VIRY.CZ

Mám tedy ještě jeden problém. Antivir (eset nod32) mě hlásí stále dokola
Objekt: C:\Users\Public\Documents\Windows\winhelp.exe
Infiltrace: Win32/Bamital.DZ trojský kůň
Info: vyléčen smazáním - uložen do karantény

jenže tohle me naskakuje furt dokola....a ten soubor stále je na svém místě. Nemužu ho smazat prý k tomu nemám oprávnění (jsem jediná na tomhle pc)

Děkuji za rady

Logfile of random's system information tool 1.08 (written by random/random)
Run by pc at 2010-11-01 05:51:25
Microsoft® Windows Vista™ Business Service Pack 2
System drive C: has 56 GB (38%) free of 148 GB
Total RAM: 3062 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:51:31, on 1.11.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Users\pc\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxext.exe
D:\PROGRAMY\měnič pozadí\CooL Wallpaper Changer\coolwpc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Opera\opera.exe
C:\Users\pc\Desktop\RSIT.exe
C:\Program Files\trend micro\pc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5620
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [CooLWPC3] D:\PROGRAMY\měnič pozadí\CooL Wallpaper Changer\coolwpc.exe /boot
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7913 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-01-03 312368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-01-03 155184]
{D5D47440-0750-463D-BAEF-A47D02414806}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-07 102400]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-08 4853760]
"Skytel"=C:\Windows\Skytel.exe [2007-11-21 1826816]
"PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2008-01-22 81920]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-01-03 521776]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-01-08 858632]
"WarReg_PopUp"=C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-02-26 2140880]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CooLWPC3"=D:\PROGRAMY\měnič pozadí\CooL Wallpaper Changer\coolwpc.exe [2003-04-06 1008128]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-10-31 18:22:21 ----D---- C:\Windows\temp
2010-10-31 16:34:14 ----SHD---- C:\$RECYCLE.BIN
2010-10-31 16:34:10 ----A---- C:\ComboFix.txt
2010-10-31 16:25:00 ----A---- C:\Windows\zip.exe
2010-10-31 16:25:00 ----A---- C:\Windows\SWSC.exe
2010-10-31 16:25:00 ----A---- C:\Windows\SWREG.exe
2010-10-31 16:25:00 ----A---- C:\Windows\sed.exe
2010-10-31 16:25:00 ----A---- C:\Windows\PEV.exe
2010-10-31 16:25:00 ----A---- C:\Windows\NIRCMD.exe
2010-10-31 16:25:00 ----A---- C:\Windows\MBR.exe
2010-10-31 16:25:00 ----A---- C:\Windows\grep.exe
2010-10-31 16:24:53 ----D---- C:\Windows\ERDNT
2010-10-31 16:24:53 ----D---- C:\ComboFix
2010-10-31 16:23:57 ----D---- C:\Qoobox
2010-10-31 16:23:34 ----A---- C:\Windows\SWXCACLS.exe
2010-10-31 10:55:18 ----D---- C:\rsit
2010-10-31 10:55:18 ----D---- C:\Program Files\trend micro
2010-10-31 09:17:34 ----D---- C:\Config.Msi
2010-10-31 06:44:50 ----A---- C:\Windows\system32\XAudio2_7.dll
2010-10-31 06:44:50 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2010-10-31 06:44:50 ----A---- C:\Windows\system32\xactengine3_7.dll
2010-10-31 06:44:50 ----A---- C:\Windows\system32\D3DX9_43.dll
2010-10-31 06:44:50 ----A---- C:\Windows\system32\d3dx11_43.dll
2010-10-31 06:44:50 ----A---- C:\Windows\system32\d3dx10_43.dll
2010-10-31 06:44:50 ----A---- C:\Windows\system32\d3dcsx_43.dll
2010-10-31 06:44:50 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2010-10-31 06:44:49 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-10-31 06:44:49 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-10-31 06:44:49 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-10-31 06:44:49 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-10-31 06:44:49 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-10-31 06:44:49 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-10-31 06:44:49 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-10-31 06:44:48 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-10-31 06:44:48 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-10-31 06:44:48 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-10-31 06:44:48 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-10-31 06:44:47 ----A---- C:\Windows\system32\XAudio2_4.dll
2010-10-31 06:44:47 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-10-31 06:44:47 ----A---- C:\Windows\system32\xactengine3_4.dll
2010-10-31 06:44:47 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2010-10-31 06:44:47 ----A---- C:\Windows\system32\D3DX9_41.dll
2010-10-31 06:44:47 ----A---- C:\Windows\system32\d3dx10_40.dll
2010-10-31 06:44:47 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2010-10-31 06:44:46 ----A---- C:\Windows\system32\XAudio2_3.dll
2010-10-31 06:44:46 ----A---- C:\Windows\system32\XAudio2_2.dll
2010-10-31 06:44:46 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2010-10-31 06:44:46 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2010-10-31 06:44:46 ----A---- C:\Windows\system32\xactengine3_3.dll
2010-10-31 06:44:46 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2010-10-31 06:44:46 ----A---- C:\Windows\system32\D3DX9_40.dll
2010-10-31 06:44:45 ----A---- C:\Windows\system32\XAudio2_1.dll
2010-10-31 06:44:45 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2010-10-31 06:44:45 ----A---- C:\Windows\system32\xactengine3_2.dll
2010-10-31 06:44:45 ----A---- C:\Windows\system32\xactengine3_1.dll
2010-10-31 06:44:45 ----A---- C:\Windows\system32\D3DX9_39.dll
2010-10-31 06:44:45 ----A---- C:\Windows\system32\d3dx10_39.dll
2010-10-31 06:44:45 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2010-10-31 06:44:44 ----A---- C:\Windows\system32\XAudio2_0.dll
2010-10-31 06:44:44 ----A---- C:\Windows\system32\xactengine3_0.dll
2010-10-31 06:44:44 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2010-10-31 06:44:44 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2010-10-31 06:44:44 ----A---- C:\Windows\system32\D3DX9_38.dll
2010-10-31 06:44:44 ----A---- C:\Windows\system32\d3dx10_38.dll
2010-10-31 06:44:44 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2010-10-31 06:44:43 ----A---- C:\Windows\system32\xactengine2_10.dll
2010-10-31 06:44:43 ----A---- C:\Windows\system32\D3DX9_37.dll
2010-10-31 06:44:43 ----A---- C:\Windows\system32\d3dx9_36.dll
2010-10-31 06:44:43 ----A---- C:\Windows\system32\d3dx10_37.dll
2010-10-31 06:44:43 ----A---- C:\Windows\system32\d3dx10_36.dll
2010-10-31 06:44:43 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2010-10-31 06:44:43 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2010-10-31 06:44:42 ----A---- C:\Windows\system32\xactengine2_9.dll
2010-10-31 06:44:42 ----A---- C:\Windows\system32\xactengine2_8.dll
2010-10-31 06:44:42 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2010-10-31 06:44:42 ----A---- C:\Windows\system32\d3dx9_35.dll
2010-10-31 06:44:42 ----A---- C:\Windows\system32\d3dx10_35.dll
2010-10-31 06:44:42 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2010-10-31 06:44:41 ----A---- C:\Windows\system32\xinput1_3.dll
2010-10-31 06:44:41 ----A---- C:\Windows\system32\xactengine2_7.dll
2010-10-31 06:44:41 ----A---- C:\Windows\system32\d3dx9_34.dll
2010-10-31 06:44:41 ----A---- C:\Windows\system32\d3dx9_33.dll
2010-10-31 06:44:41 ----A---- C:\Windows\system32\d3dx10_34.dll
2010-10-31 06:44:41 ----A---- C:\Windows\system32\d3dx10_33.dll
2010-10-31 06:44:41 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2010-10-31 06:44:41 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2010-10-31 06:44:40 ----A---- C:\Windows\system32\xactengine2_6.dll
2010-10-31 06:44:39 ----A---- C:\Windows\system32\xactengine2_5.dll
2010-10-31 06:44:39 ----A---- C:\Windows\system32\d3dx10.dll
2010-10-31 06:44:38 ----A---- C:\Windows\system32\xactengine2_4.dll
2010-10-31 06:44:38 ----A---- C:\Windows\system32\x3daudio1_1.dll
2010-10-31 06:44:38 ----A---- C:\Windows\system32\d3dx9_32.dll
2010-10-31 06:44:37 ----A---- C:\Windows\system32\xinput1_2.dll
2010-10-31 06:44:37 ----A---- C:\Windows\system32\xactengine2_3.dll
2010-10-31 06:44:37 ----A---- C:\Windows\system32\d3dx9_31.dll
2010-10-31 06:44:36 ----A---- C:\Windows\system32\xinput1_1.dll
2010-10-31 06:44:36 ----A---- C:\Windows\system32\xactengine2_2.dll
2010-10-31 06:44:36 ----A---- C:\Windows\system32\xactengine2_1.dll
2010-10-31 06:44:31 ----A---- C:\Windows\system32\xactengine2_0.dll
2010-10-31 06:44:31 ----A---- C:\Windows\system32\x3daudio1_0.dll
2010-10-31 06:44:31 ----A---- C:\Windows\system32\d3dx9_30.dll
2010-10-31 06:44:31 ----A---- C:\Windows\system32\d3dx9_29.dll
2010-10-31 06:44:30 ----A---- C:\Windows\system32\d3dx9_28.dll
2010-10-31 06:44:30 ----A---- C:\Windows\system32\d3dx9_27.dll
2010-10-31 06:44:30 ----A---- C:\Windows\system32\d3dx9_26.dll
2010-10-31 06:44:30 ----A---- C:\Windows\system32\d3dx9_25.dll
2010-10-31 06:44:29 ----A---- C:\Windows\system32\d3dx9_24.dll
2010-10-27 07:28:37 ----A---- C:\Windows\system32\gameux.dll
2010-10-27 07:28:35 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-10-27 07:28:35 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-10-23 12:42:39 ----A---- C:\Windows\system32\webservices.dll
2010-10-23 10:11:29 ----D---- C:\Users\pc\AppData\Roaming\Ventrilo
2010-10-14 04:45:13 ----A---- C:\Windows\system32\wmp.dll
2010-10-14 04:45:11 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-14 04:44:50 ----A---- C:\Windows\system32\srvsvc.dll
2010-10-14 04:44:49 ----A---- C:\Windows\system32\netevent.dll
2010-10-14 04:44:49 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-10-14 04:44:49 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-10-14 04:44:49 ----A---- C:\Windows\system32\drivers\srv.sys
2010-10-14 04:44:39 ----A---- C:\Windows\system32\schannel.dll
2010-10-14 04:44:34 ----A---- C:\Windows\system32\ole32.dll
2010-10-14 04:44:31 ----A---- C:\Windows\system32\t2embed.dll
2010-10-14 04:44:18 ----A---- C:\Windows\system32\mshtml.dll
2010-10-14 04:44:15 ----A---- C:\Windows\system32\ieframe.dll
2010-10-14 04:44:14 ----A---- C:\Windows\system32\msfeeds.dll
2010-10-14 04:44:13 ----A---- C:\Windows\system32\urlmon.dll
2010-10-14 04:44:13 ----A---- C:\Windows\system32\licmgr10.dll
2010-10-14 04:44:12 ----A---- C:\Windows\system32\wininet.dll
2010-10-14 04:44:12 ----A---- C:\Windows\system32\mshtmled.dll
2010-10-14 04:44:11 ----A---- C:\Windows\system32\mstime.dll
2010-10-14 04:44:11 ----A---- C:\Windows\system32\iertutil.dll
2010-10-14 04:44:10 ----A---- C:\Windows\system32\occache.dll
2010-10-14 04:44:10 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-10-14 04:44:10 ----A---- C:\Windows\system32\ieUnatt.exe
2010-10-14 04:44:10 ----A---- C:\Windows\system32\ieui.dll
2010-10-14 04:44:10 ----A---- C:\Windows\system32\iesysprep.dll
2010-10-14 04:44:10 ----A---- C:\Windows\system32\iesetup.dll
2010-10-14 04:44:10 ----A---- C:\Windows\system32\iernonce.dll
2010-10-14 04:44:10 ----A---- C:\Windows\system32\iepeers.dll
2010-10-14 04:44:10 ----A---- C:\Windows\system32\iedkcs32.dll
2010-10-14 04:44:09 ----A---- C:\Windows\system32\msfeedssync.exe
2010-10-14 04:44:09 ----A---- C:\Windows\system32\jsproxy.dll
2010-10-14 04:44:09 ----A---- C:\Windows\system32\ie4uinit.exe
2010-10-14 04:44:06 ----A---- C:\Windows\system32\mfc40.dll
2010-10-14 04:44:05 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-14 04:44:03 ----A---- C:\Windows\system32\win32k.sys
2010-10-14 04:44:00 ----A---- C:\Windows\system32\msshsq.dll
2010-10-14 04:43:58 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-14 04:43:53 ----A---- C:\Windows\system32\comctl32.dll
2010-10-03 16:15:03 ----A---- C:\Windows\Supermarket Management Uninstall Log.txt

======List of files/folders modified in the last 1 months======

2010-11-01 05:51:31 ----D---- C:\Windows\Prefetch
2010-10-31 18:29:01 ----D---- C:\Windows\System32
2010-10-31 18:29:00 ----D---- C:\Windows\inf
2010-10-31 18:29:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-10-31 18:22:21 ----D---- C:\Windows
2010-10-31 16:32:09 ----A---- C:\Windows\system.ini
2010-10-31 16:32:00 ----D---- C:\Windows\system32\drivers\etc
2010-10-31 16:29:12 ----D---- C:\Windows\system32\drivers
2010-10-31 16:29:12 ----D---- C:\Windows\AppPatch
2010-10-31 16:29:11 ----D---- C:\Program Files\Common Files
2010-10-31 11:07:11 ----SHD---- C:\System Volume Information
2010-10-31 10:55:18 ----RD---- C:\Program Files
2010-10-31 10:44:37 ----D---- C:\ProgramData
2010-10-31 09:17:46 ----SHD---- C:\Windows\Installer
2010-10-31 09:17:36 ----D---- C:\Program Files\Windows Live
2010-10-31 09:17:17 ----D---- C:\Windows\winsxs
2010-10-31 09:17:01 ----SD---- C:\ProgramData\Microsoft
2010-10-31 09:16:25 ----D---- C:\Program Files\Common Files\microsoft shared
2010-10-31 09:09:20 ----D---- C:\Users\pc\AppData\Roaming\uTorrent
2010-10-31 09:08:07 ----SD---- C:\Users\pc\AppData\Roaming\Microsoft
2010-10-31 06:50:10 ----D---- C:\Windows\system32\catroot
2010-10-31 06:44:36 ----RSD---- C:\Windows\assembly
2010-10-31 06:44:32 ----D---- C:\Windows\Microsoft.NET
2010-10-31 06:43:39 ----D---- C:\Windows\Logs
2010-10-30 23:00:19 ----D---- C:\Windows\system32\catroot2
2010-10-26 20:06:01 ----D---- C:\ProgramData\PlayFirst
2010-10-24 18:01:52 ----A---- C:\Windows\ntbtlog.txt
2010-10-24 17:47:34 ----D---- C:\Windows\rescache
2010-10-23 12:49:38 ----RSD---- C:\Windows\Fonts
2010-10-23 12:43:07 ----D---- C:\Windows\system32\cs-CZ
2010-10-19 10:41:44 ----N---- C:\Windows\system32\MpSigStub.exe
2010-10-14 18:46:30 ----D---- C:\Users\pc\AppData\Roaming\dvdcss
2010-10-14 13:29:29 ----D---- C:\Program Files\Microsoft Silverlight
2010-10-14 13:27:55 ----D---- C:\Program Files\Windows Media Player
2010-10-14 13:27:54 ----D---- C:\Program Files\Internet Explorer
2010-10-14 13:27:53 ----D---- C:\Windows\system32\migration
2010-10-14 13:21:54 ----D---- C:\ProgramData\Microsoft Help
2010-10-14 13:14:18 ----A---- C:\Windows\system32\mrt.exe
2010-10-13 15:34:12 ----D---- C:\Program Files\Opera
2010-10-03 16:06:40 ----D---- C:\Program Files\Common Files\Adobe
2010-10-03 16:05:58 ----D---- C:\Program Files\Adobe
2010-10-03 16:03:55 ----D---- C:\Users\pc\AppData\Roaming\Adobe
2010-10-03 16:01:28 ----D---- C:\ProgramData\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-09-29 308248]
R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2008-01-03 18480]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-04-09 691696]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-02-26 114984]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-02-26 133512]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-02-26 96896]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2007-11-30 15392]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-11-16 50704]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-01-03 16432]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-01-03 59952]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-29 8192]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-22 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-22 207360]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-09 2044896]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-04-27 6144]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-09-07 192816]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-05-02 290816]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-12-22 659968]
S3 a3raosvd;a3raosvd; C:\Windows\system32\drivers\a3raosvd.sys []
S3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-08-30 81448]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-08-30 99880]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-05-18 28464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-08-30 17448]
S3 catchme;catchme; \??\C:\Users\pc\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 NETw4v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 2252800]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 Ser2pl;Prolific Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2005-12-05 48640]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2008-11-28 7168]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 WisINT15;WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2009-02-23 30312]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-01-03 506416]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-02-26 810120]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-10-01 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-12-20 131072]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-19 24576]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-10-16 860160]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-11-27 110592]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-08-08 71096]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-10-16 466944]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-20 167936]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-29 386560]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-02-26 33560]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

-----------------EOF-----------------

Zdravim a pekny den preji

Vy umite pouzivat a aplikovat ComboFix

ze si jej aplikujete, log z nej mate vylusteny

V první řadě se omlouvám že jsem ta temata založila dvě spěchala jsem do školy a asi jsem byla moc aktivní...takže pardon za to
Ja jsem měla problém, psala sjem na forum dva dny zpátky kvuli černým oknům a tam mě bylo doporučeno použít ComboFix. Jinak jsem s tím programem nikdy nedělala....
V tom předchozím tematu viewtopic.php?f=13&t=106107 mam i log z ComboFix....ale jinak vážně nevím.....

ComboFix neni hracka - ma se aplikovan jen na doporuceni radce - vizte nize, pokud byl pred dvema dny aplikovan na doporuceni tak se omlouvam

Nebezpeci CFka

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Collect::
C:\Users\Public\Documents\Windows\winhelp.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"=-
"LanguageShortcut"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000000

DDS::
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5620

RegLock::
[HKEY_USERS\S-1-5-21-1835299870-2871940657-4156594453-1003\Software\SecuROM\License information*]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Tak tu je:
ComboFix 10-10-31.04 - pc 01.11.2010 16:51:59.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.3062.1608 [GMT 1:00]
Spuštěný z: c:\users\pc\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\pc\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Public\Documents\Server\admin.txt
c:\users\Public\Documents\Server\server.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-01 do 2010-11-01 )))))))))))))))))))))))))))))))
.

2010-11-01 16:00 . 2010-11-01 16:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-01 14:19 . 2010-11-01 14:19 -------- d-----w- c:\program files\CCleaner
2010-10-31 15:34 . 2010-11-01 16:00 -------- d-----w- c:\users\pc\AppData\Local\temp
2010-10-31 09:55 . 2010-11-01 04:51 -------- d-----w- c:\program files\trend micro
2010-10-31 09:55 . 2010-10-31 09:55 -------- d-----w- C:\rsit
2010-10-29 06:41 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{158FE976-0DCC-4172-A1E9-EB09F03452E7}\mpengine.dll
2010-10-27 06:28 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 06:28 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 06:28 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-23 11:45 . 2010-10-23 11:45 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\d73ec0b01cb72a71f\MeshBetaRemover.exe
2010-10-23 11:45 . 2010-10-23 11:45 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\be6bc5b01cb72a718\DXSETUP.exe
2010-10-23 11:45 . 2010-10-23 11:45 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\be6bc5b01cb72a718\dsetup32.dll
2010-10-23 11:45 . 2010-10-23 11:45 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\be6bc5b01cb72a718\DSETUP.dll
2010-10-23 11:45 . 2010-10-23 11:45 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\bcaf6fb01cb72a717\DSETUP.dll
2010-10-23 11:45 . 2010-10-23 11:45 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\bcaf6fb01cb72a717\DXSETUP.exe
2010-10-23 11:45 . 2010-10-23 11:45 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\bcaf6fb01cb72a717\dsetup32.dll
2010-10-23 11:43 . 2010-10-23 11:43 -------- d-----w- c:\users\pc\AppData\Local\Windows Live
2010-10-23 11:42 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-23 09:11 . 2010-10-23 09:13 -------- d-----w- c:\users\pc\AppData\Roaming\Ventrilo
2010-10-14 03:45 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 03:45 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-14 03:43 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-14 03:43 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2010-04-09 17:00 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-08-26 16:33 . 2010-10-27 06:28 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 06:28 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 06:28 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-27 06:28 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-17 14:11 . 2010-09-15 01:08 128000 ----a-w- c:\windows\system32\spoolsv.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CooLWPC3"="d:\programy\měnič pozadí\CooL Wallpaper Changer\coolwpc.exe" [2003-04-06 1008128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-02 521776]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-07 858632]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-02-26 2140880]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]

