Opět Suspensor PC (Vyřešeno) Vyřešeno

[dave128]

Ahoj,

chtěl bych vás požádat o pomoc při potížích se Suspensor PC na notebooku. Vím, že už to tady bylo několikrát řešeno, ale přesto... Zkoušel jsem použít utilitu SDFix v kombinaci s HiJack, ale vždy to zabere tak na hodinu a pak se Suspenzor zase objeví. Zkoušel jsem použít i utilitu ComboFix, ale po spuštění proces "vytuhne" a zabere jen sestřelit jej ve Správci úloh.
Dále se mi objevuje stále v IE okno s adresou, začínající http:\\reditty.com\... Nevím, jestli to má něco společného se Suspensorem.
Zřejmě kombinací toho všeho mi nesmyslně padá IE a počítač jako celek funguje velmi pomalu.
Používám Ad-Aware 2007 Pro, firewall ve Windows je zapnutý, dále antivir e-Trust. Níže přikládám log z HiJack.

Díky za pomoc.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:13, on 7.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SMSC\Seticon.exe
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\CA\eTrustITM\realmon.exe
C:\PROGRA~1\KYE\BLUETO~1\mouseElf.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Acer\GraviSense\GraviSense.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\T-Mobile Communication Centre\Centre.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\DOCUME~1\danek\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Total Commander\TOTALCMD.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\Program Files\HiJack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://PRIMA01:8080/array.dll?Get.Routing.Script
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = PRIMA01:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [KYESW] C:\PROGRA~1\KYE\BLUETO~1\KYE\KYESW.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\KYE\BLUETO~1\mouseElf.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [GraviSense] C:\Acer\GraviSense\GraviSense.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [BM532915e8] Rundll32.exe "C:\WINDOWS\system32\deqxqfju.dll",s
O4 - HKLM\..\Run: [501a2674] rundll32.exe "C:\WINDOWS\system32\uyggagff.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [T-Mobile Communication Centre] C:\Program Files\T-Mobile Communication Centre\Centre.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Stá&hnout vše programem ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Stáh&nout programem ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O9 - Extra button: Spy - {16664849-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O9 - Extra 'Tools' menuitem: MSIE &Spy - {16664849-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://prima01/connectcomputer/nshelp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5126126113
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} (GoToMeeting/GoToWebinar Web Starter) - https://www1.gotomeeting.com/default/ap ... 2mdlax.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = prima.local
O17 - HKLM\Software\..\Telephony: DomainName = prima.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = prima.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = prima.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = prima.local
O18 - Protocol: faroobject - {BF864E1D-CA63-4042-ADD6-C3F1F7D3CA34} - C:\Program Files\Common Files\FARO Shared\Object Browser.dll
O18 - Protocol: faroqrep - {8C2CF78C-9BB8-43C5-8B44-40C23F2025D2} - C:\Program Files\Common Files\FARO Shared\Quick Reporting.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: E404Helper - {75cf1678-98aa-4961-9c0a-32f71611a436} - e404d.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FARO Security Provider - FARO Technologies, Inc. - C:\Program Files\Common Files\FARO Shared\Security Provider.exe
O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust ITM Realtime Service (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 14027 bytes

[Reklama]

[Baron Prášil]

vítej na fóru PC-HELP

fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
O4 - HKLM\..\Run: [BM532915e8] Rundll32.exe "C:\WINDOWS\system32\deqxqfju.dll",s
O4 - HKLM\..\Run: [501a2674] rundll32.exe "C:\WINDOWS\system32\uyggagff.dll",b
O21 - SSODL: E404Helper - {75cf1678-98aa-4961-9c0a-32f71611a436} - e404d.dll (file missing)

Stáhni si Deckard's System Scanner a ulož ho na plochu.
- Zavři všechna spuštěná okna a spusť program, potvrď licenční podmínky a postupuj podle pokynů. Začne scanování.
- Až skončí tak by měl vytvořit 2 logy proto se ti 2krát otevře notepad. Jeden log bude mít název main.txt a druhý extra.txt. Tak sem zkopíruj pouze ten main.txt

[dave128]

Provedl jsem to, níže požadovaný log. Zatím moc dík.

Deckard's System Scanner v20071014.68
Run by danek on 2008-03-07 15:21:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
7: 2008-03-07 14:21:31 UTC - RP127 - Deckard's System Scanner Restore Point
6: 2008-03-07 10:32:24 UTC - RP126 - Kontrolní bod systému
5: 2008-03-05 10:29:31 UTC - RP125 - Kontrolní bod systému
4: 2008-03-01 12:36:40 UTC - RP124 - Instalace nepodepsaného ovladače
3: 2008-02-28 08:51:44 UTC - RP123 - Installed Ad-Aware 2007


-- First Restore Point --
1: 2008-02-27 12:11:01 UTC - RP121 - Kontrolní bod systému


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as danek.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:22:43, on 7.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SMSC\Seticon.exe
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\CA\eTrustITM\realmon.exe
C:\PROGRA~1\KYE\BLUETO~1\mouseElf.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Acer\GraviSense\GraviSense.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\T-Mobile Communication Centre\Centre.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\DOCUME~1\danek\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
D:\Install\Software\dss.exe
C:\PROGRA~1\HiJack\danek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://PRIMA01:8080/array.dll?Get.Routing.Script
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = PRIMA01:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {245A6CD4-5EA9-B9EB-791A-06F67243094D} - (no file)
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: {510dcde2-9eed-33eb-3114-e7179e24b716} - {617b42e9-717e-4113-be33-dee92edcd015} - C:\WINDOWS\system32\vxplahld.dll
O2 - BHO: (no name) - {7C5CD7E4-54F8-45FB-9406-CCA5C8FA1737} - C:\WINDOWS\system32\mljgh.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [KYESW] C:\PROGRA~1\KYE\BLUETO~1\KYE\KYESW.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\KYE\BLUETO~1\mouseElf.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [GraviSense] C:\Acer\GraviSense\GraviSense.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [BM532915e8] Rundll32.exe "C:\WINDOWS\system32\deqxqfju.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [T-Mobile Communication Centre] C:\Program Files\T-Mobile Communication Centre\Centre.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Stá&hnout vše programem ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Stáh&nout programem ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O9 - Extra button: Spy - {16664849-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O9 - Extra 'Tools' menuitem: MSIE &Spy - {16664849-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://prima01/connectcomputer/nshelp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5126126113
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} (GoToMeeting/GoToWebinar Web Starter) - https://www1.gotomeeting.com/default/ap ... 2mdlax.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = prima.local
O17 - HKLM\Software\..\Telephony: DomainName = prima.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = prima.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = prima.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = prima.local
O18 - Protocol: faroobject - {BF864E1D-CA63-4042-ADD6-C3F1F7D3CA34} - C:\Program Files\Common Files\FARO Shared\Object Browser.dll
O18 - Protocol: faroqrep - {8C2CF78C-9BB8-43C5-8B44-40C23F2025D2} - C:\Program Files\Common Files\FARO Shared\Quick Reporting.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: inrdxyhb - inrdxyhb.dll (file missing)
O20 - Winlogon Notify: winwkz32 - winwkz32.dll (file missing)
O20 - Winlogon Notify: wvurqrr - wvurqrr.dll (file missing)
O21 - SSODL: E404Helper - {75cf1678-98aa-4961-9c0a-32f71611a436} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FARO Security Provider - FARO Technologies, Inc. - C:\Program Files\Common Files\FARO Shared\Security Provider.exe
O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust ITM Realtime Service (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 14926 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\HiJack\backups\) ----------------------

backup-20080306-085004-148 O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
backup-20080307-152004-415 O21 - SSODL: E404Helper - {75cf1678-98aa-4961-9c0a-32f71611a436} - e404d.dll (file missing)
backup-20080307-152004-636 O4 - HKLM\..\Run: [501a2674] rundll32.exe "C:\WINDOWS\system32\uyggagff.dll",b
backup-20080307-152004-718 O4 - HKLM\..\Run: [BM532915e8] Rundll32.exe "C:\WINDOWS\system32\deqxqfju.dll",s

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHID (BlueTooth Traveler HID Manager Service) - c:\windows\system32\drivers\bthid.sys <Not Verified; KYE Systems Corporation; Genius Bluetooth HID Manager Driver>
R0 KyeBDM (Bluetooth Device Manager Service) - c:\windows\system32\drivers\kyebdm.sys <Not Verified; KYE Systems Corporation; Genius Bluetooth Device Manager driver>
R0 UBHelper - c:\windows\system32\drivers\ubhelper.sys
R1 OsaFsLoc - c:\windows\system32\drivers\osafsloc.sys <Not Verified; OSA Technologies; >
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.1200>
R2 int15.sys - c:\acer\empowering technology\erecovery\int15.sys
R2 osaio - c:\windows\system32\drivers\osaio.sys <Not Verified; OSA Technologies, An Avocent Company; Windows (R) 2000 DDK driver>
R2 osanbm - c:\windows\system32\drivers\osanbm.sys <Not Verified; Windows (R) 2000 DDK provider; OSA int15 Driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
R3 genmcmnUSB (Genius USB Mouse Driver) - c:\windows\system32\drivers\gflmouhid.sys <Not Verified; ; Low Filter Driver>
R3 KYEBTUSB (Genius Bluetooth USB dongle driver) - c:\windows\system32\drivers\kyebtusb.sys <Not Verified; KYE Systems Corporation; Genius Bluetooth USB Dongle driver>
R3 LVPrcMon (Logitech LVPrcMon Driver) - c:\windows\system32\drivers\lvprcmon.sys
R3 NdisFilt (OSA NdisFilter Protocol) - c:\windows\system32\drivers\ndisfilt.sys <Not Verified; OSA Technologies; >
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S2 gsensor - c:\windows\system32\gsensor.sys (file missing)
S2 USBHSB (GeneLink File Transfer Driver) - c:\windows\system32\drivers\usbhsb.sys
S3 catchme - c:\docume~1\danek\locals~1\temp\catchme.sys (file missing)
S3 FaroUsb (FaroUsb Device) - c:\windows\system32\drivers\farousb.sys <Not Verified; FARO Technologies, Inc.; FaroUsb Driver>
S3 NETMNT (Acer NetMonitor Protocol) - c:\windows\system32\drivers\netmnt.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 AWService (AdminWorks Agent X6) - "c:\acer\empowering technology\admserv.exe" <Not Verified; Avocent Inc.; Acer Empowering framework>
R2 iGateway (iTechnology iGateway 4.0) - "c:\program files\ca\sharedcomponents\itechnology\igateway.exe" <Not Verified; Computer Associates International, Inc.; iTechnology iGateway>
R2 InoRPC (eTrust ITM RPC Service) - "c:\program files\ca\etrustitm\inorpc.exe" <Not Verified; Computer Associates International, Inc.; eTrust ITM>
R2 InoRT (eTrust ITM Realtime Service) - "c:\program files\ca\etrustitm\inort.exe" <Not Verified; Computer Associates International, Inc.; eTrust ITM>
R2 InoTask (eTrust ITM Job Service) - "c:\program files\ca\etrustitm\inotask.exe" <Not Verified; Computer Associates International, Inc.; eTrust ITM>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>

S3 FARO Security Provider - "c:\program files\common files\faro shared\security provider.exe" <Not Verified; FARO Technologies, Inc.; FARO Security Provider Module>
S3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: GT EDGE Wireless WAN Adapter
Device ID: GTEDG\GPRS_NIC\00000
Manufacturer: Option NV
Name: GT EDGE Wireless WAN Adapter
PNP Device ID: GTEDG\GPRS_NIC\00000
Service: GTEDGWWNIC

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: GT Combo 802.11g Wireless LAN Adapter
Device ID: PCI\VEN_14E4&DEV_4325&SUBSYS_00041931&REV_03\5&37789E9B&0&0048F0
Manufacturer: Option
Name: GT Combo 802.11g Wireless LAN Adapter
PNP Device ID: PCI\VEN_14E4&DEV_4325&SUBSYS_00041931&REV_03\5&37789E9B&0&0048F0
Service: GT43XX

Class GUID: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
Description: Hostitelský řadič IEEE 1394 dle standardu OHCI
Device ID: PCI\VEN_1217&DEV_00F7&SUBSYS_00921025&REV_02\4&6B16D5B&0&4CF0
Manufacturer: Dodavatel hostitelského řadiče IEEE 1394 dle standardu OHCI
Name: Hostitelský řadič IEEE 1394 dle standardu OHCI
PNP Device ID: PCI\VEN_1217&DEV_00F7&SUBSYS_00921025&REV_02\4&6B16D5B&0&4CF0
Service: ohci1394


-- Files created between 2008-02-07 and 2008-03-07 -----------------------------

2008-03-07 08:01:20 96320 --a------ C:\WINDOWS\system32\vxplahld.dll
2008-03-07 07:58:20 91200 --a------ C:\WINDOWS\system32\uyggagff.dll
2008-03-07 07:55:15 92736 --a------ C:\WINDOWS\system32\deqxqfju.dll
2008-03-07 07:46:35 92736 --a------ C:\WINDOWS\system32\fyrarrgl.dll
2008-03-06 09:52:41 91200 -----n--- C:\WINDOWS\system32\wfbvlrpe.dll
2008-03-06 09:49:54 96832 --a------ C:\WINDOWS\system32\xsoxwncc.dll
2008-03-06 09:49:43 91712 --a------ C:\WINDOWS\system32\ospjjtbr.dll
2008-03-06 09:49:41 0 --a------ C:\WINDOWS\system32\xliykxke.dll
2008-03-06 08:55:42 96832 --a------ C:\WINDOWS\system32\vuudtbbx.dll
2008-03-06 08:17:20 96832 --a------ C:\WINDOWS\system32\cvianrhh.dll
2008-03-06 08:16:31 0 d-------- C:\Program Files\HiJack
2008-03-06 08:14:14 91712 --a------ C:\WINDOWS\system32\agncuqag.dll
2008-03-06 07:51:36 96832 --a------ C:\WINDOWS\system32\sinhsblh.dll
2008-03-06 07:46:39 91712 --a------ C:\WINDOWS\system32\qepnbfvr.dll
2008-03-05 14:29:20 94784 --a------ C:\WINDOWS\system32\cjambper.dll
2008-03-05 13:07:12 94784 --a------ C:\WINDOWS\system32\tbqoeicj.dll
2008-03-05 10:50:50 0 d-------- C:\Program Files\GameHouse
2008-03-05 08:55:38 96832 --a------ C:\WINDOWS\system32\cehsrdsc.dll
2008-03-05 08:44:23 96832 --a------ C:\WINDOWS\system32\johpaefe.dll
2008-03-05 08:02:08 0 d-------- C:\WINDOWS\ERUNT
2008-03-05 07:44:04 96832 --a------ C:\WINDOWS\system32\eddtrtll.dll
2008-03-05 07:11:27 96832 --a------ C:\WINDOWS\system32\areyqkxw.dll
2008-03-04 14:58:40 97344 --a------ C:\WINDOWS\system32\sgggysag.dll
2008-03-04 08:56:28 0 --a------ C:\WINDOWS\system32\mwvjvwmc.dll
2008-03-04 08:21:31 0 d--hs---- C:\WINDOWS\ftpcache
2008-03-04 08:13:56 0 --a------ C:\WINDOWS\system32\ynxcmvau.dll
2008-03-04 07:42:42 0 --a------ C:\WINDOWS\system32\vuysefkx.dll
2008-03-03 16:19:13 0 --a------ C:\WINDOWS\system32\nmccxajs.dll
2008-03-03 15:52:49 0 --a------ C:\WINDOWS\system32\levgxcce.dll
2008-03-03 15:49:56 0 --a------ C:\WINDOWS\system32\ikqjnkca.dll
2008-03-03 08:06:48 89664 --a------ C:\WINDOWS\system32\vxctanjh.dll
2008-03-03 07:24:04 89664 --a------ C:\WINDOWS\system32\gprsolsw.dll
2008-03-01 13:31:12 18690 --a------ C:\WINDOWS\system32\drivers\usbhsb.sys
2008-03-01 13:31:12 0 d-------- C:\Program Files\Genesys Logic
2008-02-28 09:58:04 0 --a------ C:\WINDOWS\system32\vrrnjhra.dll
2008-02-28 09:51:49 0 d-------- C:\Program Files\Lavasoft
2008-02-28 07:57:02 0 --a------ C:\WINDOWS\system32\dmhioylt.dll
2008-02-28 07:11:52 0 --a------ C:\WINDOWS\system32\kynxuebf.dll
2008-02-27 09:46:32 0 --a------ C:\WINDOWS\system32\ijdgbcxp.dll
2008-02-27 08:59:31 0 --a------ C:\WINDOWS\system32\twlwxnmt.dll
2008-02-27 07:43:30 0 --a------ C:\WINDOWS\system32\jorfuygq.dll
2008-02-26 14:27:24 0 --a------ C:\WINDOWS\system32\rcoxgino.dll


-- Find3M Report ---------------------------------------------------------------

2008-03-07 15:23:15 184281 ---hs---- C:\WINDOWS\system32\hgjlm.ini2
2008-03-07 14:53:36 0 d-------- C:\Documents and Settings\danek\Data aplikací\Skype
2008-03-07 07:53:21 162143 ---hs---- C:\WINDOWS\system32\hgjlm.bak2
2008-03-07 07:51:11 8405015 --a------ C:\WINDOWS\TempFile
2008-03-05 10:48:10 0 d-------- C:\Documents and Settings\danek\Data aplikací\Media Player Classic
2008-03-04 15:03:54 0 d-------- C:\Program Files\CCleaner
2008-02-28 09:51:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-28 07:46:11 0 d-------- C:\Documents and Settings\danek\Data aplikací\Help
2008-02-25 15:16:33 0 d-------- C:\Program Files\ReGetDx
2008-02-22 07:57:05 0 d-------- C:\Documents and Settings\danek\Data aplikací\AdobeUM
2008-02-03 14:17:43 0 d-------- C:\Program Files\DOSBox-0.72
2008-02-02 17:03:02 0 --------- C:\WINDOWS\system32\ylrpuxxv.dll
2008-02-02 15:27:50 0 --------- C:\WINDOWS\system32\vupkfddb.dll
2008-02-01 10:25:45 0 --------- C:\WINDOWS\system32\mxxptmej.dll
2008-01-30 10:02:29 0 --------- C:\WINDOWS\system32\lohkqgcv.dll
2008-01-28 19:37:44 0 --------- C:\WINDOWS\system32\ibfhqjas.dll
2008-01-28 16:04:55 0 --------- C:\WINDOWS\system32\waxqjexq.dll
2008-01-28 15:44:20 0 --------- C:\WINDOWS\system32\krkxceby.dll
2008-01-28 15:09:20 0 --------- C:\WINDOWS\system32\ljlgyhla.dll
2008-01-28 13:54:34 0 --------- C:\WINDOWS\system32\dmsebbqu.dll
2008-01-28 11:01:30 78912 --a------ C:\WINDOWS\system32\mebmvaye.dll
2008-01-28 07:50:39 78912 --a------ C:\WINDOWS\system32\dfemsxyx.dll
2008-01-25 10:59:00 50888 --a------ C:\Documents and Settings\danek\Data aplikací\GDIPFONTCACHEV1.DAT
2008-01-25 07:41:05 0 --------- C:\WINDOWS\system32\fawumfjd.dll
2008-01-23 10:08:19 77376 --a------ C:\WINDOWS\system32\isbplsfd.dll
2008-01-23 07:37:07 77376 --a------ C:\WINDOWS\system32\nxgklgsq.dll
2008-01-22 15:30:51 77376 --a------ C:\WINDOWS\system32\gpaxuouy.dll
2008-01-22 10:33:33 77376 --a------ C:\WINDOWS\system32\htwpxiln.dll
2008-01-22 07:40:06 0 --------- C:\WINDOWS\system32\ietqxgkv.dll
2008-01-21 07:42:21 79424 --a------ C:\WINDOWS\system32\yppunahu.dll
2008-01-18 07:41:00 77376 --a------ C:\WINDOWS\system32\heaefhmb.dll
2008-01-15 20:33:24 0 --------- C:\WINDOWS\system32\qtmjonpq.dll
2008-01-15 19:04:50 0 --------- C:\WINDOWS\system32\ncrnqlxb.dll
2008-01-15 18:01:50 0 --------- C:\WINDOWS\system32\ecyansor.dll
2008-01-15 16:58:50 0 --------- C:\WINDOWS\system32\ollumplq.dll
2008-01-15 15:23:01 0 --------- C:\WINDOWS\system32\lysxbxoa.dll
2008-01-14 23:10:37 77888 --a------ C:\WINDOWS\system32\msimtlai.dll
2008-01-14 22:13:30 76864 --a------ C:\WINDOWS\system32\amywevdx.dll
2008-01-14 21:16:30 76864 --a------ C:\WINDOWS\system32\poasyoql.dll
2008-01-14 20:10:30 76864 --a------ C:\WINDOWS\system32\nfkpgfbh.dll
2008-01-14 19:10:30 76864 --a------ C:\WINDOWS\system32\njujjkrn.dll
2008-01-14 18:26:14 76864 --a------ C:\WINDOWS\system32\plmctula.dll
2008-01-14 17:23:21 76864 --a------ C:\WINDOWS\system32\hqyxaeaq.dll
2008-01-14 11:11:53 76864 --a------ C:\WINDOWS\system32\edmptepe.dll
2008-01-14 08:04:38 76864 --a------ C:\WINDOWS\system32\tudvvmwx.dll
2008-01-10 09:14:29 88 --a------ C:\cmmcfg.dat
2008-01-07 12:29:18 0 d-------- C:\Documents and Settings\danek\Data aplikací\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{245A6CD4-5EA9-B9EB-791A-06F67243094D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{617b42e9-717e-4113-be33-dee92edcd015}]
07.03.2008 08:01 96320 --a------ C:\WINDOWS\system32\vxplahld.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C5CD7E4-54F8-45FB-9406-CCA5C8FA1737}]
30.11.2007 15:34 322144 --a------ C:\WINDOWS\system32\mljgh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [07.01.2005 16:17]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [07.01.2005 16:16]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [02.11.2004 20:24]
"SetIcon"="\Program Files\SMSC\Seticon.exe" [28.04.2004 14:02]
"logiscrsvr"="" []
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [18.08.2004 20:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [18.08.2004 20:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [18.08.2004 20:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [18.08.2004 20:00]
"LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [29.11.2005 14:45]
"LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [29.11.2005 14:51]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [01.11.2004 17:22]
"BluetoothAuthenticationAgent"="bthprops.cpl" [18.08.2004 20:00 C:\WINDOWS\system32\bthprops.cpl]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [19.10.2005 09:30]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [15.12.2005 19:13]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [18.11.2005 16:06]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [16.11.2005 17:00]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [24.10.2005 16:45]
"Realtime Monitor"="C:\Program Files\CA\eTrustITM\realmon.exe" [10.12.2005 01:57]
"KYESW"="C:\PROGRA~1\KYE\BLUETO~1\KYE\KYESW.exe" [07.04.2004 10:03]
"mouseElf"="C:\PROGRA~1\KYE\BLUETO~1\mouseElf.exe" [30.04.2004 16:36]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [02.01.2006 17:41]
"RTHDCPL"="RTHDCPL.EXE" [14.03.2006 17:01 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [03.05.2005 18:43 C:\WINDOWS\Alcmtr.exe]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [01.12.2005 17:57]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [30.11.2005 20:39]
"AGRSMMSG"="AGRSMMSG.exe" [14.10.2005 14:29 C:\WINDOWS\AGRSMMSG.exe]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [28.11.2005 11:41]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [28.11.2005 11:41]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [28.11.2005 11:47]
"GraviSense"="C:\Acer\GraviSense\GraviSense.exe" [14.03.2006 11:33]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [28.11.2006 01:12]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [13.06.2007 14:18]
"BM532915e8"="C:\WINDOWS\system32\deqxqfju.dll" [07.03.2008 07:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [18.08.2004 20:00]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [13.09.2007 13:31]
"T-Mobile Communication Centre"="C:\Program Files\T-Mobile Communication Centre\Centre.exe" [14.11.2007 12:21]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [12.11.2007 15:17:18]
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe [17.7.2003 21:50:42]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2.12.2005 14:30:42]
Microsoft Firewall Client Management.lnk - C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe [9.12.2006 19:04:10]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13.2.2001 10:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\inrdxyhb]
inrdxyhb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwkz32]
winwkz32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurqrr]
wvurqrr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljgh.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule

*Newly Created Service* - INT15.SYS



-- End of Deckard's System Scanner: finished at 2008-03-07 15:23:38 ------------

[Baron Prášil]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Pak dej Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: fix.reg
Uložit jako typ: tak tam vyber Všechny soubory
Ulož si daný soubor na plochu
Na ploše by se měl objevit soubor fix.reg spusť ho vyskočí hláška kde odklikni Ano poté je další hláška kde odklikni OK

poté použij Avenger
V hlavním dialogu je potřeba zvolit "Input script manually" a dále stisknout tlačítko s lupou. Otevře se editor, do kterého se již vkládají samotné "skripty".Skript se uvede do chodu stisknutím tlačítka se semaforem. Program se ještě zeptá, zda to myslíme vážně a následně nabídne okamžitý restart celého systému (doporučeno).

sktipt ke vložení

Kód: Vybrat vše

Files to delete:
C:\WINDOWS\system32\vxplahld.dll
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\deqxqfju.dll
C:\WINDOWS\system32\uyggagff.dll
C:\WINDOWS\system32\vxplahld.dll
C:\WINDOWS\system32\uyggagff.dll
C:\WINDOWS\system32\deqxqfju.dll
C:\WINDOWS\system32\fyrarrgl.dll
C:\WINDOWS\system32\wfbvlrpe.dll
C:\WINDOWS\system32\xsoxwncc.dll
C:\WINDOWS\system32\ospjjtbr.dll
C:\WINDOWS\system32\xliykxke.dll
C:\WINDOWS\system32\vuudtbbx.dll
C:\WINDOWS\system32\cvianrhh.dll
C:\WINDOWS\system32\agncuqag.dll
C:\WINDOWS\system32\sinhsblh.dll
C:\WINDOWS\system32\qepnbfvr.dll
C:\WINDOWS\system32\cjambper.dll
C:\WINDOWS\system32\tbqoeicj.dll
C:\WINDOWS\system32\cehsrdsc.dll
C:\WINDOWS\system32\johpaefe.dll
C:\WINDOWS\system32\eddtrtll.dll
C:\WINDOWS\system32\areyqkxw.dll
C:\WINDOWS\system32\sgggysag.dll
C:\WINDOWS\system32\mwvjvwmc.dll
C:\WINDOWS\system32\ynxcmvau.dll
C:\WINDOWS\system32\vuysefkx.dll
C:\WINDOWS\system32\nmccxajs.dll
C:\WINDOWS\system32\levgxcce.dll
C:\WINDOWS\system32\ikqjnkca.dll
C:\WINDOWS\system32\vxctanjh.dll
C:\WINDOWS\system32\gprsolsw.dll
C:\WINDOWS\system32\vrrnjhra.dll
C:\WINDOWS\system32\dmhioylt.dll
C:\WINDOWS\system32\kynxuebf.dll
C:\WINDOWS\system32\ijdgbcxp.dll
C:\WINDOWS\system32\twlwxnmt.dll
C:\WINDOWS\system32\jorfuygq.dll
C:\WINDOWS\system32\rcoxgino.dll
C:\WINDOWS\system32\ylrpuxxv.dll
C:\WINDOWS\system32\vupkfddb.dll
C:\WINDOWS\system32\mxxptmej.dll
C:\WINDOWS\system32\lohkqgcv.dll
C:\WINDOWS\system32\ibfhqjas.dll
C:\WINDOWS\system32\krkxceby.dll
C:\WINDOWS\system32\ljlgyhla.dll
C:\WINDOWS\system32\dmsebbqu.dll
C:\WINDOWS\system32\fawumfjd.dll
C:\WINDOWS\system32\isbplsfd.dll
C:\WINDOWS\system32\nxgklgsq.dll
C:\WINDOWS\system32\gpaxuouy.dll
C:\WINDOWS\system32\htwpxiln.dll
C:\WINDOWS\system32\ietqxgkv.dll
C:\WINDOWS\system32\yppunahu.dll
C:\WINDOWS\system32\heaefhmb.dll
C:\WINDOWS\system32\qtmjonpq.dll
C:\WINDOWS\system32\ncrnqlxb.dll
C:\WINDOWS\system32\ecyansor.dll
C:\WINDOWS\system32\ollumplq.dll
C:\WINDOWS\system32\msimtlai.dll
C:\WINDOWS\system32\amywevdx.dll
C:\WINDOWS\system32\poasyoql.dll
C:\WINDOWS\system32\nfkpgfbh.dll
C:\WINDOWS\system32\njujjkrn.dll
C:\WINDOWS\system32\plmctula.dll
C:\WINDOWS\system32\hqyxaeaq.dll
C:\WINDOWS\system32\edmptepe.dll
C:\WINDOWS\system32\tudvvmwx.dll

Registry keys to delete:
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{245A6CD4-5EA9-B9EB-791A-06F67243094D}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{617b42e9-717e-4113-be33-dee92edcd015}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C5CD7E4-54F8-45FB-9406-CCA5C8FA1737}
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\inrdxyhb
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwkz32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurqrr

Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | BM532915e8

Po restartu pošli log z hijackthis a info o problému

[dave128]

Zde log z HiJack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:51, on 7.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SMSC\Seticon.exe
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\CA\eTrustITM\realmon.exe
C:\PROGRA~1\KYE\BLUETO~1\mouseElf.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Acer\GraviSense\GraviSense.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\danek\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\T-Mobile Communication Centre\Centre.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Total Commander\TOTALCMD.EXE
C:\Program Files\HiJack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = PRIMA01:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {245A6CD4-5EA9-B9EB-791A-06F67243094D} - (no file)
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: {510dcde2-9eed-33eb-3114-e7179e24b716} - {617b42e9-717e-4113-be33-dee92edcd015} - C:\WINDOWS\system32\vxplahld.dll (file missing)
O2 - BHO: (no name) - {A88C5B9E-930B-4430-8F7B-D417C9C2BF0F} - C:\WINDOWS\system32\mljgh.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [KYESW] C:\PROGRA~1\KYE\BLUETO~1\KYE\KYESW.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\KYE\BLUETO~1\mouseElf.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [GraviSense] C:\Acer\GraviSense\GraviSense.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [501a2674] rundll32.exe "C:\WINDOWS\system32\qtljduhe.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [T-Mobile Communication Centre] C:\Program Files\T-Mobile Communication Centre\Centre.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Stá&hnout vše programem ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Stáh&nout programem ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O9 - Extra button: Spy - {16664849-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O9 - Extra 'Tools' menuitem: MSIE &Spy - {16664849-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://prima01/connectcomputer/nshelp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5126126113
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} (GoToMeeting/GoToWebinar Web Starter) - https://www1.gotomeeting.com/default/ap ... 2mdlax.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = prima.local
O17 - HKLM\Software\..\Telephony: DomainName = prima.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = prima.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = prima.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = prima.local
O18 - Protocol: faroobject - {BF864E1D-CA63-4042-ADD6-C3F1F7D3CA34} - C:\Program Files\Common Files\FARO Shared\Object Browser.dll
O18 - Protocol: faroqrep - {8C2CF78C-9BB8-43C5-8B44-40C23F2025D2} - C:\Program Files\Common Files\FARO Shared\Quick Reporting.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: E404Helper - {75cf1678-98aa-4961-9c0a-32f71611a436} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FARO Security Provider - FARO Technologies, Inc. - C:\Program Files\Common Files\FARO Shared\Security Provider.exe
O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust ITM Realtime Service (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 14681 bytes


Zatím to vypadá dobře, bez problémů. Snad to bude v pořádku i v pondělí, až zase zapnu PC.

[Baron Prášil]

nee.v pořádku to není. bylo by dobré nainstalovat solidní firewall !
vyber si tady,doporučuju ZoneAlarm nebo Comodo
návod na ZA http://www.kn.vutbr.cz/docs/conf/zonealarm/
na comodo http://www.nforce.cz/modules.php?name=N ... cle&sid=18

potom udělej sdfix
Stáhni si SDFix
a spusť ho,vybalí se do vlastní složky (bude asi na C:\SDfix).

Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.

Po naběhnutí OS by ti měl zobrazit výpis SDFixu tak ho sem zkopíruj. pokud ti nevyběhne tak je umístěný ve své vlastní složce jako Report.txt

a ten Deckard's System Scanner udělej poté taky (zkus i ten combofix-bylo by to jednodušší)

[dave128]

S instalací firewallu mám trochu problém. Po instalaci firewallu Comodo se mi při startu zobrazí modrá obrazovka a systém se opakovaně restartuje. Naštěstí fungoval nouzový režim, kde jsem musel Comodo firewall odinstalovat. Myslím, že problém je v tom, že funguji v doméně a nedokážu vypnout standardní firewall ve Windows. Problém ale samozřejmě muže být někde jinde.
Taky bych rád věděl, jestli si Comodo firewall nepřekáží s Ad-Aware, příp. Ad-Watch.
Každopádně jsem provedl SDFix a poté Deckard (při použití Combo-Fix mi stále mrzne počítač). Výpis z SDFix je zde:

SDFix: Version 1.153

Run by Administrator on po 10.03.2008 at 09:55

Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 10:02:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0014a48cc65c]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:79,6d,6e,15,ac,d7,86,55,52,69,b0,1c,97,8f,14,94,3e,4b,cb,40,10,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,79,b9,34,2a,d6,10,68,5e,99,87,18,96,07,9a,97,b1,4f,..
"khjeh"=hex:9d,28,20,7a,44,4d,81,cd,a1,17,98,d4,e1,a1,ad,2f,08,4a,37,7d,ae,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:74,53,18,2d,98,9f,1c,a8,e6,0a,f8,61,c3,b7,ff,ac,cb,a3,31,8b,ab,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0014a48cc65c]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2b,f3,29,b5,e3,00,ad,03,1a,2b,77,33,b9,30,6b,db,27,a8,1c,02,53,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,79,b9,34,2a,d6,10,68,5e,99,87,18,96,07,9a,97,b1,4f,..
"khjeh"=hex:9d,28,20,7a,44,4d,81,cd,a1,17,98,d4,e1,a1,ad,2f,08,4a,37,7d,ae,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b0,3d,14,11,8b,59,92,2b,9e,20,94,26,bf,87,7e,50,04,d8,1c,72,2e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0014a48cc65c]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2b,f3,29,b5,e3,00,ad,03,1a,2b,77,33,b9,30,6b,db,27,a8,1c,02,53,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,79,b9,34,2a,d6,10,68,5e,99,87,18,96,07,9a,97,b1,4f,..
"khjeh"=hex:9d,28,20,7a,44,4d,81,cd,a1,17,98,d4,e1,a1,ad,2f,08,4a,37,7d,ae,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b0,3d,14,11,8b,59,92,2b,9e,20,94,26,bf,87,7e,50,04,d8,1c,72,2e,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000000
"TracesSuccessful"=dword:00000000
"LastTraceFailure"=dword:00000000

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Outlook\\OFFICE11\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Outlook\\OFFICE11\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\DOCUME~1\\danek\\LOCALS~1\\Temp\\win1B.exe"="C:\\DOCUME~1\\danek\\LOCALS~1\\Temp\\win1B.exe:*:Enabled:win1B"
"C:\\WINDOWS\\system32\\fmaovglw.exe"="C:\\WINDOWS\\system32\\fma"
"C:\\WINDOWS\\system32\\qtgmsuft.exe"="C:\\WINDOWS\\system32\\qtg"
"C:\\WINDOWS\\system32\\evshdmlg.exe"="C:\\WINDOWS\\system32\\evs"
"C:\\WINDOWS\\system32\\brbrxctx.exe"="C:\\WINDOWS\\system32\\brb"
"C:\\WINDOWS\\system32\\lgytwrmy.exe"="C:\\WINDOWS\\system32\\lgy"
"C:\\WINDOWS\\system32\\jehsillf.exe"="C:\\WINDOWS\\system32\\jeh"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\instsrv.exe"="C:\\WINDOWS\\instsrv.exe:*:Enabled:eTrust Antivirus Remote Installation Program"
"C:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe"="C:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe:*:Enabled:igateway"
"C:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"="C:\\Program Files\\CA\\eTrustITM\\InoRpc.exe:*:Enabled:eTrust ITM - RPC Service"
"C:\\Program Files\\CA\\eTrustITM\\Realmon.exe"="C:\\Program Files\\CA\\eTrustITM\\Realmon.exe:*:Enabled:eTrust ITM - Realtime monitor"
"C:\\Program Files\\CA\\eTrustITM\\Shellscn.exe"="C:\\Program Files\\CA\\eTrustITM\\Shellscn.exe:*:Enabled:eTrust ITM - Shell Scanner"
"C:\\Program Files\\Common Files\\NewTech Infosystems\\LiveUpdate\\LiveUpdate.exe"="C:\\Program Files\\Common Files\\NewTech Infosystems\\LiveUpdate\\LiveUpdate.exe:*:Enabled:LiveUpdate"
"C:\\Program Files\\Microsoft Outlook\\OFFICE11\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Outlook\\OFFICE11\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Total Commander\\TOTALCMD.EXE"="C:\\Program Files\\Total Commander\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

Remaining Files :



Files with Hidden Attributes :

Thu 13 Dec 2007 63,556 ..SH. --- "C:\WINDOWS\system32\hgjlm.tmp"
Fri 30 Nov 2007 6,496 ..SH. --- "C:\WINDOWS\system32\hgjlm.bak1"
Fri 7 Mar 2008 162,143 ..SH. --- "C:\WINDOWS\system32\hgjlm.bak2"
Sat 29 Dec 2007 31,350 ..SH. --- "C:\WINDOWS\system32\inrdxyhb.dllbox"
Tue 13 Nov 2007 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Tue 13 Nov 2007 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Tue 20 Dec 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Tue 13 Nov 2007 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Tue 13 Nov 2007 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Fri 16 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!

[dave128]

S instalací firewallu mám trochu problém. Po instalaci firewallu Comodo se mi při startu zobrazí modrá obrazovka a systém se opakovaně restartuje. Naštěstí fungoval nouzový režim, kde jsem musel Comodo firewall odinstalovat. Myslím, že problém je v tom, že funguji v doméně a nedokážu vypnout standardní firewall ve Windows. Problém ale samozřejmě muže být někde jinde.
Taky bych rád věděl, jestli si Comodo firewall nepřekáží s Ad-Aware, příp. Ad-Watch.
Každopádně jsem provedl SDFix a poté Deckard (při použití Combo-Fix mi stále mrzne počítač). Výpis z SDFix je zde:

SDFix: Version 1.153

Run by Administrator on po 10.03.2008 at 09:55

Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 10:02:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0014a48cc65c]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:79,6d,6e,15,ac,d7,86,55,52,69,b0,1c,97,8f,14,94,3e,4b,cb,40,10,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,79,b9,34,2a,d6,10,68,5e,99,87,18,96,07,9a,97,b1,4f,..
"khjeh"=hex:9d,28,20,7a,44,4d,81,cd,a1,17,98,d4,e1,a1,ad,2f,08,4a,37,7d,ae,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:74,53,18,2d,98,9f,1c,a8,e6,0a,f8,61,c3,b7,ff,ac,cb,a3,31,8b,ab,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0014a48cc65c]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2b,f3,29,b5,e3,00,ad,03,1a,2b,77,33,b9,30,6b,db,27,a8,1c,02,53,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,79,b9,34,2a,d6,10,68,5e,99,87,18,96,07,9a,97,b1,4f,..
"khjeh"=hex:9d,28,20,7a,44,4d,81,cd,a1,17,98,d4,e1,a1,ad,2f,08,4a,37,7d,ae,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b0,3d,14,11,8b,59,92,2b,9e,20,94,26,bf,87,7e,50,04,d8,1c,72,2e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0014a48cc65c]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:2b,f3,29,b5,e3,00,ad,03,1a,2b,77,33,b9,30,6b,db,27,a8,1c,02,53,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,79,b9,34,2a,d6,10,68,5e,99,87,18,96,07,9a,97,b1,4f,..
"khjeh"=hex:9d,28,20,7a,44,4d,81,cd,a1,17,98,d4,e1,a1,ad,2f,08,4a,37,7d,ae,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b0,3d,14,11,8b,59,92,2b,9e,20,94,26,bf,87,7e,50,04,d8,1c,72,2e,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000000
"TracesSuccessful"=dword:00000000
"LastTraceFailure"=dword:00000000

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Outlook\\OFFICE11\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Outlook\\OFFICE11\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\DOCUME~1\\danek\\LOCALS~1\\Temp\\win1B.exe"="C:\\DOCUME~1\\danek\\LOCALS~1\\Temp\\win1B.exe:*:Enabled:win1B"
"C:\\WINDOWS\\system32\\fmaovglw.exe"="C:\\WINDOWS\\system32\\fma"
"C:\\WINDOWS\\system32\\qtgmsuft.exe"="C:\\WINDOWS\\system32\\qtg"
"C:\\WINDOWS\\system32\\evshdmlg.exe"="C:\\WINDOWS\\system32\\evs"
"C:\\WINDOWS\\system32\\brbrxctx.exe"="C:\\WINDOWS\\system32\\brb"
"C:\\WINDOWS\\system32\\lgytwrmy.exe"="C:\\WINDOWS\\system32\\lgy"
"C:\\WINDOWS\\system32\\jehsillf.exe"="C:\\WINDOWS\\system32\\jeh"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\instsrv.exe"="C:\\WINDOWS\\instsrv.exe:*:Enabled:eTrust Antivirus Remote Installation Program"
"C:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe"="C:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe:*:Enabled:igateway"
"C:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"="C:\\Program Files\\CA\\eTrustITM\\InoRpc.exe:*:Enabled:eTrust ITM - RPC Service"
"C:\\Program Files\\CA\\eTrustITM\\Realmon.exe"="C:\\Program Files\\CA\\eTrustITM\\Realmon.exe:*:Enabled:eTrust ITM - Realtime monitor"
"C:\\Program Files\\CA\\eTrustITM\\Shellscn.exe"="C:\\Program Files\\CA\\eTrustITM\\Shellscn.exe:*:Enabled:eTrust ITM - Shell Scanner"
"C:\\Program Files\\Common Files\\NewTech Infosystems\\LiveUpdate\\LiveUpdate.exe"="C:\\Program Files\\Common Files\\NewTech Infosystems\\LiveUpdate\\LiveUpdate.exe:*:Enabled:LiveUpdate"
"C:\\Program Files\\Microsoft Outlook\\OFFICE11\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Outlook\\OFFICE11\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Total Commander\\TOTALCMD.EXE"="C:\\Program Files\\Total Commander\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

Remaining Files :



Files with Hidden Attributes :

Thu 13 Dec 2007 63,556 ..SH. --- "C:\WINDOWS\system32\hgjlm.tmp"
Fri 30 Nov 2007 6,496 ..SH. --- "C:\WINDOWS\system32\hgjlm.bak1"
Fri 7 Mar 2008 162,143 ..SH. --- "C:\WINDOWS\system32\hgjlm.bak2"
Sat 29 Dec 2007 31,350 ..SH. --- "C:\WINDOWS\system32\inrdxyhb.dllbox"
Tue 13 Nov 2007 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Tue 13 Nov 2007 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Tue 20 Dec 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Tue 13 Nov 2007 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Tue 13 Nov 2007 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Fri 16 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!

[dave128]

Ještě jsem zapomněl dodat, že mi nyní IE funguje naprosto bez problémů, dokonce i interní síť, se kterou se předtím téměř vůbec nedalo pracovat. Také už nevyskakují žádná nechtěná okna ani chybové hlášky...

SUPER!!!

[Baron Prášil]

fajn - SUPER!!! - mi jako výsledek snažení v podstatě stačí.takže jako správný virtuální řemeslník
ještě zametu

vyčisti systém CCleanerem a RegCleanerem
použijT-Cleaner smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

a rádo se stalo a příště se obraťte opět na nás

[dave128]

Díky mooooooc!!!