002958
"060"=dword:00000001
"061"=dword:00000000
"062"=dword:00000000
"064"=dword:00000001
"065"=dword:00000000
"067"=dword:00000001
"068"=dword:00000001
"069"=dword:00000000
"072"=dword:00000000
"073"=dword:000028dc
"075"=dword:00002778
"078"=dword:0000290b
"080"=dword:00002711
"082"=dword:0000281b
"083"=dword:00000000
"085"=dword:00000000
"086"=dword:00000000
"087"=dword:00000000
"089"=dword:00000000
"090"=dword:00002778
"091"=dword:00000000
"092"=dword:00000064
"093"=dword:00000064
"096"=dword:00003390
"097"=dword:00000000
"099"=dword:0000290b
"100"=dword:00002711
"151"=dword:00000000
"152"=dword:00000001
"153"=dword:00000000
"154"=dword:00000001
"155"=dword:00000000
"156"=dword:00000000
"173"=dword:00000000
"178"=dword:00000000
"182"=dword:00000001
"185"=dword:00000000
"188"=dword:00000000
"192"=dword:0000100c
"193"=dword:00000000
"194"=dword:00000001
"196"=dword:00000000
"197"=dword:00001004
"199"=dword:00000000
"202"=dword:00000000
"203"=dword:00001008
"205"=dword:00000000
"208"=dword:0000100e
"209"=dword:00000000
"210"=dword:00000001
"212"=dword:00000000
"213"=dword:00001010
"215"=dword:00000000
"218"=dword:00000000
"219"=dword:00001014
"221"=dword:00000000
"227"=dword:00003afe
"229"=dword:0000296e
"230"=dword:00000000
"231"=dword:00000000
"238"=dword:00000000
"239"=dword:00000000
"247"=dword:00000000
"251"=dword:00000000
"255"=dword:00000000
"259"=dword:00000000
"263"=dword:00000000
"267"=dword:00000000
"271"=dword:00000000
"293"=dword:00002990
"Watermarks"=hex:00,00,01,01,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"ID"=dword:4b706f3e
"Order"=dword:00000008
"AllowDelete"=dword:00000001
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(920)
d:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Celkový čas: 2010-05-03 23:47:13
ComboFix-quarantined-files.txt 2010-05-03 21:47

Před spuštěním: 7 529 070 592
Po spuštění: 8 301 543 424

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - ADC1A3E1BC173FB22DF60E01177730E9


AVG stále v podrobných informacích o nálezu vyhodnocuje:

"Název objektu";"C:\WINDOWS\system32\autorun\Book\AcroBat\EN\Setup.exe"
"Název detekce";"Trojský kůň BackDoor.Generic12.BICR"
"Typ objektu";"Soubor"
"Typ SDK";"Jádro"
"Výsledek";"Infikováno"
"Historie akcí";""

"Název objektu";"C:\WINDOWS\system32\autorun\Book\AcroBat\EN\Setup.exe:\AdbeRdr60enu.exe"
"Název detekce";"Trojský kůň BackDoor.Generic12.BICR"
"Typ objektu";"Soubor"
"Typ SDK";"Jádro"
"Výsledek";"Infikováno"
"Historie akcí";""

Pokračujeme. ↓

1) Skript do ComboFix-u

• Otevřete si Poznámkový blok [Start → Spustit → notepad → Enter].
• Do něj vkopírujte následující text:

  Kód: Vybrat vše

  KillAll::
  
  Folder::
  c:\program files\Ask.com
  C:\FOUND.011
  
  File::
  c:\documents and settings\Pavel\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
  c:\windows\Tasks\AppleSoftwareUpdate.job
  c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
  
  Registry::
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  "{A3BC75A2-1F87-4686-AA43-5347D756017C}"=-
  [-HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=-
  "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
  [-HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
  [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
  [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
  [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
  [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
  "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=-
  [-HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "HP Software Update"=-
  "SunJavaUpdateSched"=-
  "Adobe Reader Speed Launcher"=-
  "Adobe ARM"=-
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  "ZAFFRegisterTrustChecker"=-
  "ZAFFRegisterTrustCheckerIE"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
  "QuickTime Task"=-
  
  FireFox::
  FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\uz9bie8w.default\
  FF - prefs.js: browser.search.selectedEngine - WebHledani
  FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=42&tp=ab&q=
  
  Reboot::

• Uložte tento soubor na Plochu pod jménem CFScript (koncovka .txt).
• Přetáhněte tento soubor nad ComboFix a pusťte ho.
• I tento soubor, i ComboFix musí být na Ploše!
  
• ComboFix se spustí a vykoná příkazy ze skriptu.
• Počítač bude pravděpodobně restartován.
• Po restartu na Vás vyskočí okno s logem, který mi vkopírujete sem ve formě textu.

2) Znáte tyto porty?

• Kód: Vybrat vše

  "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
  "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
  "500:UDP"= 500:UDP:@xpsp2res.dll,-22017

3) VirusTotal

• Otestujte na VirusTotal soubory:

  Kód: Vybrat vše

  C:\WINDOWS\system32\autorun\Book\AcroBat\EN\Setup.exe:\AdbeRdr60enu.exe
  C:\WINDOWS\system32\autorun\Book\AcroBat\EN\Setup.exe

• Jednoduše tam vkopírujete cesty, co jsem napsal do code.
• Jestliže Vám to napíše, že soubor byl již testován, nechte ho otestovat znovu.
• Poté sem vložíte linky (odkazy) na jednotlivé testy.

1) log ComboFix:

ComboFix 10-05-03.05 - Pavel 04.05.2010 13:43:24.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.958.259 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavel\Plocha\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\Pavel\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk"
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Pavel\Dokumenty\cc_20100504_012018.reg
c:\documents and settings\Pavel\Dokumenty\cc_20100504_012642.reg
c:\documents and settings\Pavel\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
C:\FOUND.011
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-04 do 2010-05-04 )))))))))))))))))))))))))))))))
.

2010-05-03 02:36 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-03 02:36 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-03 01:43 . 2010-05-03 01:43 -------- d-----w- C:\rsit
2010-05-02 23:21 . 2010-05-02 23:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-27 21:14 . 2010-03-27 21:14 -------- d-----w- c:\program files\Common Files\Skype
2010-03-13 13:29 . 2010-03-13 13:29 -------- d-----w- c:\program files\7-Zip
2010-03-10 06:17 . 2004-08-18 18:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 02:28 . 2008-12-29 11:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-03 17:46 . 2010-03-13 14:02 212992 ----a-w- c:\windows\system32\ssleay32.dll
2010-03-03 17:46 . 2010-03-13 14:02 53248 ----a-w- c:\windows\system32\icuio36.dll
2010-03-03 17:46 . 2010-03-13 14:02 464172 ----a-w- c:\windows\system32\libpq.dll
2010-03-03 17:46 . 2010-03-13 14:02 45056 ----a-w- c:\windows\system32\iculx36.dll
2010-03-03 17:46 . 2010-03-13 14:02 192512 ----a-w- c:\windows\system32\icule36.dll
2010-03-03 17:46 . 2010-03-13 14:02 1069056 ----a-w- c:\windows\system32\libeay32.dll
2010-03-03 17:46 . 2010-03-13 14:02 1064960 ----a-w- c:\windows\system32\icuuc36.dll
2010-03-03 17:46 . 2010-03-13 14:02 106496 ----a-w- c:\windows\system32\icutu36.dll
2010-03-03 17:46 . 2010-03-13 14:02 954368 ----a-w- c:\windows\system32\icuin36.dll
2010-03-03 17:46 . 2010-03-13 14:02 10166272 ----a-w- c:\windows\system32\icudt36.dll
2010-02-25 06:18 . 2004-08-18 18:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-18 18:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 08:16 . 2009-10-04 19:11 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-17 12:09 . 2004-08-18 18:00 2192128 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09 . 2004-08-18 18:00 2068992 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 09:03 . 2010-03-20 02:36 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:35 . 2004-08-18 18:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-18 18:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PlaxoUpdate"="c:\program files\Plaxo\3.23.0.11\PlaxoHelper_en.exe" [2009-10-01 403015]
"PlaxoSysTray"="c:\program files\Plaxo\3.23.0.11\PlaxoSysTray.exe" [2009-10-01 20480]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-27 2020592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SiSPower"="SiSPower.dll" [2005-02-25 49152]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2005-10-12 315392]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 385024]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 88363]
"AdslTaskBar"="stmctrl.dll" [2003-12-03 155648]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 688218]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 77824]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2005-03-04 32768]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PCMService"="c:\program files\Arcade\PCMService.exe" [2005-03-09 49152]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"mouseElf"="c:\progra~1\SCROLL~1\MouseElf.EXE" [2004-09-20 196608]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"WireLessMouse"="c:\program files\12025SC Wireless Combo Set\StartAutorun.exe" [2005-11-30 94208]
"WireLessKeyboard"="c:\program files\12025SC Wireless Combo Set\StartAutorun.exe" [2005-11-30 94208]
"CHotkey"="mHotkey.exe" [2004-12-08 550912]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-18 2046816]
"BTCentre"="c:\genius\ioCentre4D\gBTMouseTask.exe" [2008-05-13 483328]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-1-4 331776]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 10:15 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 16:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\System32\\FXSCLNT.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\TomTom HOME 2\\xulrunner\\TomTomHOMERuntime.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\mozilla.org\\SeaMonkey\\seamonkey.exe"=
"c:\\Program Files\\Java\\JRE6\\BIN\\javaw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SeaMonkey\\seamonkey.exe"=
"c:\\inet_srv\\apache\\bin\\Apache.exe"=
"c:\\inet_srv\\mysql\\bin\\mysqld.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [16.6.2009 20:48 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [16.6.2009 20:48 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [16.6.2009 20:48 108552]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27.4.2010 17:30 61440]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [25.6.2009 10:55 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [25.6.2009 10:55 297752]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13.11.2009 12:31 92008]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [5.11.2006 12:28 6656]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [14.6.2006 14:32 60255]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [29.8.2006 12:33 24786]
S2 KeyP;KeyP;c:\windows\system32\DRIVERS\KeyP.sys --> c:\windows\system32\DRIVERS\KeyP.sys [?]
S3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [14.6.2006 14:32 549421]
.
Obsah adresáře 'Naplánované úlohy'

2010-05-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]

2010-05-04 c:\windows\Tasks\GlaryInitialize.job
- d:\program files\Glary Utilities\initialize.exe [2010-04-18 11:03]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: avg.com\download
Trusted Zone: avg.com\www
Trusted Zone: avg.cz\download
Trusted Zone: czechtourism.com\www
Trusted Zone: czecot.com\www
Trusted Zone: divx.com\download
Trusted Zone: ieaddons.com\www
Trusted Zone: majorgeeks.com\www
Trusted Zone: microsoft.com\support
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: seznam.cz\email
Trusted Zone: seznam.cz\www
Trusted Zone: slunecnice.cz\download
Trusted Zone: techspot.com\www
Trusted Zone: windowsupdate.com\download
Trusted Zone: zonealarm.com\download
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37900.cab
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\uz9bie8w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\uz9bie8w.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\uz9bie8w.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-04 13:52
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-467697230-2095831606-1801553527-1005\Software\Hewlett-Packard\HPDJ Printing System Config\HP PSC 1500 series\Quicksets\B*]
"008"=dword:00000000
"009"=dword:00000000
"010"=dword:00000000
"012"=dword:0000292c
"013"=dword:0000288c
"015"=dword:00000000
"017"=dword:0000283c
"021"=dword:00000000
"022"=dword:00000001
"025"=dword:00000000
"026"=dword:00000000
"028"=dword:000028a4
"031"=dword:000028b8
"033"=dword:00000000
"036"=dword:00000001
"038"=dword:00000000
"042"=dword:00000000
"043"=dword:00000000
"046"=dword:00002955
"049"=dword:00002958
"060"=dword:00000001
"061"=dword:00000000
"062"=dword:00000000
"064"=dword:00000001
"065"=dword:00000000
"067"=dword:00000001
"068"=dword:00000001
"069"=dword:00000000
"072"=dword:00000000
"073"=dword:000028dc
"075"=dword:00002778
"078"=dword:0000290b
"080"=dword:00002711
"082"=dword:0000281b
"083"=dword:00000000
"085"=dword:00000000
"086"=dword:00000000
"087"=dword:00000000
"089"=dword:00000000
"090"=dword:00002778
"091"=dword:00000000
"092"=dword:00000064
"093"=dword:00000064
"096"=dword:00003390
"097"=dword:00000000
"099"=dword:0000290b
"100"=dword:00002711
"151"=dword:00000000
"152"=dword:00000001
"153"=dword:00000000
"154"=dword:00000001
"155"=dword:00000000
"156"=dword:00000000
"173"=dword:00000000
"178"=dword:00000000
"182"=dword:00000001
"185"=dword:00000000
"188"=dword:00000000
"192"=dword:0000100c
"193"=dword:00000000
"194"=dword:00000001
"196"=dword:00000000
"197"=dword:00001004
"199"=dword:00000000
"202"=dword:00000000
"203"=dword:00001008
"205"=dword:00000000
"208"=dword:0000100e
"209"=dword:00000000
"210"=dword:00000001
"212"=dword:00000000
"213"=dword:00001010
"215"=dword:00000000
"218"=dword:00000000
"219"=dword:00001014
"221"=dword:00000000
"227"=dword:00003afe
"229"=dword:0000296e
"230"=dword:00000000
"231"=dword:00000000
"238"=dword:00000000
"239"=dword:00000000
"247"=dword:00000000
"251"=dword:00000000
"255"=dword:00000000
"259"=dword:00000000
"263"=dword:00000000
"267"=dword:00000000
"271"=dword:00000000
"293"=dword:00002990
"Watermarks"=hex:00,00,01,01,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"ID"=dword:4b706f3e
"Order"=dword:00000008
"AllowDelete"=dword:00000001
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(916)
d:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2164)
c:\program files\Plaxo\3.23.0.11\plx_hook.dll
c:\program files\CyberLink\Shared Files\CLRCEngine.dll
c:\windows\system32\WhoRU.dll
c:\program files\Scroll Mouse\emhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\acer\eManager\anbmServ.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Rundll32.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\rundll32.exe
c:\windows\SOUNDMAN.EXE
c:\windows\mHotkey.exe
c:\program files\Scroll Mouse\EMouse.exe
c:\program files\12025SC Wireless Combo Set\MouseDrv.exe
c:\program files\12025SC Wireless Combo Set\PS2USBKbdDrv.exe
c:\genius\ioCentre4D\gBTAutoScroll.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Celkový čas: 2010-05-04 13:58:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-04 11:57
ComboFix2.txt 2010-05-03 21:47

Před spuštěním: 8 271 659 008
Po spuštění: 8 230 830 080

- - End Of File - - 29AF946EAA5F1518C5CEC0AD5BF4B2BB


2) portům nijak zvlášť nerozumím, takže nic moc

3) http://www.virustotal.com/cs/analisis/7 ... 1272976519

C:\WINDOWS\system32\autorun\Book\AcroBat\EN\Setup.exe:\AdbeRdr60enu.exe
nejde otevřít, hlásí Neplatný název souboru


Průběžné díky!

Něco zkusíme.

1) OTMoveit3

• Stáhněte OTM3 na Plochu.
• Spusťte ho dvojklikem na OTM.exe, pokud to nepůjde, zkuste to s adminskými právy.
• Do levého okna 'Paste Instructions for Items to be Moved' vkopírujte následující skript:

  Kód: Vybrat vše

  :files
  C:\WINDOWS\system32\*.tmp.dll /s
  C:\WINDOWS\system32\SET*.tmp /s
  C:\WINDOWS\*.tmp /s
  @C:\WINDOWS\system32\autorun\Book\AcroBat\EN\Setup.exe:\AdbeRdr60enu.exe
  
  :commands
  [emptytemp]
  [emptyflash]

• Poté klikněte na červené tlačítko 'MoveIt!'.
• V zeleném okně vpravo by se měl zobrazit log, ten vkopírujete sem do fóra.
• Pokud se zobrazí hláška k restartování, klikněte na 'Yes'.
• Po restartu se log otevře sám, nebo ho najdete v C:\_OTM\MovedFiles

1) zde je log z OTMoveit3

All processes killed
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP149B.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPDC.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP23D.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP21B.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP107.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP84.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCE.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP39.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPED.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEB.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEE.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP56.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP14B5.tmp folder moved successfully.
C:\WINDOWS\Installer\MSIA1.tmp moved successfully.
C:\WINDOWS\Installer\MSIA7.tmp moved successfully.
C:\WINDOWS\Installer\MSI1C.tmp moved successfully.
C:\WINDOWS\Installer\MSI24.tmp moved successfully.
C:\WINDOWS\Installer\MSI95.tmp moved successfully.
C:\WINDOWS\Installer\MSIF9.tmp moved successfully.
C:\WINDOWS\Installer\MSI102.tmp moved successfully.
C:\WINDOWS\Installer\MSI6D.tmp moved successfully.
C:\WINDOWS\Installer\MSI71.tmp moved successfully.
C:\WINDOWS\Installer\MSI117.tmp moved successfully.
C:\WINDOWS\Installer\MSI14D.tmp moved successfully.
C:\WINDOWS\Installer\MSI156.tmp moved successfully.
C:\WINDOWS\Installer\MSI31B.tmp moved successfully.
C:\WINDOWS\Installer\MSI246.tmp moved successfully.
C:\WINDOWS\Installer\MSI322.tmp moved successfully.
C:\WINDOWS\Installer\MSI1E.tmp moved successfully.
C:\WINDOWS\Installer\MSIA2.tmp moved successfully.
C:\WINDOWS\Installer\MSI24F.tmp moved successfully.
C:\WINDOWS\Installer\MSI25.tmp moved successfully.
C:\WINDOWS\Installer\MSI120.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\temp\bc670c1d-1df3-40f9-811d-df44461eaea0.tmp moved successfully.
Unable to delete ADS C:\WINDOWS\system32\autorun\Book\AcroBat\EN\Setup.exe:\AdbeRdr60enu.exe .
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 884 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 213126 bytes

User: Pavel
->Temp folder emptied: 297552 bytes
->Temporary Internet Files folder emptied: 6031513 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 91381410 bytes
->Apple Safari cache emptied: 17632161 bytes
->Flash cache emptied: 434 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1461 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 110,00 mb


OTM by OldTimer - Version 3.1.12.0 log created on 05052010_204842

Files moved on Reboot...

Registry entries deleted on Reboot...


... a zde je výsledek testu z průzkumníku AVG
"Test ""Test z průzkumníku"" byl dokončen."
"Během tohoto testu nebyla nalezena žádná infekce"
"Složky vybrané k testování:";"C:\WINDOWS\system32\autorun\Book\AcroBat\EN\Setup.exe;"
"Test zahájen:";"5. května 2010, 21:04:41"
"Test dokončen:";"5. května 2010, 21:04:49 (7 sekund(a))"
"Celkem otestováno objektů:";"2"
"Uživatel:";"Pavel"

Ještě nechám otestovat celý počítač.

I kdyby toto nebyl finální krok, např. mám si na ploše nechat stažené ComboFix a OTM (mohou se hodit?),

OHROMNÉ DÍKY!

Prosím o nový RSIT log.

A nástroje jako ComboFix nemažte, až vše dokončíme, smažu je sám, pomocí externích prográmků.

Nový RSIT log:

Logfile of random's system information tool 1.07 (written by random/random)
Run by Pavel at 2010-05-06 11:26:59
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 8 GB (22%) free of 36 GB
Total RAM: 958 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:27:38, on 6.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\SCROLL~1\MouseElf.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\mHotkey.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Genius\ioCentre4D\gBTMouseTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Plaxo\3.23.0.11\PlaxoHelper_en.exe
C:\Program Files\Plaxo\3.23.0.11\PlaxoSysTray.exe
C:\Program Files\12025SC Wireless Combo Set\PS2USBKbdDrv.exe
C:\Program Files\12025SC Wireless Combo Set\MouseDrv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Genius\ioCentre4D\gBTAutoScroll.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pavel\Plocha\RSIT.exe
C:\Program Files\trend micro\Pavel.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {B71B15CF-3093-459C-B764-AEB2486F2273} - (no file)
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\SCROLL~1\MouseElf.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\12025SC Wireless Combo Set\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\12025SC Wireless Combo Set\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [BTCentre] C:\Genius\ioCentre4D\gBTMouseTask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.23.0.11\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.23.0.11\PlaxoSysTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://download.avg.com
O15 - Trusted Zone: http://www.avg.com
O15 - Trusted Zone: http://download.avg.cz
O15 - Trusted Zone: http://www.czechtourism.com
O15 - Trusted Zone: http://www.czecot.com
O15 - Trusted Zone: download.divx.com
O15 - Trusted Zone: http://www.ieaddons.com
O15 - Trusted Zone: http://www.majorgeeks.com
O15 - Trusted Zone: http://email.seznam.cz
O15 - Trusted Zone: http://www.seznam.cz
O15 - Trusted Zone: http://download.slunecnice.cz
O15 - Trusted Zone: http://www.techspot.com
O15 - Trusted Zone: download.windowsupdate.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://download.zonealarm.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/do ... se5059.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6325434171
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot ... r37900.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.teplice.cz/activex/AxisCamControl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D17CDB6E-AE6D-11CF-96B8-444553540000} - https://download.macromedia.com/pub/sho ... wflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

--
End of file - 12154 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\GlaryInitialize.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-10 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B71B15CF-3093-459C-B764-AEB2486F2273}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"=SiSPower.dll,ModeAgent []
"LManager"=C:\Program Files\Launch Manager\QtZgAcer.EXE [2005-10-12 315392]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\Monitor.exe [2005-11-16 385024]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-10-08 88363]
"AdslTaskBar"=stmctrl.dll,TaskBar []
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-10-07 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-10-07 688218]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-02-23 77824]
"SiS Windows KeyHook"=C:\WINDOWS\system32\keyhook.exe [2005-03-04 32768]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PCMService"=C:\Program Files\Arcade\PCMService.exe [2005-03-09 49152]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-18 59392]
"LaunchApp"=Alaunch []
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-18 208952]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"mouseElf"=C:\PROGRA~1\SCROLL~1\MouseElf.EXE [2004-09-20 196608]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"WireLessMouse"=C:\Program Files\12025SC Wireless Combo Set\StartAutorun.exe [2005-11-30 94208]
"WireLessKeyboard"=C:\Program Files\12025SC Wireless Combo Set\StartAutorun.exe [2005-11-30 94208]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2004-12-08 550912]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-03-18 2046816]
"BTCentre"=C:\Genius\ioCentre4D\gBTMouseTask.exe [2008-05-13 483328]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-02-15 141608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PlaxoUpdate"=C:\Program Files\Plaxo\3.23.0.11\PlaxoHelper_en.exe [2009-10-01 403015]
"PlaxoSysTray"=C:\Program Files\Plaxo\3.23.0.11\PlaxoSysTray.exe [2009-10-01 20480]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144]
"SUPERAntiSpyware"=D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-04-27 2020592]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-02-15 141608]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-31 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveTrack"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\System32\FXSCLNT.exe"="C:\WINDOWS\System32\FXSCLNT.exe:*:Enabled:Microsoft Fax Console"
"C:\Program Files\HP\Digital Imaging\BIN\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\BIN\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hposid01.exe"="C:\Program Files\HP\Digital Imaging\BIN\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\TomTom HOME 2\xulrunner\TomTomHOMERuntime.exe"="C:\Program Files\TomTom HOME 2\xulrunner\TomTomHOMERuntime.exe:*:Enabled:TomTom HOME"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe"="C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe:*:Disabled:SeaMonkey"
"C:\Program Files\Java\JRE6\BIN\javaw.exe"="C:\Program Files\Java\JRE6\BIN\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\SeaMonkey\seamonkey.exe"="C:\Program Files\SeaMonkey\seamonkey.exe:*:Enabled:SeaMonkey"
"C:\inet_srv\apache\bin\Apache.exe"="C:\inet_srv\apache\bin\Apache.exe:*:Enabled:Apache"
"C:\inet_srv\mysql\bin\mysqld.exe"="C:\inet_srv\mysql\bin\mysqld.exe:*:Enabled:mysqld"
"C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe"="C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-05-06 11:27:02 ----D---- C:\Program Files\trend micro
2010-05-05 20:49:37 ----SHD---- C:\Recycled
2010-05-05 20:48:42 ----D---- C:\_OTM
2010-05-04 13:58:02 ----A---- C:\ComboFix.txt
2010-05-04 13:49:23 ----D---- C:\WINDOWS\temp
2010-05-03 23:34:54 ----A---- C:\Boot.bak
2010-05-03 23:34:37 ----RASHD---- C:\cmdcons
2010-05-03 23:31:43 ----A---- C:\WINDOWS\zip.exe
2010-05-03 23:31:43 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-05-03 23:31:43 ----A---- C:\WINDOWS\SWSC.exe
2010-05-03 23:31:43 ----A---- C:\WINDOWS\SWREG.exe
2010-05-03 23:31:43 ----A---- C:\WINDOWS\sed.exe
2010-05-03 23:31:43 ----A---- C:\WINDOWS\PEV.exe
2010-05-03 23:31:43 ----A---- C:\WINDOWS\NIRCMD.exe
2010-05-03 23:31:43 ----A---- C:\WINDOWS\MBR.exe
2010-05-03 23:31:43 ----A---- C:\WINDOWS\grep.exe
2010-05-03 23:31:14 ----D---- C:\WINDOWS\ERDNT
2010-05-03 23:25:46 ----AD---- C:\Qoobox
2010-05-03 22:31:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Softland
2010-05-03 22:30:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-05-03 22:28:33 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Softland
2010-05-03 04:37:10 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Malwarebytes
2010-05-03 04:36:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-05-03 03:43:00 ----D---- C:\rsit
2010-05-03 01:22:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-05-03 01:22:10 ----D---- C:\Documents and Settings\Pavel\Data aplikací\SUPERAntiSpyware.com
2010-05-03 01:21:08 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-04-18 14:07:30 ----D---- C:\Documents and Settings\Pavel\Data aplikací\GlarySoft
2010-04-14 11:09:16 ----HD---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 11:08:17 ----HD---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 11:02:59 ----HD---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 11:02:54 ----HD---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 11:02:49 ----HD---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 11:02:33 ----HD---- C:\WINDOWS\$NtUninstallKB979309$

======List of files/folders modified in the last 1 months======

2010-05-06 11:06:34 ----A---- C:\WINDOWS\system32\eRLog.ini
2010-05-06 11:06:00 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt
2010-05-05 22:04:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-04 13:52:00 ----A---- C:\WINDOWS\system.ini
2010-05-03 23:34:56 ----RASH---- C:\boot.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 39424]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-31 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-31 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-25 108552]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 nvport;NVIDIA PORT IO Control Driver; \??\C:\WINDOWS\system32\Drivers\nvport.sys []
R1 SASDIFSV;SASDIFSV; \??\D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-02-25 13312]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-18 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-18 55936]
R2 osaio;osaio; C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 8704]
R2 osanbm;osanbm; C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 4010]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-10-08 1270540]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-02-24 2311680]
R3 BCM43XX;Broadcom 802.11 ovladač síťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-12-21 369024]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2004-12-08 16896]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 genmcmnUSB;USB Scroll Mouse Driver; C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-04-13 6144]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-03-02 240640]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 32768]
R3 Stmatm;ATM/ADSL miniport; C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 60255]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-10-07 185824]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
S1 eusk2par;EUTRON SmartKey Parallel Driver; \??\C:\WINDOWS\system32\Drivers\eusk2par.sys []
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S2 KeyP;KeyP; C:\WINDOWS\SYSTEM32\DRIVERS\KeyP.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
S3 TaurusUsb;ADSL Modem USB Service; C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-12-23 549421]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 anbmService;Notebook Manager Service; C:\Acer\eManager\anbmServ.exe [2004-08-16 1287168]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-05-15 100032]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-31 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-05-15 2086592]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe [2009-06-17 6582912]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Pokračujeme.

1) Fixnutí v HJT

• Spusťte přejmenované HijackThis - C:\Program Files\Trend Micro\HijackThis\jmeno_uzivatele.exe
• Následně klikněte na 'Do a system scan only'.
• U níže uvedených položek udělejte fajfku do čtverečku a poté klikněte na 'Fix Checked'.

  Kód: Vybrat vše

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
  R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
  O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
  O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
  O3 - Toolbar: (no name) - {B71B15CF-3093-459C-B764-AEB2486F2273} - (no file)

• Pokud by tam nějaká položka nebyla, vynechte ji.

2) Mazání služby přes CMD

• Spusťte Příkazový řádek [Start → Spustit → cmd → Enter].
• Do něho napište následující příkaz:

  Kód: Vybrat vše

  sc stop JavaQuickStarterService
  sc delete JavaQuickStarterService

• Po každém příkaze stiskněte Enter.

3) Odinstalace ComboFixu

• Proklikejte se přes Start do Spustit [klávesová zkratka je Win+R].
• Do textového pole napište:

  Kód: Vybrat vše

  ComboFix /Uninstall

• Stiskněte Enter.
• Spustí se odinstalace ComboFixu, která smaže všechny jeho součásti.

4) OTCleaner

• Stáhněte OTC a dvojklikem ho spusťte.
• Vyskočí okénko, kde kliknete na 'CleanUp!'.
• Potvrdíte kliknutím na 'Yes'.
• Poté se ještě zeptá, zda chcete restartovat PC - to proveďte opět kliknutím na 'Yes'.

5) CCleaner

• Stáhněte si program jménem CCleaner.
• Normálně nainstalujte, jen dávejte pozor a odškrtněte položku 'Instalovat Yahoo! Toolbar'.
• Spusťte ho.
  
  • Záložka Čistič → nechte zatrženo vše, jak je, a klikněte na 'Spustit CCleaner'.
  • Záložka Registry → klikněte na 'Hledej problémy'. Vyhledá problémy v registru, až dokončí analyzování, klikněte na 'Opravit vybrané problémy'. Nabídne Vám vytvoření zálohy - pro jistotu ji vytvořte a uložte například na Plochu.
• CCleaner doporučuji používat pravidelně, celkem rapidně dokáže zrychlit PC.

6) Defragmentace

• Defragmentujte disk.
• Lze to udělat několika způsoby ↓
  • Přes defragmentaci integrovanou ve Windows [Start → Spustit → dfrg.msc → Enter]. Toto není příliš účinný způsob.
  • Přes jednoduchý a přehledný program jménem Defraggler.
  • Přes geniální program, který se nemusí instalovat a je hodně jednoduchý - JKDefrag.

7) FileHippo.com UpdateChecker

• Abyste měl/a přehled o aktualizacích, doporučuji stáhnout program FileHippo.com UpdateChecker.
  • Běžně ho nainstalujte.
  • Spouštějte ho například jednou až dvakrát týdně.
  • Přehledně zobrazí všechny programy, které jsou neaktualizované, nabídne stažení novější verze (což doporučuji).
  • Dávejte si pozor,co dané aplikace instalují 's sebou' → například zbytečné toolbary (lišty).
    • Proto se nevyplatí bezmyšlenkovitě klikat na 'Next', popřípadě 'Další'.

8) Nový RSIT log

Dobrý den,

všechny kroky jsem provedl, nástroje Piriform znám a CCleaner používám, s Defragglerem jsem měl potíže (nedokončoval defragmentaci), proto oceňuji JKDefrag jako výborný nástroj, díky. Mimo uvedené ještě používám Glary Utilities.
Trochu jsem pročistil C odinstalací velkých (a některých nepotřebných) programů a souborů, které jsem updatované instaloval na D. Doufám, že jsem něco nezmršil.
Za UpdateChecker a celou spolupráci také děkuji.

Zde je nový RSIT log:

Logfile of random's system information tool 1.07 (written by random/random)
Run by Pavel at 2010-05-08 13:16:19
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 13 GB (36%) free of 36 GB
Total RAM: 958 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:16:54, on 8.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\PROGRA~1\SCROLL~1\MouseElf.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\mHotkey.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\12025SC Wireless Combo Set\PS2USBKbdDrv.exe
C:\Program Files\12025SC Wireless Combo Set\MouseDrv.exe
C:\Genius\ioCentre4D\gBTMouseTask.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Genius\ioCentre4D\gBTAutoScroll.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Plaxo\3.23.0.11\PlaxoHelper_en.exe
C:\Program Files\Plaxo\3.23.0.11\PlaxoSysTray.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\FileHippo.com\UpdateChecker.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\download\RSIT.exe
C:\Program Files\trend micro\Pavel.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\SCROLL~1\MouseElf.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\12025SC Wireless Combo Set\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\12025SC Wireless Combo Set\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [BTCentre] C:\Genius\ioCentre4D\gBTMouseTask.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /runonce
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.23.0.11\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.23.0.11\PlaxoSysTray.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FileHippo.com] "D:\Program Files\FileHippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://download.avg.com
O15 - Trusted Zone: http://www.avg.com
O15 - Trusted Zone: http://download.avg.cz
O15 - Trusted Zone: http://www.czechtourism.com
O15 - Trusted Zone: http://www.czecot.com
O15 - Trusted Zone: download.divx.com
O15 - Trusted Zone: http://www.ieaddons.com
O15 - Trusted Zone: http://www.majorgeeks.com
O15 - Trusted Zone: http://email.seznam.cz
O15 - Trusted Zone: http://www.seznam.cz
O15 - Trusted Zone: http://download.slunecnice.cz
O15 - Trusted Zone: http://www.techspot.com
O15 - Trusted Zone: download.windowsupdate.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://download.zonealarm.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/do ... se5059.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6325434171
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot ... r37900.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.teplice.cz/activex/AxisCamControl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D17CDB6E-AE6D-11CF-96B8-444553540000} - https://download.macromedia.com/pub/sho ... wflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

--
End of file - 12803 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Install.job
C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{2E65E14B-F103-4675-B178-86A6615B5A0D}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-10 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-11-18 1196936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-08 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-08 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-11-18 1196936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"=SiSPower.dll,ModeAgent []
"LManager"=C:\Program Files\Launch Manager\QtZgAcer.EXE [2005-10-12 315392]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\Monitor.exe [2005-11-16 385024]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-10-08 88363]
"AdslTaskBar"=stmctrl.dll,TaskBar []
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-10-07 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-10-07 688218]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-02-23 77824]
"SiS Windows KeyHook"=C:\WINDOWS\system32\keyhook.exe [2005-03-04 32768]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PCMService"=C:\Program Files\Arcade\PCMService.exe [2005-03-09 49152]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-18 59392]
"LaunchApp"=Alaunch []
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-18 208952]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"mouseElf"=C:\PROGRA~1\SCROLL~1\MouseElf.EXE [2004-09-20 196608]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"WireLessMouse"=C:\Program Files\12025SC Wireless Combo Set\StartAutorun.exe [2005-11-30 94208]
"WireLessKeyboard"=C:\Program Files\12025SC Wireless Combo Set\StartAutorun.exe [2005-11-30 94208]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2004-12-08 550912]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-03-18 2046816]
"BTCentre"=C:\Genius\ioCentre4D\gBTMouseTask.exe [2008-05-13 483328]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-04-13 1135912]
"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2010-04-24 142120]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NSSInstallation"=C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe [2010-05-08 497016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PlaxoUpdate"=C:\Program Files\Plaxo\3.23.0.11\PlaxoHelper_en.exe [2009-10-01 403015]
"PlaxoSysTray"=C:\Program Files\Plaxo\3.23.0.11\PlaxoSysTray.exe [2009-10-01 20480]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144]
"SUPERAntiSpyware"=D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-05-07 2017280]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"FileHippo.com"=D:\Program Files\FileHippo.com\UpdateChecker.exe [2010-04-29 248832]
"SpybotSD TeaTimer"=D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-31 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveTrack"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\System32\FXSCLNT.exe"="C:\WINDOWS\System32\FXSCLNT.exe:*:Enabled:Microsoft Fax Console"
"C:\Program Files\HP\Digital Imaging\BIN\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\BIN\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hposid01.exe"="C:\Program Files\HP\Digital Imaging\BIN\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\BIN\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\BIN\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\TomTom HOME 2\xulrunner\TomTomHOMERuntime.exe"="C:\Program Files\TomTom HOME 2\xulrunner\TomTomHOMERuntime.exe:*:Enabled:TomTom HOME"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe"="C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe:*:Disabled:SeaMonkey"
"C:\Program Files\Java\JRE6\BIN\javaw.exe"="C:\Program Files\Java\JRE6\BIN\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\SeaMonkey\seamonkey.exe"="C:\Program Files\SeaMonkey\seamonkey.exe:*:Enabled:SeaMonkey"
"C:\inet_srv\apache\bin\Apache.exe"="C:\inet_srv\apache\bin\Apache.exe:*:Enabled:Apache"
"C:\inet_srv\mysql\bin\mysqld.exe"="C:\inet_srv\mysql\bin\mysqld.exe:*:Enabled:mysqld"
"C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe"="C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-05-08 13:16:19 ----D---- C:\rsit
2010-05-08 12:51:51 ----D---- C:\Program Files\Ask.com
2010-05-08 12:46:16 ----A---- C:\WINDOWS\isRS-000.tmp
2010-05-08 10:32:16 ----D---- C:\WINDOWS\system32\Adobe
2010-05-08 10:28:31 ----A---- C:\WINDOWS\system32\javaws.exe
2010-05-08 10:28:31 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-05-08 10:28:30 ----A---- C:\WINDOWS\system32\javaw.exe
2010-05-08 10:28:30 ----A---- C:\WINDOWS\system32\java.exe
2010-05-08 00:06:40 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2010-05-08 00:05:32 ----D---- C:\Program Files\iPod
2010-05-08 00:05:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-08 00:01:55 ----D---- C:\Program Files\Bonjour
2010-05-07 21:10:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2010-05-06 11:27:02 ----D---- C:\Program Files\trend micro
2010-05-05 20:49:37 ----SHD---- C:\Recycled
2010-05-04 13:49:23 ----D---- C:\WINDOWS\temp
2010-05-03 23:34:54 ----A---- C:\Boot.bak
2010-05-03 23:34:37 ----RASHD---- C:\cmdcons
2010-05-03 23:31:14 ----D---- C:\WINDOWS\ERDNT
2010-05-03 22:31:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Softland
2010-05-03 22:30:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-05-03 22:28:33 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Softland
2010-05-03 04:37:10 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Malwarebytes
2010-05-03 04:36:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-05-03 01:22:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-05-03 01:22:10 ----D---- C:\Documents and Settings\Pavel\Data aplikací\SUPERAntiSpyware.com
2010-05-03 01:21:08 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-04-18 14:07:30 ----D---- C:\Documents and Settings\Pavel\Data aplikací\GlarySoft
2010-04-14 11:09:16 ----HD---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 11:08:17 ----HD---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 11:02:59 ----HD---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 11:02:54 ----HD---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 11:02:49 ----HD---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 11:02:33 ----HD---- C:\WINDOWS\$NtUninstallKB979309$

======List of files/folders modified in the last 1 months======

2010-05-08 13:01:42 ----A---- C:\WINDOWS\system32\eRLog.ini
2010-05-08 13:00:04 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt
2010-05-08 12:58:04 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-05-07 23:46:02 ----A---- C:\WINDOWS\gswin32.ini
2010-05-04 13:52:00 ----A---- C:\WINDOWS\system.ini
2010-05-03 23:34:56 ----RASH---- C:\boot.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 39424]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-31 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-31 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-25 108552]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 nvport;NVIDIA PORT IO Control Driver; \??\C:\WINDOWS\system32\Drivers\nvport.sys []
R1 SASDIFSV;SASDIFSV; \??\D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-02-25 13312]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-18 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-18 55936]
R2 osaio;osaio; C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 8704]
R2 osanbm;osanbm; C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 4010]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-10-08 1270540]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-02-24 2311680]
R3 BCM43XX;Broadcom 802.11 ovladač síťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-12-21 369024]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2004-12-08 16896]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 genmcmnUSB;USB Scroll Mouse Driver; C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-04-13 6144]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-03-02 240640]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 32768]
R3 Stmatm;ATM/ADSL miniport; C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 60255]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-10-07 185824]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
S1 eusk2par;EUTRON SmartKey Parallel Driver; \??\C:\WINDOWS\system32\Drivers\eusk2par.sys []
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S2 KeyP;KeyP; C:\WINDOWS\SYSTEM32\DRIVERS\KeyP.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
S3 TaurusUsb;ADSL Modem USB Service; C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-12-23 549421]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 anbmService;Notebook Manager Service; C:\Acer\eManager\anbmServ.exe [2004-08-16 1287168]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-05-15 100032]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-31 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-05-08 153376]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-04-24 545576]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-05-15 2086592]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe [2009-06-17 6582912]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Určitě nezmršil.
A ještě jsem zapomněl na jeden adware toolbar, takže odstraníme ještě pomocí OTM.
Navíc máte hodně aplikací spouštěných po startu, a nevím, které používáte a které ne, ve třetím kroku naleznete návod, jak se nepotřebných zbavit.

1) OTMoveit3

• Stáhněte OTM3 na Plochu.
• Spusťte ho dvojklikem na OTM.exe, pokud to nepůjde, zkuste to s adminskými právy.
• Do levého okna 'Paste Instructions for Items to be Moved' vkopírujte následující skript:

  Kód: Vybrat vše

  :reg
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "SunJavaUpdateSched"=-
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  "NSSInstallation"=-
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
  
  :files
  C:\WINDOWS\system32\*.tmp.dll /s
  C:\WINDOWS\*.tmp /s
  C:\WINDOWS\tasks\AppleSoftwareUpdate.job
  C:\Program Files\Ask.com
  
  :services
  JavaQuickStarterService
  
  :commands
  [emptytemp]
  [emptyflash]

• Poté klikněte na červené tlačítko 'MoveIt!'.
• V zeleném okně vpravo by se měl zobrazit log, ten vkopírujete sem do fóra.
• Pokud se zobrazí hláška k restartování, klikněte na 'Yes'.
• Po restartu se log otevře sám, nebo ho najdete v C:\_OTM\MovedFiles

2) VirusTotal

• Otestujte na VirusTotal soubory:

  Kód: Vybrat vše

  C:\WINDOWS\tasks\Install.job

• Jednoduše tam vkopírujete cesty, co jsem napsal do code.
• Jestliže Vám to napíše, že soubor byl již testován, nechte ho otestovat znovu.
• Poté sem vložíte linky (odkazy) na jednotlivé testy.

3) StartUpLite

• Stáhněte StartUpLite a spusťte ho.
• Vypíše seznam zbytečně spouštěných programů po startu.
• U těch, kterých víte, že je nepotřebujete, zaškrtněte 'Disable'.
  • Zjistit, které jsou nepotřebné můžete zjistit v této databázi.
• Klikněte na 'Continue'.
• Program ukončete a pokud chcete, můžete ho smazat.

Dobrý den,

ad 1) log z OTM3:

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper\ deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
C:\WINDOWS\temp\04259b9d-9a0a-462d-85b9-9600f4f50684.tmp moved successfully.
C:\WINDOWS\temp\ddf3e078-c60e-4d3c-a050-59e1930d98fe.tmp moved successfully.
C:\WINDOWS\temp\ac6ddde1-8d53-434f-9487-98173402578b.tmp moved successfully.
C:\WINDOWS\temp\be1e09d5-b76c-4b87-9a1c-53ad90429125.tmp moved successfully.
C:\WINDOWS\temp\f75231f4-fba3-403c-9b17-077eb7ddeb72.tmp moved successfully.
C:\WINDOWS\temp\1406a988-07e8-464c-9a50-8065c916b381.tmp moved successfully.
C:\WINDOWS\temp\006d9c58-3a84-45da-827f-1752895bf4b1.tmp moved successfully.
C:\WINDOWS\temp\9c0c8007-3cf0-45a7-9209-ae97c432f5b9.tmp moved successfully.
C:\WINDOWS\temp\d10b6d47-29e8-4bd2-b9e0-45347d11fa86.tmp moved successfully.
C:\WINDOWS\temp\281c8375-5dde-42b4-9325-54c8971973b5.tmp moved successfully.
C:\WINDOWS\temp\40e67cd4-71dc-48ad-b562-3c7f30e2ea2a.tmp moved successfully.
C:\WINDOWS\temp\68745222-27af-403e-a6f8-13839ff52377.tmp moved successfully.
C:\WINDOWS\temp\6f29cf0e-afe1-4dc1-9e3a-4245de5d722b.tmp moved successfully.
C:\WINDOWS\temp\486c752c-ff52-44b9-8768-558e5369e75d.tmp moved successfully.
C:\WINDOWS\temp\b4c79aec-c53e-42e9-bb52-d90d4d6a2a91.tmp moved successfully.
C:\WINDOWS\temp\75352fc2-f644-4d4b-b148-1a134be83707.tmp moved successfully.
C:\WINDOWS\tasks\AppleSoftwareUpdate.job moved successfully.
C:\Program Files\Ask.com folder moved successfully.
========== SERVICES/DRIVERS ==========
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 8908 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Pavel
->Temp folder emptied: 25075933 bytes
->Temporary Internet Files folder emptied: 12554191 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46972609 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 485 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4025 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 81,00 mb


OTM by OldTimer - Version 3.1.12.0 log created on 05102010_004603
All processes killed

OTM by OldTimer - Version 3.1.12.0 log created on 05102010_004548

Files moved on Reboot...

Registry entries deleted on Reboot...


ad 2) Virus Total

cesta k C:\WINDOWS\tasks\Install.job nenalezena,
pod tasks jsou pouze
C:\WINDOWS\Tasks\GlaryInitialize
C:\WINDOWS\Tasks\MP Scheduled Scan
C:\WINDOWS\Tasks\Norton Security Scan for Pavel
C:\WINDOWS\Tasks\User_Feed_Synchronization-{2E65E14B-F103-4675-B178-86A6615B5A0D}


ad 3) StartUpLite

za tento bod děkuji speciálně, než mi naběhne počítač uvařím a vypiju čaj. Čekal jsem, že mi to najde víc než dva zbytečně spouštěné programy/aplikace, budu se muset na toto téma víc soustředit.

Děkuji a těším se na další spolupráci.