c:\users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-9-16 384512]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-8-28 739880]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-4-27 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-05-18 28464]
R3 WisINT15;WisINT15;c:\elements\1stboot\WisINT15.SYS [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-09 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-02-26 114984]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-02-26 133512]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-02-26 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-02-26 96896]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-01 17:00
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1835299870-2871940657-4156594453-1003\Software\SecuROM\License information*]
"datasecu"=hex:04,4c,d2,76,89,b5,15,d8,bc,d1,c3,92,6d,58,a4,10,ab,c0,15,39,59,
64,74,a0,4f,65,91,b2,fb,c2,94,43,62,42,51,a5,b9,b7,50,a3,31,78,e1,e1,fb,35,\
"rkeysecu"=hex:5f,ce,89,b3,d5,7f,7f,f0,fd,ab,56,a6,6e,da,7c,57
.
Celkový čas: 2010-11-01 17:03:22
ComboFix-quarantined-files.txt 2010-11-01 16:03
ComboFix2.txt 2010-10-31 15:34

Před spuštěním: Volných bajtů: 58 999 353 344
Po spuštění: Volných bajtů: 58 992 140 288

- - End Of File - - E897A677D23DE433CA17DE2DDD376065

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

c:\elements\1stboot\WisINT15.SYS
Kliknete na Prochazet
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Kliknete na Send File
Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
Vysledek analyzy sem vlozte (jako odkaz)

Když chci vložit ten soubor co se má otestovat hlásí me to že ta cesta neexistuje....

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

Provedte aktualizaci - treti zalozka
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

Tak tedy konečně....

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 5015

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

1.11.2010 18:54:28
mbam-log-2010-11-01 (18-54-28).txt

Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 235380
Uplynulý čas: 1 hodina(y), 5 minuta(y), 55 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Users\pc\Downloads\Adobe.Photoshop.CS4.CZ\APCS4EX_KGN.exe (Hacktool.Keygen) -> No action taken.

Vse co nasel MBAM smazte, odinstalujte veskery nelegalni SW - cracky a podobne veci jsou nejlepsi cesta k zavirovani PC

Udelejte krok dle kolegy

pitimir píše:Stiahni ToolBar S&D. Zavri vsetky spustene prehliadace a spust program. Vyber jazyk - v pripade anglictiny stlac E -> Enter. Vyskoci na teba okno, po jeho odkliknuti sa dostanes do dalsieho menu. V nom stlac 2 -> Enter. Pockaj, kym sa neskonci scan a posli vytvoreny log.

Smazala jsem

tu je log

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Business ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5270 @ 1.40GHz )
BIOS : Ver 1.00PARTTBL
USER : pc ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:144 Go (Free:61 Go)
D:\ (Local Disk) - NTFS - Total:144 Go (Free:10 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( po 01.11.2010|19:56 )

[ UAC => 1 ]

-----------\\ Searching for Files - Folders ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dl ... r=iesearch"
"Start Page"="http://seznam.cz/"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68928"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68929"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\Windows\\System32\\blank.htm"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

--------------------\\ Searching for other infections

No other infections found !

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - po 01.11.2010|19:57 - Option : [2]

-----------\\ Scan completed at 19:57:13,67

Jak se chova PC, NOD na Vas stale neco krici

Diky bohu už nekřičí

PC funguje normálně
Děkuju teda moc...snad už tady na mě nic nevyskočí, mít ve dvou dnech nějaký problém...už jsem myslela že to noťas nepřežije

Takže ještě jednou děkuji

Odinstalujte Combofix

Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
Napiste ComboFix /Uninstall
Stisknete Enter
Tohle smaze Combofix a jeho slozky

T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Havet se usadila v bodech obnoveni - smazte je dle navodu kolegy riffa http://www.viry.cz/forum/viewtopic.php?f=11&t=47040

MBAM muzete odinstalovat nebo nechat na obcasny sken - v pripade nalezu velmi doporucuji dat sem log na posouzeni, at si neodstrelite neco legitimniho

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaru
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

Dejte novy log z RSIT a poprosim o oba logy (log.txt i info.txt)

Tu je log:

Logfile of random's system information tool 1.08 (written by random/random)
Run by pc at 2010-11-01 20:49:50
Microsoft® Windows Vista™ Business Service Pack 2
System drive C: has 84 GB (57%) free of 148 GB
Total RAM: 3062 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:49:57, on 1.11.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Users\pc\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
D:\PROGRAMY\měnič pozadí\CooL Wallpaper Changer\coolwpc.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Opera\opera.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\pc\Desktop\RSIT.exe
C:\Program Files\trend micro\pc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\PROGRAMY\MBAM\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CooLWPC3] D:\PROGRAMY\měnič pozadí\CooL Wallpaper Changer\coolwpc.exe /boot
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7450 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-01-03 312368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-01-03 155184]
{D5D47440-0750-463D-BAEF-A47D02414806}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-07 102400]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-08 4853760]
"PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-01-03 521776]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-01-08 858632]
"WarReg_PopUp"=C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-02-26 2140880]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"Malwarebytes Anti-Malware (reboot)"=D:\PROGRAMY\MBAM\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CooLWPC3"=D:\PROGRAMY\měnič pozadí\CooL Wallpaper Changer\coolwpc.exe [2003-04-06 1008128]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-11-01 20:49:50 ----D---- C:\rsit
2010-11-01 19:56:43 ----A---- C:\TB.txt
2010-11-01 19:56:15 ----D---- C:\ToolBar SD
2010-11-01 17:44:42 ----D---- C:\Users\pc\AppData\Roaming\Malwarebytes
2010-11-01 17:43:48 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-11-01 17:43:43 ----D---- C:\ProgramData\Malwarebytes
2010-11-01 17:43:42 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-11-01 17:03:29 ----SHD---- C:\$RECYCLE.BIN
2010-11-01 17:00:11 ----D---- C:\Windows\temp
2010-11-01 15:19:34 ----D---- C:\Program Files\CCleaner
2010-10-31 16:23:57 ----D---- C:\Qoobox
2010-10-31 10:55:18 ----D---- C:\Program Files\trend micro
2010-10-31 06:44:50 ----A---- C:\Windows\system32\XAudio2_7.dll
2010-10-31 06:44:50 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2010-10-31 06:44:50 ----A---- C:\Windows\system32\xactengine3_7.dll
2010-10-31 06:44:50 ----A---- C:\Windows\system32\D3DX9_43.dll
2010-10-31 06:44:50 ----A---- C:\Windows\system32\d3dx11_43.dll
2010-10-31 06:44:50 ----A---- C:\Windows\system32\d3dx10_43.dll
2010-10-31 06:44:50 ----A---- C:\Windows\system32\d3dcsx_43.dll
2010-10-31 06:44:50 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2010-10-31 06:44:49 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-10-31 06:44:49 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-10-31 06:44:49 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-10-31 06:44:49 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-10-31 06:44:49 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-10-31 06:44:49 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-10-31 06:44:49 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-10-31 06:44:48 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-10-31 06:44:48 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-10-31 06:44:48 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-10-31 06:44:48 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-10-31 06:44:47 ----A---- C:\Windows\system32\XAudio2_4.dll
2010-10-31 06:44:47 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-10-31 06:44:47 ----A---- C:\Windows\system32\xactengine3_4.dll
2010-10-31 06:44:47 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2010-10-31 06:44:47 ----A---- C:\Windows\system32\D3DX9_41.dll
2010-10-31 06:44:47 ----A---- C:\Windows\system32\d3dx10_40.dll
2010-10-31 06:44:47 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2010-10-31 06:44:46 ----A---- C:\Windows\system32\XAudio2_3.dll
2010-10-31 06:44:46 ----A---- C:\Windows\system32\XAudio2_2.dll
2010-10-31 06:44:46 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2010-10-31 06:44:46 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2010-10-31 06:44:46 ----A---- C:\Windows\system32\xactengine3_3.dll
2010-10-31 06:44:46 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2010-10-31 06:44:46 ----A---- C:\Windows\system32\D3DX9_40.dll
2010-10-31 06:44:45 ----A---- C:\Windows\system32\XAudio2_1.dll
2010-10-31 06:44:45 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2010-10-31 06:44:45 ----A---- C:\Windows\system32\xactengine3_2.dll
2010-10-31 06:44:45 ----A---- C:\Windows\system32\xactengine3_1.dll
2010-10-31 06:44:45 ----A---- C:\Windows\system32\D3DX9_39.dll
2010-10-31 06:44:45 ----A---- C:\Windows\system32\d3dx10_39.dll
2010-10-31 06:44:45 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2010-10-31 06:44:44 ----A---- C:\Windows\system32\XAudio2_0.dll
2010-10-31 06:44:44 ----A---- C:\Windows\system32\xactengine3_0.dll
2010-10-31 06:44:44 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2010-10-31 06:44:44 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2010-10-31 06:44:44 ----A---- C:\Windows\system32\D3DX9_38.dll
2010-10-31 06:44:44 ----A---- C:\Windows\system32\d3dx10_38.dll
2010-10-31 06:44:44 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2010-10-31 06:44:43 ----A---- C:\Windows\system32\xactengine2_10.dll
2010-10-31 06:44:43 ----A---- C:\Windows\system32\D3DX9_37.dll
2010-10-31 06:44:43 ----A---- C:\Windows\system32\d3dx9_36.dll
2010-10-31 06:44:43 ----A---- C:\Windows\system32\d3dx10_37.dll
2010-10-31 06:44:43 ----A---- C:\Windows\system32\d3dx10_36.dll
2010-10-31 06:44:43 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2010-10-31 06:44:43 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2010-10-31 06:44:42 ----A---- C:\Windows\system32\xactengine2_9.dll
2010-10-31 06:44:42 ----A---- C:\Windows\system32\xactengine2_8.dll
2010-10-31 06:44:42 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2010-10-31 06:44:42 ----A---- C:\Windows\system32\d3dx9_35.dll
2010-10-31 06:44:42 ----A---- C:\Windows\system32\d3dx10_35.dll
2010-10-31 06:44:42 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2010-10-31 06:44:41 ----A---- C:\Windows\system32\xinput1_3.dll
2010-10-31 06:44:41 ----A---- C:\Windows\system32\xactengine2_7.dll
2010-10-31 06:44:41 ----A---- C:\Windows\system32\d3dx9_34.dll
2010-10-31 06:44:41 ----A---- C:\Windows\system32\d3dx9_33.dll
2010-10-31 06:44:41 ----A---- C:\Windows\system32\d3dx10_34.dll
2010-10-31 06:44:41 ----A---- C:\Windows\system32\d3dx10_33.dll
2010-10-31 06:44:41 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2010-10-31 06:44:41 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2010-10-31 06:44:40 ----A---- C:\Windows\system32\xactengine2_6.dll
2010-10-31 06:44:39 ----A---- C:\Windows\system32\xactengine2_5.dll
2010-10-31 06:44:39 ----A---- C:\Windows\system32\d3dx10.dll
2010-10-31 06:44:38 ----A---- C:\Windows\system32\xactengine2_4.dll
2010-10-31 06:44:38 ----A---- C:\Windows\system32\x3daudio1_1.dll
2010-10-31 06:44:38 ----A---- C:\Windows\system32\d3dx9_32.dll
2010-10-31 06:44:37 ----A---- C:\Windows\system32\xinput1_2.dll
2010-10-31 06:44:37 ----A---- C:\Windows\system32\xactengine2_3.dll
2010-10-31 06:44:37 ----A---- C:\Windows\system32\d3dx9_31.dll
2010-10-31 06:44:36 ----A---- C:\Windows\system32\xinput1_1.dll
2010-10-31 06:44:36 ----A---- C:\Windows\system32\xactengine2_2.dll
2010-10-31 06:44:36 ----A---- C:\Windows\system32\xactengine2_1.dll
2010-10-31 06:44:31 ----A---- C:\Windows\system32\xactengine2_0.dll
2010-10-31 06:44:31 ----A---- C:\Windows\system32\x3daudio1_0.dll
2010-10-31 06:44:31 ----A---- C:\Windows\system32\d3dx9_30.dll
2010-10-31 06:44:31 ----A---- C:\Windows\system32\d3dx9_29.dll
2010-10-31 06:44:30 ----A---- C:\Windows\system32\d3dx9_28.dll
2010-10-31 06:44:30 ----A---- C:\Windows\system32\d3dx9_27.dll
2010-10-31 06:44:30 ----A---- C:\Windows\system32\d3dx9_26.dll
2010-10-31 06:44:30 ----A---- C:\Windows\system32\d3dx9_25.dll
2010-10-31 06:44:29 ----A---- C:\Windows\system32\d3dx9_24.dll
2010-10-27 07:28:37 ----A---- C:\Windows\system32\gameux.dll
2010-10-27 07:28:35 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-10-27 07:28:35 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-10-23 12:42:39 ----A---- C:\Windows\system32\webservices.dll
2010-10-23 10:11:29 ----D---- C:\Users\pc\AppData\Roaming\Ventrilo
2010-10-14 04:45:13 ----A---- C:\Windows\system32\wmp.dll
2010-10-14 04:45:11 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-14 04:44:50 ----A---- C:\Windows\system32\srvsvc.dll
2010-10-14 04:44:49 ----A---- C:\Windows\system32\netevent.dll
2010-10-14 04:44:49 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-10-14 04:44:49 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-10-14 04:44:49 ----A---- C:\Windows\system32\drivers\srv.sys
2010-10-14 04:44:39 ----A---- C:\Windows\system32\schannel.dll
2010-10-14 04:44:34 ----A---- C:\Windows\system32\ole32.dll
2010-10-14 04:44:31 ----A---- C:\Windows\system32\t2embed.dll
2010-10-14 04:44:18 ----A---- C:\Windows\system32\mshtml.dll
2010-10-14 04:44:15 ----A---- C:\Windows\system32\ieframe.dll
2010-10-14 04:44:14 ----A---- C:\Windows\system32\msfeeds.dll
2010-10-14 04:44:13 ----A---- C:\Windows\system32\urlmon.dll
2010-10-14 04:44:13 ----A---- C:\Windows\system32\licmgr10.dll
2010-10-14 04:44:12 ----A---- C:\Windows\system32\wininet.dll
2010-10-14 04:44:12 ----A---- C:\Windows\system32\mshtmled.dll
2010-10-14 04:44:11 ----A---- C:\Windows\system32\mstime.dll
2010-10-14 04:44:11 ----A---- C:\Windows\system32\iertutil.dll
2010-10-14 04:44:10 ----A---- C:\Windows\system32\occache.dll
2010-10-14 04:44:10 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-10-14 04:44:10 ----A---- C:\Windows\system32\ieUnatt.exe
2010-10-14 04:44:10 ----A---- C:\Windows\system32\ieui.dll
2010-10-14 04:44:10 ----A---- C:\Windows\system32\iesysprep.dll
2010-10-14 04:44:10 ----A---- C:\Windows\system32\iesetup.dll
2010-10-14 04:44:10 ----A---- C:\Windows\system32\iernonce.dll
2010-10-14 04:44:10 ----A---- C:\Windows\system32\iepeers.dll
2010-10-14 04:44:10 ----A---- C:\Windows\system32\iedkcs32.dll
2010-10-14 04:44:09 ----A---- C:\Windows\system32\msfeedssync.exe
2010-10-14 04:44:09 ----A---- C:\Windows\system32\jsproxy.dll
2010-10-14 04:44:09 ----A---- C:\Windows\system32\ie4uinit.exe
2010-10-14 04:44:06 ----A---- C:\Windows\system32\mfc40.dll
2010-10-14 04:44:05 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-14 04:44:03 ----A---- C:\Windows\system32\win32k.sys
2010-10-14 04:44:00 ----A---- C:\Windows\system32\msshsq.dll
2010-10-14 04:43:58 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-14 04:43:53 ----A---- C:\Windows\system32\comctl32.dll

======List of files/folders modified in the last 1 months======

2010-11-01 20:49:57 ----D---- C:\Windows\Prefetch
2010-11-01 20:49:24 ----SHD---- C:\Windows\Installer
2010-11-01 20:49:24 ----D---- C:\Windows
2010-11-01 20:49:15 ----RSD---- C:\Windows\Fonts
2010-11-01 20:48:50 ----D---- C:\Windows\System32
2010-11-01 20:48:47 ----SHD---- C:\System Volume Information
2010-11-01 20:42:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-11-01 20:42:46 ----D---- C:\Windows\inf
2010-11-01 20:21:47 ----D---- C:\Windows\system32\drivers
2010-11-01 19:54:31 ----D---- C:\Windows\Performance
2010-11-01 17:43:43 ----D---- C:\ProgramData
2010-11-01 17:00:24 ----A---- C:\Windows\system.ini
2010-11-01 17:00:13 ----D---- C:\Windows\system32\drivers\etc
2010-11-01 16:56:16 ----D---- C:\Windows\AppPatch
2010-11-01 16:56:15 ----D---- C:\Program Files\Common Files
2010-11-01 15:23:19 ----D---- C:\Windows\Debug
2010-11-01 15:19:34 ----RD---- C:\Program Files
2010-10-31 09:17:36 ----D---- C:\Program Files\Windows Live
2010-10-31 09:17:17 ----D---- C:\Windows\winsxs
2010-10-31 09:17:01 ----SD---- C:\ProgramData\Microsoft
2010-10-31 09:16:25 ----D---- C:\Program Files\Common Files\microsoft shared
2010-10-31 09:09:20 ----D---- C:\Users\pc\AppData\Roaming\uTorrent
2010-10-31 09:08:07 ----SD---- C:\Users\pc\AppData\Roaming\Microsoft
2010-10-31 06:50:10 ----D---- C:\Windows\system32\catroot
2010-10-31 06:44:36 ----RSD---- C:\Windows\assembly
2010-10-31 06:44:32 ----D---- C:\Windows\Microsoft.NET
2010-10-31 06:43:39 ----D---- C:\Windows\Logs
2010-10-30 23:00:19 ----D---- C:\Windows\system32\catroot2
2010-10-26 20:06:01 ----D---- C:\ProgramData\PlayFirst
2010-10-24 17:47:34 ----D---- C:\Windows\rescache
2010-10-23 12:43:07 ----D---- C:\Windows\system32\cs-CZ
2010-10-19 10:41:44 ----N---- C:\Windows\system32\MpSigStub.exe
2010-10-14 18:46:30 ----D---- C:\Users\pc\AppData\Roaming\dvdcss
2010-10-14 13:29:29 ----D---- C:\Program Files\Microsoft Silverlight
2010-10-14 13:27:55 ----D---- C:\Program Files\Windows Media Player
2010-10-14 13:27:54 ----D---- C:\Program Files\Internet Explorer
2010-10-14 13:27:53 ----D---- C:\Windows\system32\migration
2010-10-14 13:21:54 ----D---- C:\ProgramData\Microsoft Help
2010-10-14 13:14:18 ----A---- C:\Windows\system32\mrt.exe
2010-10-13 15:34:12 ----D---- C:\Program Files\Opera
2010-10-03 16:06:40 ----D---- C:\Program Files\Common Files\Adobe
2010-10-03 16:05:58 ----D---- C:\Program Files\Adobe
2010-10-03 16:03:55 ----D---- C:\Users\pc\AppData\Roaming\Adobe
2010-10-03 16:01:28 ----D---- C:\ProgramData\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-09-29 308248]
R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2008-01-03 18480]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-04-09 691696]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-02-26 114984]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-02-26 133512]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-02-26 96896]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2007-11-30 15392]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-11-16 50704]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-01-03 16432]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-01-03 59952]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-29 8192]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-22 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-22 207360]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-09 2044896]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-04-27 6144]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-09-07 192816]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-05-02 290816]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-12-22 659968]
S3 a9jowweu;a9jowweu; C:\Windows\system32\drivers\a9jowweu.sys []
S3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-08-30 81448]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-08-30 99880]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-05-18 28464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-08-30 17448]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 NETw4v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 2252800]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 Ser2pl;Prolific Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2005-12-05 48640]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2008-11-28 7168]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 WisINT15;WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2009-02-23 30312]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-01-03 506416]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-02-26 810120]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-10-01 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-12-20 131072]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-19 24576]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-10-16 860160]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-11-27 110592]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-08-08 71096]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-10-16 466944]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-20 167936]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-29 386560]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-02-26 33560]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

-----------------EOF-----------------

VIRY.CZ

Trojský kůň

Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň