VIRY.CZ

ďakujem za kontrolu

Logfile of random's system information tool 1.09 (written by random/random)
Run by admin at 2012-05-26 13:35:56
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (7%) free of 36 GB
Total RAM: 1022 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:36:23, on 26. 5. 2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17109)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\admServ.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ASPE\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Hide The IP\HideTheIP.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Data aplikací\SuperPump\updater.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Hide-The-IP] "C:\Program Files\Hide The IP\HideTheIP.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CompuCare Check for updates] C:\Documents and Settings\Administrator\Data aplikací\SuperPump\updater.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9427364254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = inzistavke.local
O17 - HKLM\Software\..\Telephony: DomainName = inzistavke.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = inzistavke.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = inzistavke.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = inzistavke.local
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

--
End of file - 10962 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\x7983xhj.default

prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "extensions.enabledItems" - "{afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.306, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {3e9a3920-1b27-11da-8cd6-0800200c9a66}:3.4.1, jqs@sun.com:1.0, firefox@tvunetworks.com:2, 5, 3, 1, {D6D05E6F-D5C1-4e03-8E33-73F92B05E262}:10.2, {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0]
"Description"=DivX® Content Upload Plugin
"Path"=C:\Program Files\DivX\DivX Content Uploader\npUpload.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@idsoftware.com/QuakeLive]
"Description"=
"Path"=C:\Documents and Settings\All Users\Data aplikací\id Software\QuakeLive\npquakezero.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.4.1]
"Description"=
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pages.tvunetworks.com/WebPlayer]
"Description"=TVU Web Player Plugin
"Path"=C:\WINDOWS\system32\TVUAx\npTVUAx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
browsercomps.dll
binary.manifest
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
nsIQTScriptablePlugin.xpt
QuickTimePlugin.class
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
ScorchPDFWrapper.dll
PDFNetC.dll
NPSibelius.dll
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
answers.xml
creativecommons.xml
yahoo.xml
wikipedia.xml
twitter.xml
eBay.xml
bing.xml
amazondotcom.xml
google.xml

C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\x7983xhj.default\extensions\
jid0-YxzrUsJ0WOiOaU89TngAzLcIs18@jetpack
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
firefox@tvunetworks.com

C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\x7983xhj.default\searchplugins\
sweetim.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2008-04-22 503808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-04-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-04-04 157576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2008-04-22 503808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-11-16 15600128]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-01-07 102491]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-01-07 692315]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-18 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-18 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-07-18 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-07-18 114688]
"ADMTray.exe"=C:\Acer\Empowering Technology\admtray.exe [2005-10-24 2462208]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2005-12-27 69632]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-08-12 45056]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"EPM-DM"=c:\acer\Empowering Technology\ePower\epm-dm.exe [2005-11-25 212992]
"Acer ePower Management"=C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe [2005-11-09 3084288]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2006-03-30 471040]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\Monitor.exe [2006-01-24 397312]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-10-07 1461080]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-03-27 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]
"Hide-The-IP"=C:\Program Files\Hide The IP\HideTheIP.exe [2007-03-01 2406400]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"CompuCare Check for updates"=C:\Documents and Settings\Administrator\Data aplikací\SuperPump\updater.exe [2012-03-04 260608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-03-27 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-03-25 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\SweetIM\Messenger\SweetIM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2008-03-27 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^hamachi.lnk]
C:\PROGRA~1\Hamachi\hamachi.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Lingea Update Center.lnk]
C:\PROGRA~1\COMMON~1\LINGEA~1\luc.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^SMART Board Tools.lnk]
C:\PROGRA~1\SMARTT~1\SMARTB~1\SMARTB~2.EXE []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-01-04 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-07-18 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=Upozornenie
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"disablecad"=0
"dontdisplaylockeduserid"=3

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoDriveTypeAutoRun"=255
"NoWelcomeScreen"=1
"NoPublishingWizard"=1
"NoWebServices"=1
"NoOnlinePrintsWizard"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Image Zone Express\HP_IZE.exe"="C:\Program Files\HP\Image Zone Express\HP_IZE.exe:*:Disabled:HP Image Zone Express"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Administrator\Plocha\SweetImSetup.exe"="C:\Documents and Settings\Administrator\Plocha\SweetImSetup.exe:*:Enabled:SweetIM Installer"
"C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe"="C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe:*:Enabled:SMART SNMPAgent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\System32\FXSCLNT.exe"="C:\WINDOWS\System32\FXSCLNT.exe:*:Enabled:Microsoft Fax Console"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=l3codecp.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll
"vidc.XVID"=xvidvfw.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll

======List of files/folders created in the last 1 month======

2012-05-25 18:42:30 ----SHD---- C:\FOUND.001
2012-05-22 21:37:15 ----D---- C:\Documents and Settings\Administrator\Data aplikací\id Software
2012-05-22 21:35:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\id Software
2012-05-10 22:51:11 ----D---- C:\WINDOWS\Sun
2012-05-10 22:30:01 ----A---- C:\WINDOWS\system32\javaws.exe
2012-05-10 22:29:42 ----A---- C:\WINDOWS\system32\javaw.exe
2012-05-10 22:29:42 ----A---- C:\WINDOWS\system32\java.exe
2012-05-10 22:07:40 ----D---- C:\Program Files\Common Files\Java
2012-05-10 22:06:59 ----D---- C:\Program Files\Oracle
2012-05-10 22:06:52 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Oracle
2012-05-10 22:06:45 ----A---- C:\WINDOWS\system32\npDeployJava1.dll
2012-05-05 09:43:21 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe
2012-05-05 08:17:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Mozilla
2012-05-05 08:17:23 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-05-01 08:52:45 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-04-29 21:09:34 ----D---- C:\Documents and Settings\Administrator\Data aplikací\SystemUpdaterApp
2012-04-29 21:08:14 ----D---- C:\Documents and Settings\Administrator\Data aplikací\SuperPump

======List of files/folders modified in the last 1 month======

2012-05-26 08:06:14 ----A---- C:\WINDOWS\system32\eRLog.ini
2012-05-26 08:04:20 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2012-05-26 00:19:44 ----N---- C:\WINDOWS\SchedLgU.Txt
2012-05-09 20:17:48 ----A---- C:\WINDOWS\system32\MRT.exe
2012-05-09 20:15:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-05-07 22:10:32 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-11-01 691696]
R0 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-10-07 35168]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 OsaFsLoc;OsaFsLoc; \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-09-25 21275]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-10-07 40824]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-18 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-18 55936]
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 osanbm;osanbm; \??\C:\WINDOWS\system32\drivers\osanbm.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-04 1420288]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-01-17 328061]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-01-17 850474]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-23 218496]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-11-17 4069888]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NdisFilt;OSA NdisFilter Protocol; C:\WINDOWS\System32\Drivers\NdisFilt.sys [2005-09-13 4392]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-01-06 6144]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-12-28 47360]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-29 78720]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-01-07 191456]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2005-09-11 3298432]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 a0bodenm;a0bodenm; C:\WINDOWS\system32\drivers\a0bodenm.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-01-17 30459]
S3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-01-17 148900]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-01-17 65688]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver; C:\WINDOWS\system32\DRIVERS\CnxEtP.sys []
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver; C:\WINDOWS\system32\DRIVERS\CnxEtU.sys []
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver; C:\WINDOWS\system32\DRIVERS\CnxTgNP.sys []
S3 dtscsi;dtscsi; C:\WINDOWS\system32\drivers\dtscsi.sys [2006-09-25 223128]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-10-15 25280]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-03-20 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-03-20 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-03-20 21568]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-07-18 1049180]
S3 mirrorv3;mirrorv3; C:\WINDOWS\system32\DRIVERS\rminiv3.sys [2010-04-21 3328]
S3 NETMNT;Acer NetMonitor Protocol; C:\WINDOWS\system32\DRIVERS\NETMNT.sys [2005-05-02 9600]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2004-05-17 17536]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SNTNLUSB;SafeNet USB SuperPro/UltraPro/HardwareKey; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2007-04-27 35328]
S3 taphss;Anchorfree HSS Adapter; C:\WINDOWS\system32\DRIVERS\taphss.sys [2012-04-06 33512]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2004-08-18 13952]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-01-04 405504]
R2 AWService;AdminWorks Agent X6; C:\Acer\Empowering Technology\admServ.exe [2005-10-24 1314816]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-01-17 266295]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-10-07 472280]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [2012-04-04 161664]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$ASPE;MSSQL$ASPE; C:\Program Files\Microsoft SQL Server\MSSQL$ASPE\Binn\sqlservr.exe [2002-12-17 7520337]
R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-10-07 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-05 129976]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe -d -f C:\Program Files\WinPcap\rpcapd.ini []
S3 SQLAgent$ASPE;SQLAgent$ASPE; C:\Program Files\Microsoft SQL Server\MSSQL$ASPE\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Zdravím, tohle fixni v HJT :

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CompuCare Check for updates] C:\Documents and Settings\Administrator\Data aplikací\SuperPump\updater.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

HJT najdeš zde :

C:\Program Files\trend micro\admin.exe

Fix znamená že spustíš HJT Obrázek

jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.

Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém

Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !!!

Posielam log z Malwarebytes:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.61.0.1400
www.malwarebytes.org

Verze databáze: v2012.05.31.04

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 7.0.5730.13
admin :: LUKACS-NOTEBOOK [administrátor]

Ochrana: Povolena

31. 5. 2012 18:10:24
mbam-log-2012-05-31 (18-57-56).txt

Typ: Úplná kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 335298
Uplynulý čas: 46 minut, 37 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileHunter (Heuristics.Shuriken) -> Žádná instrukce nebyla provedena.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 5
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Thinstall\Cache\Stubs\808f88e76c0653f12e243593d6d1f248e8d1c4\PDFEdit.exe (Trojan.Backdoor) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Thinstall\Cache\Stubs\ca1ac31291a25e1ea1285967867bb16a74673c1\AcroRd32Info.exe (Trojan.Backdoor) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\Administrator\Data aplikací\SuperPump\uninstall.exe (Heuristics.Shuriken) -> Žádná instrukce nebyla provedena.
C:\Program Files\Fine Reader 8.0\keygen & patches\snd\snd\ABBYY FineReader 8.x Professional Edition Patch.exe (PUP.Hacktool.Patcher) -> Žádná instrukce nebyla provedena.
D:\Programy\Portable Foxit PDF Editor 2.1.0 build 0119 www.softarchive.net\Portable Foxit PDF Editor 2.1.0 build 0119.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.

(konec)

Vše co Mbam našel nech smazat.

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

V případě nejasností je ZDE obrázkový návod.

ComboFix 12-06-01.01 - admin . 06. 2012 13:28:27.4.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.1022.190 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\windows\IsUn0405.exe
c:\windows\WindowsUpdate.log . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-05-01 to 2012-06-01 )))))))))))))))))))))))))))))))
.
.
2012-05-31 16:08 . 2012-05-31 16:08 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2012-05-31 16:08 . 2012-05-31 16:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-05-31 16:08 . 2012-05-31 16:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-31 16:08 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-30 20:18 . 2012-05-30 20:18 388096 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-27 08:24 . 2012-05-27 08:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\WNR
2012-05-27 08:24 . 2012-05-27 08:24 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\WNR
2012-05-27 08:09 . 2012-05-27 08:09 -------- d-----w- c:\program files\Proxy Switcher Standard
2012-05-25 16:42 . 2012-05-25 16:42 -------- d-----w- C:\FOUND.001
2012-05-22 19:37 . 2012-05-22 19:37 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\id Software
2012-05-22 19:35 . 2012-05-22 19:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\id Software
2012-05-10 20:51 . 2012-05-10 20:51 -------- d-----w- c:\windows\Sun
2012-05-10 20:17 . 2012-05-10 20:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Sun
2012-05-10 20:07 . 2012-05-10 20:07 -------- d-----w- c:\program files\Common Files\Java
2012-05-10 20:06 . 2012-05-10 20:07 -------- d-----w- c:\program files\Oracle
2012-05-10 20:06 . 2012-05-10 20:06 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Oracle
2012-05-10 20:06 . 2012-04-04 16:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-05 07:43 . 2012-05-05 07:43 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-05-05 06:17 . 2012-05-05 06:17 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-05 06:17 . 2012-05-05 06:17 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-05 06:17 . 2012-05-05 06:17 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 07:43 . 2012-05-01 06:52 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 07:43 . 2011-06-24 19:18 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:55 . 2004-08-18 18:00 2071296 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2004-08-18 18:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:55 . 2004-08-18 18:00 2194816 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-06 18:15 . 2012-04-06 18:15 33512 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-04-04 16:47 . 2010-06-30 18:02 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-04 16:47 . 2010-06-30 18:02 687504 ----a-w- c:\windows\system32\deployJava1.dll
2009-09-03 16:58 . 2009-09-03 16:58 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2009-09-03 16:37 . 2009-09-03 16:37 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2012-05-05 06:17 . 2011-05-10 19:31 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSwitch"="c:\program files\Proxy Switcher Standard\ProxySwitcher.exe" [2012-01-29 5299768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-16 15600128]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 102491]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 692315]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-18 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-18 114688]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-25 212992]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 3084288]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 471040]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-17 618557]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylockeduserid"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
"NoPublishingWizard"= 1 (0x1)
"NoWebServices"= 1 (0x1)
"NoOnlinePrintsWizard"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^hamachi.lnk]
path=c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Lingea Update Center.lnk]
path=c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\Lingea Update Center.lnk
backup=c:\windows\pss\Lingea Update Center.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^SMART Board Tools.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\SMART Board Tools.lnk
backup=c:\windows\pss\SMART Board Tools.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 08:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 08:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-03-25 13:47 133104 ----a-w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-03-27 06:35 36352 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Image Zone Express\\HP_IZE.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10550:TCP"= 10550:TCP:BitComet 10550 TCP
"10550:UDP"= 10550:UDP:BitComet 10550 UDP
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1. 11. 2010 21:56 691696]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [13. 3. 2008 16:52 35168]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7. 10. 2009 9:16 472280]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [31. 5. 2012 18:08 654408]
R2 MSSQL$ASPE;MSSQL$ASPE;c:\program files\Microsoft SQL Server\MSSQL$ASPE\Binn\sqlservr.exe -sASPE --> c:\program files\Microsoft SQL Server\MSSQL$ASPE\Binn\sqlservr.exe -sASPE [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [31. 5. 2012 18:08 22344]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [29. 9. 2009 10:16 47360]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [1. 5. 2012 8:52 257696]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys --> c:\windows\system32\DRIVERS\CnxEtP.sys [?]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys --> c:\windows\system32\DRIVERS\CnxEtU.sys [?]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNP.sys --> c:\windows\system32\DRIVERS\CnxTgNP.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5. 5. 2012 8:17 129976]
S3 SQLAgent$ASPE;SQLAgent$ASPE;c:\program files\Microsoft SQL Server\MSSQL$ASPE\Binn\sqlagent.EXE -i ASPE --> c:\program files\Microsoft SQL Server\MSSQL$ASPE\Binn\sqlagent.EXE -i ASPE [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - INT15.SYS
*NewlyCreated* - UBHELPER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 07:43]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page =
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\x7983xhj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: network.proxy.ftp - 71.42.153.24
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - server2
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 71.42.153.24
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 71.42.153.24
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 71.42.153.24
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
MSConfigStartUp-CTFMON - (no file)
MSConfigStartUp-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-01 13:39
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2716)
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\acer\Empowering Technology\admServ.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$ASPE\Binn\sqlservr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2012-06-01 13:44:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-01 11:44
.
Pre-Run: 2 606 759 936
Post-Run: 2 680 291 328
.
- - End Of File - - A8200A2C0DD262920565509BF5FD9E03

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.

Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.

Pak dej vědět jaký je stav PC.

VIRY.CZ

Prosím o kontrolu NTB - spomalený

Prosím o kontrolu NTB - spomalený

Re: Prosím o kontrolu NTB - spomalený

Re: Prosím o kontrolu NTB - spomalený

Re: Prosím o kontrolu NTB - spomalený

Re: Prosím o kontrolu NTB - spomalený

Re: Prosím o kontrolu NTB - spomalený