co je to za vir?PDM.DNS Query

[jarek26]

dobry den, pomozete mi ci je ten vir skodlivy? pise mi na jeden program PDM.DNS Query ale neberie ho ako vir ani ci to chcem vymazat,ale ze len moze poskodit system,zobrazuje to na internet download manager.da sa to nejako vyliecit?
Dakujem

[vyosek]

Zdravim a pekny vecer preji

Jak antivir pouzivate

Dejte presne umisteni hlaseneho souboru, pripadne screen hlaseni

A jeste poprosim o logy z RSIT http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 (log.txt i info.txt), budou v c:\rsit

[jarek26]

pouzival som kis 2012 na 30 dni ako skusku a teraz mam kav 2012 na 30 dni.hlasenie vypise dole pri kasperskom to co som pisal,a umiestenie suboru,ja ho mam v programu files internet doenload manager IDMAN2.exe,ale to iste napsalo aj pri rsit ked som spustil.No ten rsit log:
Dakujem
Logfile of random's system information tool 1.09 (written by random/random)
Run by jaroslav at 2011-11-29 19:13:37
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 64 GB (80%) free of 80 GB
Total RAM: 1015 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:13:53, on 29.11.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Ralink\Common\RaRegistry.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\jaroslav\Desktop\RSIT.exe
C:\Program Files\trend micro\jaroslav.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan2.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stiahnuť s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stiahnuť s IDM všetky prepojenia - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtuální klávesnice - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: K&ontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Služba Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Ralink\Common\RaRegistry.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 5852 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\jaroslav\Application Data\Mozilla\Firefox\Profiles\0iw58wkk.default

prefs.js - "browser.startup.homepage" - "http://www.google.com/"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"linkfilter@kaspersky.ru"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
"virtualKeyboard@kaspersky.ru"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\jaroslav\Application Data\Mozilla\Firefox\Profiles\0iw58wkk.default\searchplugins\
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files\Internet Download Manager\IDMIECC.dll [2011-09-15 210352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-23 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll [2011-04-24 86416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll [2011-04-24 229776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-03-26 19522592]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-16 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-16 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-16 131072]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-04-24 202296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"IDMan"=C:\Program Files\Internet Download Manager\IDMan2.exe [2011-09-16 3425688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-16 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2011-04-24 229776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2010-06-16 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoDriveTypeAutoRun"=347

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ICQ7.6\ICQ.exe"="C:\Program Files\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-11-29 19:13:37 ----D---- C:\rsit
2011-11-29 12:22:37 ----A---- C:\WINDOWS\system32\drivers\klin.dat
2011-11-29 12:22:36 ----A---- C:\WINDOWS\system32\drivers\klick.dat
2011-11-29 12:20:56 ----D---- C:\Program Files\Kaspersky Lab
2011-11-29 12:20:56 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2011-11-29 12:20:33 ----A---- C:\WINDOWS\system32\drivers\klif.sys
2011-11-26 21:31:18 ----D---- C:\Documents and Settings\jaroslav\Application Data\LibreOffice
2011-11-24 19:58:19 ----A---- C:\WINDOWS\system32\pncrt.dll
2011-11-24 19:09:41 ----D---- C:\Documents and Settings\All Users\Application Data\Eltima Software
2011-11-24 19:09:38 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2011-11-24 19:01:35 ----D---- C:\Documents and Settings\jaroslav\Application Data\DVDVideoSoft
2011-11-23 10:45:47 ----D---- C:\Documents and Settings\All Users\Application Data\Juliette's Fashion Empire
2011-11-19 22:38:44 ----A---- C:\WINDOWS\system32\drivers\sscdwhnt.sys
2011-11-19 22:38:44 ----A---- C:\WINDOWS\system32\drivers\sscdwh.sys
2011-11-19 22:38:44 ----A---- C:\WINDOWS\system32\drivers\sscdserd.sys
2011-11-19 22:38:44 ----A---- C:\WINDOWS\system32\drivers\sscdmdm.sys
2011-11-19 22:38:44 ----A---- C:\WINDOWS\system32\drivers\sscdmdfl.sys
2011-11-19 22:38:44 ----A---- C:\WINDOWS\system32\drivers\sscdcmnt.sys
2011-11-19 22:38:44 ----A---- C:\WINDOWS\system32\drivers\sscdcm.sys
2011-11-19 22:38:44 ----A---- C:\WINDOWS\system32\drivers\sscdbus.sys
2011-11-19 22:38:24 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2011-11-19 22:38:21 ----D---- C:\Program Files\Samsung
2011-11-19 22:32:41 ----A---- C:\WINDOWS\system32\drivers\vfwwdm32.dll
2011-11-19 22:32:29 ----D---- C:\Program Files\Realtek
2011-11-19 22:29:45 ----D---- C:\SwSetup
2011-11-19 21:31:13 ----A---- C:\WINDOWS\tosOBEX.INI
2011-11-19 21:31:01 ----A---- C:\WINDOWS\WirelessFTP.INI
2011-11-19 21:29:30 ----D---- C:\Documents and Settings\jaroslav\Application Data\TOSHIBA
2011-11-19 19:39:55 ----D---- C:\Program Files\Common Files\Bitdefender
2011-11-18 20:55:19 ----D---- C:\Program Files\Common Files\ANWSOFT
2011-11-18 20:55:02 ----D---- C:\Program Files\Common Files\A&W
2011-11-18 20:55:01 ----D---- C:\Program Files\ANWSOFT
2011-11-18 20:53:49 ----D---- C:\Program Files\Common Files\InstallShield
2011-11-18 20:52:15 ----A---- C:\WINDOWS\system32\drivers\tosrfusb.sys
2011-11-18 20:52:14 ----A---- C:\WINDOWS\system32\drivers\tosrfbd.sys
2011-11-18 20:52:13 ----A---- C:\WINDOWS\system32\drivers\Tosrfhid.sys
2011-11-18 20:52:11 ----A---- C:\WINDOWS\system32\drivers\tosrfbnp.sys
2011-11-18 20:52:10 ----A---- C:\WINDOWS\system32\drivers\TosRfSnd.sys
2011-11-18 20:52:10 ----A---- C:\WINDOWS\system32\drivers\tosrfnds.sys
2011-11-18 20:52:09 ----A---- C:\WINDOWS\system32\drivers\tosrfcom.sys
2011-11-18 20:52:06 ----A---- C:\WINDOWS\system32\drivers\tosporte.sys
2011-11-18 20:51:25 ----D---- C:\Program Files\Toshiba
2011-11-18 19:21:28 ----D---- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
2011-11-17 14:56:20 ----D---- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2011-11-17 13:37:29 ----A---- C:\WINDOWS\IsUninst.exe
2011-11-17 12:26:52 ----A---- C:\WINDOWS\uninst.exe
2011-11-17 12:24:45 ----A---- C:\WINDOWS\QTW.INI
2011-11-17 12:20:51 ----A---- C:\WINDOWS\UNINST16.EXE
2011-11-16 17:37:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893-v2$
2011-11-16 17:17:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2641690$
2011-11-16 07:40:00 ----A---- C:\WINDOWS\system32\drivers\disk.sys
2011-11-16 07:39:31 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2011-11-13 20:49:30 ----A---- C:\WINDOWS\system32\msonpmon.dll
2011-11-13 20:46:44 ----D---- C:\Program Files\Microsoft Works
2011-11-13 20:45:50 ----D---- C:\Program Files\Microsoft Visual Studio
2011-11-13 20:45:50 ----D---- C:\Program Files\Common Files\DESIGNER
2011-11-13 20:44:48 ----D---- C:\Program Files\Microsoft.NET
2011-11-13 20:41:40 ----D---- C:\Program Files\Microsoft Visual Studio 8
2011-11-13 20:40:06 ----D---- C:\WINDOWS\SHELLNEW
2011-11-13 20:39:41 ----D---- C:\Program Files\Microsoft Office
2011-11-13 20:39:40 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2011-11-13 20:39:15 ----RHD---- C:\MSOCache
2011-11-09 10:16:42 ----A---- C:\WINDOWS\system32\drivers\bthpan.sys
2011-11-09 10:16:18 ----A---- C:\WINDOWS\system32\drivers\rfcomm.sys
2011-11-09 10:16:18 ----A---- C:\WINDOWS\system32\drivers\bthenum.sys
2011-11-09 10:16:17 ----A---- C:\WINDOWS\system32\wshirda.dll
2011-11-09 10:16:17 ----A---- C:\WINDOWS\system32\irmon.dll
2011-11-09 10:16:17 ----A---- C:\WINDOWS\system32\irftp.exe
2011-11-09 10:15:53 ----A---- C:\WINDOWS\system32\drivers\BTHUSB.SYS
2011-11-07 14:13:02 ----A---- C:\WINDOWS\system32\WMErrSKY.dll
2011-11-07 14:13:01 ----D---- C:\WINDOWS\system32\1051
2011-11-07 13:10:24 ----D---- C:\WINDOWS\system32\1029
2011-11-06 22:28:38 ----A---- C:\WINDOWS\mscomp.ini
2011-11-05 07:20:33 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2011-11-04 21:04:52 ----D---- C:\WINDOWS\SxsCaPendDel
2011-11-04 20:30:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2570791$
2011-11-04 20:30:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2011-11-04 20:29:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2011-11-04 20:29:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2567680$
2011-11-04 20:29:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2011-11-04 20:29:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2483614$
2011-11-04 20:29:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2011-11-04 20:28:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2011-11-04 20:28:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2011-11-04 20:28:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2011-11-04 20:28:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2011-11-04 20:27:56 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2011-11-04 20:27:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2011-11-04 20:27:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2011-11-04 20:27:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2011-11-04 20:27:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$
2011-11-04 20:26:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2011-11-04 20:26:38 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2011-11-04 20:20:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-11-04 20:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2616676-v2$
2011-11-04 20:09:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2476490$
2011-11-04 20:09:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2011-11-04 20:09:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2011-11-04 20:08:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2011-11-04 20:04:30 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2011-11-04 19:59:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2567053$
2011-11-04 19:59:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2011-11-04 19:59:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2570222$
2011-11-04 19:58:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$
2011-11-04 19:58:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2412687$
2011-11-04 19:58:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2570947$
2011-11-04 19:58:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2508272$
2011-11-04 19:58:17 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2011-11-04 19:58:08 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2011-11-04 19:58:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2507618$
2011-11-04 19:57:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2011-11-04 19:57:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$
2011-11-04 19:56:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$
2011-11-04 19:56:47 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2011-11-04 19:56:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893$
2011-11-04 19:56:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$
2011-11-04 19:56:10 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2011-11-04 19:56:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$
2011-11-04 19:55:54 ----D---- C:\WINDOWS\ie8updates
2011-11-04 19:55:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2011-11-04 19:55:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2011-11-04 19:55:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2011-11-04 19:55:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2562937$
2011-11-04 19:55:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2011-11-04 08:26:28 ----SHD---- C:\RECYCLER
2011-11-04 06:18:07 ----D---- C:\WINDOWS\temp

======List of files/folders modified in the last 1 month======

2011-11-29 19:13:53 ----D---- C:\Program Files\trend micro
2011-11-29 19:07:42 ----D---- C:\Documents and Settings\jaroslav\Application Data\DMCache
2011-11-29 19:01:29 ----D---- C:\WINDOWS\system32
2011-11-29 19:01:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-11-29 18:57:04 ----D---- C:\WINDOWS
2011-11-29 18:55:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-11-29 18:26:38 ----SHD---- C:\WINDOWS\Installer
2011-11-29 15:32:21 ----D---- C:\Documents and Settings\jaroslav\Application Data\IDM
2011-11-29 14:13:07 ----D---- C:\WINDOWS\system32\drivers
2011-11-29 12:23:04 ----SHD---- C:\System Volume Information
2011-11-29 12:22:24 ----HD---- C:\WINDOWS\inf
2011-11-29 12:20:56 ----RD---- C:\Program Files
2011-11-29 12:20:49 ----D---- C:\WINDOWS\system32\CatRoot2
2011-11-29 12:10:52 ----D---- C:\Program Files\Mozilla Firefox
2011-11-26 21:48:04 ----D---- C:\WINDOWS\WinSxS
2011-11-26 21:47:53 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-11-26 21:46:19 ----SD---- C:\Documents and Settings\jaroslav\Application Data\Microsoft
2011-11-26 21:44:23 ----RSD---- C:\WINDOWS\assembly
2011-11-26 21:15:56 ----RSD---- C:\WINDOWS\Fonts
2011-11-26 19:24:17 ----A---- C:\WINDOWS\NeroDigital.ini
2011-11-24 19:24:13 ----D---- C:\Program Files\Common Files
2011-11-22 17:53:32 ----D---- C:\WINDOWS\system32\CatRoot
2011-11-20 00:26:55 ----D---- C:\WINDOWS\pss
2011-11-19 22:38:20 ----HD---- C:\Program Files\InstallShield Installation Information
2011-11-19 22:32:42 ----D---- C:\WINDOWS\twain_32
2011-11-19 22:32:34 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-11-18 20:52:15 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-11-17 12:43:10 ----D---- C:\Program Files\Internet Explorer
2011-11-17 12:20:51 ----D---- C:\WINDOWS\system
2011-11-17 09:28:21 ----D---- C:\WINDOWS\Prefetch
2011-11-16 20:55:04 ----D---- C:\WINDOWS\Debug
2011-11-16 17:37:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-11-16 17:37:13 ----HD---- C:\WINDOWS\$hf_mig$
2011-11-16 17:18:02 ----A---- C:\WINDOWS\system32\mrt.exe
2011-11-16 16:53:26 ----A---- C:\WINDOWS\win.ini
2011-11-16 16:53:00 ----D---- C:\Program Files\Common Files\System
2011-11-13 20:49:16 ----D---- C:\WINDOWS\system32\config
2011-11-13 20:44:48 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2011-11-09 10:19:01 ----D---- C:\WINDOWS\security
2011-11-07 18:09:30 ----D---- C:\WINDOWS\Microsoft.NET
2011-11-07 14:18:07 ----A---- C:\WINDOWS\system.ini
2011-11-07 14:15:54 ----D---- C:\WINDOWS\mui
2011-11-07 14:13:47 ----D---- C:\WINDOWS\system32\wbem
2011-11-07 14:13:07 ----D---- C:\WINDOWS\pchealth
2011-11-07 14:13:07 ----D---- C:\WINDOWS\Help
2011-11-07 14:13:02 ----D---- C:\Program Files\Windows Media Player
2011-11-07 13:10:19 ----D---- C:\WINDOWS\system32\oobe
2011-11-07 13:10:18 ----RD---- C:\WINDOWS\Web
2011-11-07 13:10:16 ----D---- C:\WINDOWS\AppPatch
2011-11-05 06:44:58 ----D---- C:\Documents and Settings\jaroslav\Application Data\Skype
2011-11-04 21:06:30 ----D---- C:\WINDOWS\system32\XPSViewer
2011-11-04 21:06:25 ----D---- C:\WINDOWS\system32\en-US
2011-11-04 19:56:48 ----D---- C:\Program Files\Movie Maker
2011-11-04 19:55:11 ----D---- C:\Program Files\Outlook Express
2011-11-04 19:54:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2011-11-04 19:45:45 ----D---- C:\WINDOWS\system32\Restore
2011-11-04 11:03:42 ----D---- C:\Documents and Settings\jaroslav\Application Data\Ahead
2011-11-01 23:52:53 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2010-03-04 435736]
R0 iastor78;iastor78; C:\WINDOWS\system32\drivers\iastor78.sys [2010-06-29 308248]
R0 KL1;kl1; C:\WINDOWS\system32\DRIVERS\kl1.sys [2011-03-04 133208]
R1 IDMTDI;IDMTDI; C:\WINDOWS\system32\DRIVERS\idmtdi.sys [2011-07-06 101616]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kl2;kl2; C:\WINDOWS\system32\DRIVERS\kl2.sys [2011-03-04 11352]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2011-11-29 565552]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-05-24 64000]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2008-05-29 62848]
R2 Scutum50;Scutum50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\Scutum50.sys [2009-04-22 19072]
R3 AsusACPI;ASUS ACPI Driver; C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2008-04-08 10752]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-16 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-03-26 5883936]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2011-03-10 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-11-02 19472]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2009-03-31 39424]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S2 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 KMWDFILTER;HIDUASDesc; C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 RT80x86;Ralink 802.11n Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2860.sys [2010-02-04 1323040]
S3 rtsuvc;Realtek USB2.0 PC Camera; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 sscdserd;SAMSUNG Mobile Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2007-07-03 86824]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2007-01-22 53376]
S3 tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-06-11 41856]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2010-06-16 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2010-06-16 82944]
S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2008-09-29 133632]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Služba Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-04-24 202296]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files\Ralink\Common\RaRegistry.exe [2009-12-16 185632]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-30 800040]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-28 279848]

-----------------EOF-----------------

[vyosek]

Stahnete SytemLook (viz muj podpis) a ulozte jej na plochu

• Do okna vlozte skript nize

• Kód: Vybrat vše

  :filefind
  IDMAN2.exe

• Kliknete na Look
• Tlacitko Look se zmeni na Scanning a zsedne
• Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
• Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte

[jarek26]

ten log:
SystemLook 30.07.11 by jpshortstuff
Log created at 19:27 on 29/11/2011 by jaroslav
Administrator - Elevation successful

========== filefind ==========

Searching for "IDMAN2.exe"
C:\Program Files\Internet Download Manager\IDMan2.exe --a---- 3425688 bytes [15:12 15/09/2011] [10:52 16/09/2011] 2E31B87C16AC0A4E98001B578EE5DAD1

-= EOF =-

[vyosek]

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

• C:\Program Files\Internet Download Manager\IDMan2.exe
• Kliknete na Prochazet
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Kliknete na Send File
• Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
  
• Vysledek analyzy sem vlozte (jako odkaz)

[jarek26]

vysledek z virusu totalu:
File name:
IDMan2.exe
Submission date:
2011-11-29 19:18:06 (UTC)
Current status:
finished
Result:
1/ 43 (2.3%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.11.29.01 2011.11.29 -
AntiVir 7.11.18.123 2011.11.29 -
Antiy-AVL 2.0.3.7 2011.11.29 -
Avast 6.0.1289.0 2011.11.29 -
AVG 10.0.0.1190 2011.11.29 -
BitDefender 7.2 2011.11.29 -
ByteHero 1.0.0.1 2011.11.29 -
CAT-QuickHeal 12.00 2011.11.29 -
ClamAV 0.97.3.0 2011.11.29 -
Commtouch 5.3.2.6 2011.11.29 -
Comodo 10793 2011.11.29 Heur.Suspicious
DrWeb 5.0.2.03300 2011.11.29 -
Emsisoft 5.1.0.11 2011.11.29 -
eSafe 7.0.17.0 2011.11.28 -
eTrust-Vet 37.0.9594 2011.11.29 -
F-Prot 4.6.5.141 2011.11.29 -
F-Secure 9.0.16440.0 2011.11.29 -
Fortinet 4.3.370.0 2011.11.29 -
GData 22 2011.11.29 -
Ikarus T3.1.1.109.0 2011.11.29 -
Jiangmin 13.0.900 2011.11.28 -
K7AntiVirus 9.119.5563 2011.11.29 -
Kaspersky 9.0.0.837 2011.11.29 -
McAfee 5.400.0.1158 2011.11.29 -
McAfee-GW-Edition 2010.1D 2011.11.29 -
Microsoft 1.7801 2011.11.29 -
NOD32 6668 2011.11.29 -
Norman 6.07.13 2011.11.29 -
nProtect 2011-11-29.01 2011.11.29 -
Panda 10.0.3.5 2011.11.29 -
PCTools 8.0.0.5 2011.11.29 -
Prevx 3.0 2011.11.29 -
Rising 23.86.01.02 2011.11.29 -
Sophos 4.71.0 2011.11.29 -
SUPERAntiSpyware 4.40.0.1006 2011.11.29 -
Symantec 20111.2.0.82 2011.11.29 -
TheHacker 6.7.0.1.350 2011.11.27 -
TrendMicro 9.500.0.1008 2011.11.29 -
TrendMicro-HouseCall 9.500.0.1008 2011.11.29 -
VBA32 3.12.16.4 2011.11.29 -
VIPRE 11175 2011.11.29 -
ViRobot 2011.11.29.4799 2011.11.29 -
VirusBuster 14.1.91.0 2011.11.29 -
Additional information
MD5 : 2e31b87c16ac0a4e98001b578ee5dad1
SHA1 : c3b49d5279ba7021cd22ab87c41e9e771b0458f2
SHA256: 74c0b5950641dd2d74f161ff8c8736489428db23a7d313df759f7a1be8767b22

[vyosek]

Soubor je cisty, takze jde o falesnou detekci, jeste mrknem po dalsi haveti ale

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

• Provedte aktualizaci
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

[jarek26]

takze posielm log:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verzia databázy: 8271

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29.11.2011 21:38:31
mbam-log-2011-11-29 (21-38-28).txt

Typ kontroly: Úplná kontrola (C:\|D:\|)
Objektov kontrolovaných: 185268
Uplynutý čas: 51 min, 30 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 4

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
c:\documents and settings\jaroslav\Desktop\bitdefender_total_security_2012_build_15-0-27-312_final_x86\box_bd2011_3.1\box_bd2011.exe (RiskWare.Tool.CK) -> No action taken.
c:\documents and settings\jaroslav\local settings\application data\promo.exe (PUP.Soge) -> No action taken.
d:\Kartinst.exe (Adware.Onlinegames) -> No action taken.
d:\Programy\ziacik\ziacik.exe (Spyware.Zbot) -> No action taken.

[vyosek]

Predpokladam, ze ten BitDefender neni z oficialnich stranek ale nejak "upraveny"

Ostatni soubory dejte na virustotal at vyloucime falesnou detekci

[jarek26]

bitdefender neni z oficialnych stranek a bol upravovany.dal som ich skenovat aj kasperskym a nic nenaslo a myslel som si ze kaspersky je dobry antivirak,preto mam len skusobnu dobu,lebo sa neviem rozhodnut aky si mam casom zakupit.analyzu posielam v skratke ak to nevadi,len ten zaklad kde a co naslo.:
File name:
ziacik.exe
Submission date:
2011-11-29 20:36:08 (UTC)
Current status:
finished
Result:
1/ 43 (2.3%)
McAfee-GW-Edition 2010.1D 2011.11.29 Heuristic.BehavesLike.Win32.ModifiedUPX.C!87

File name:
Kartinst.exe
Submission date:
2011-11-29 20:44:36 (UTC)
Current status:
finished
Result:
3/ 43 (7.0%)
Jiangmin 13.0.900 2011.11.28 SMS-Flooder.Ideknet.ev
K7AntiVirus 9.119.5563 2011.11.29 Adware
TheHacker 6.7.0.1.350 2011.11.27 Adware/EShoper.ba

File name:
promo.exe
Submission date:
2011-11-29 20:48:17 (UTC)
Current status:
finished
Result:
7/ 43 (16.3%)
Avast 6.0.1289.0 2011.11.29 Win32:PUP-gen [PUP]
AVG 10.0.0.1190 2011.11.29 AdInstaller.SoGe
DrWeb 5.0.2.03300 2011.11.29 Adware.Downware.87
Emsisoft 5.1.0.11 2011.11.29 Trojan.Win32.SoGeInstaller.AMN!A2
McAfee 5.400.0.1158 2011.11.29 Artemis!333BD14F32CF
McAfee-GW-Edition 2010.1D 2011.11.29 Artemis!333BD14F32CF
NOD32 6668 2011.11.29 a variant of Win32/SoGeInstaller.A

[vyosek]

Kasperky je jeden z nejkvalitnejsich antiviru, lepsi snad uz jen Norton, ale ten ma vetsi zatez systemu

ten ziacik.exe znate jinak ostatni smazat

[jarek26]

kdyz je to vse dekuji za radu i za vse.a ten ziacik je program pre deti na vyuku,ale ten vyrobca ma svoju stranku ale jine informace o spolocnosti ne.www.regino.sk
diky

[vyosek]

MBAM muzete odinstalovat nebo nechat na obcasny sken - v pripade nalezu velmi doporucuji dat sem log na posouzeni, at si neodstrelite neco legitimniho

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse