reštartuje sa mi PC

[bayaa]

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:23:10, on 26.8.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\sk-sk\msnappau.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\Winamp3\Studio.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\HiJackThis_v2\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\sk-sk\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\sk-sk\msntb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\sk-sk\msnappau.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4866165718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5382445984
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA6B763F-B6D0-4B21-AECD-29BA48CED80A}: NameServer = 195.146.132.58 195.146.128.60
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7564 bytes

[riffman]

zdravim

v logu nevidim nic skodliveho

stahnete a aplikujte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

spustte aplikaci pod uctem s administratorskym opravnenim, postavte na kafe, postupujte dle pokynu na obrazovce, behem skenu neklikejte do otevreneho okna programu; cela akce trva cca. 5-10 minut

behem skenovani nepropadejte panice, vas stroj muze byt restartovan

po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt, jeho obsah vlozte sem

[bayaa]

ComboFix 07-08-25.2 - "Bayaa" 2007-08-27 18:56:39.2 - NTFSx86 MINIMAL
Syst‚m Microsoft Windows XP Professional 5.1.2600.1.1250.1.1033.18.841 [GMT 2:00]


((((((((((((((((((((((((( Files Created from 2007-07-27 to 2007-08-27 )))))))))))))))))))))))))))))))


2007-08-26 23:12 <DIR> d-------- C:\Program Files\Crawler
2007-08-26 22:48 <DIR> d-------- C:\Program Files\PhotoFiltre
2007-08-26 21:51 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-25 23:29 <DIR> d-------- C:\Program Files\Zeallsoft
2007-08-25 21:16 <DIR> d-------- C:\Program Files\Face Smoother
2007-08-23 20:12 28,160 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-08-21 22:26 <DIR> d-------- C:\Program Files\Magic Photo Editor
2007-08-20 16:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sunbelt Software
2007-08-15 21:22 <DIR> d-------- C:\DOCUME~1\WALLDO~1\APPLIC~1\ICQLite
2007-08-13 21:35 35,132 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2007-08-13 21:34 130,048 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-08-13 21:34 1,872 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Nero Mp4 Codec.dat
2007-08-13 21:34 <DIR> d-------- C:\Program Files\Illustrate
2007-08-11 21:19 <DIR> d-------- C:\DOCUME~1\Walldo\APPLIC~1\ICQLite
2007-08-08 15:25 <DIR> d-------- C:\DOCUME~1\Walldo\APPLIC~1\Ahead
2007-08-05 21:40 <DIR> d-------- C:\DOCUME~1\WALLDO~1\APPLIC~1\Opera
2007-08-02 18:34 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-02 16:47 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-08-02 16:47 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-02 16:47 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-08-02 16:47 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-08-02 16:47 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-02 16:47 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-02 16:47 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-01 18:36 262,144 --a------ C:\WINDOWS\system32\config\SYSTEM~1\NtUser.dat
2007-08-01 18:34 <DIR> d-------- C:\kav
2007-07-30 20:13 <DIR> d-------- C:\DOCUME~1\Bayaa\APPLIC~1\ACD Systems
2007-07-30 20:12 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2007-07-29 19:40 <DIR> d-------- C:\Program Files\Microsoft AutoRoute
2007-07-29 19:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-29 19:19 <DIR> d-------- C:\DOCUME~1\WALLDO~1\APPLIC~1\Lavasoft
2007-07-27 19:58 <DIR> d-------- C:\DOCUME~1\WALLDO~1\APPLIC~1\CyberLink
2007-07-27 19:25 1,835,008 --ah----- C:\DOCUME~1\WALLDO~1\NTUSER.DAT
2007-07-27 19:25 <DIR> d-------- C:\DOCUME~1\WALLDO~1\APPLIC~1\Teleca
2007-07-27 19:25 <DIR> d-------- C:\DOCUME~1\WALLDO~1\APPLIC~1\Sunbelt Software
2007-07-27 19:25 <DIR> d-------- C:\DOCUME~1\WALLDO~1\APPLIC~1\Spyware Terminator


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-27 18:55 295992 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-08-27 16:37 --------- d-------- C:\Program Files\Spyware Terminator
2007-08-27 16:15 --------- d-------- C:\Program Files\lg_fwupdate
2007-08-27 12:49 --------- d-------- C:\DOCUME~1\Walldo\APPLIC~1\Spyware Terminator
2007-08-26 23:37 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\Spyware Terminator
2007-08-26 23:37 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\Spyware Terminator
2007-08-26 23:34 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
2007-08-26 23:30 138624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-08-26 20:23 --------- d-------- C:\Program Files\HiJackThis_v2
2007-08-20 16:09 --------- d-------- C:\Program Files\Sunbelt Software
2007-08-19 20:26 --------- d-------- C:\Program Files\Sony Ericsson
2007-08-15 21:22 --------- d-------- C:\Program Files\ICQLite
2007-08-09 12:29 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-05 21:39 --------- d-------- C:\Program Files\Opera
2007-08-03 23:09 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-01 18:42 --------- d-------- C:\Program Files\Kaspersky Lab
2007-07-29 12:33 5178 --a------ C:\WINDOWS\pchealth\HelpCtr\PackageStore\SkuStore.bin
2007-07-22 19:26 --------- d-------- C:\DOCUME~1\Walldo\APPLIC~1\My Games
2007-07-22 19:17 --------- d-------- C:\DOCUME~1\Walldo\APPLIC~1\Sunbelt Software
2007-07-22 15:01 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\My Games
2007-07-22 15:01 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\My Games
2007-07-22 14:40 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-07-22 14:38 --------- d-------- C:\Program Files\Firaxis Games
2007-07-22 13:30 --------- d-------- C:\Program Files\CCleaner
2007-07-22 11:47 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\Sunbelt Software
2007-07-22 11:47 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\Sunbelt Software
2007-07-21 21:38 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak
2007-07-21 18:01 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-07-19 19:12 --------- d--h----- C:\Program Files\WindowsUpdate
2007-07-19 11:00 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\CyberLink
2007-07-19 11:00 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\CyberLink
2007-07-19 10:56 --------- d-------- C:\Program Files\Kodak
2007-07-17 21:09 --------- d-------- C:\DOCUME~1\Walldo\APPLIC~1\Opera
2007-07-17 17:36 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\Opera
2007-07-17 17:36 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\Opera
2007-07-17 13:26 --------- d-------- C:\Program Files\Common Files\EasyInfo
2007-07-15 12:24 --------- d-------- C:\Program Files\Alwil Software
2007-07-15 11:28 --------- d-------- C:\Program Files\Ideal Browser Firefox
2007-07-15 11:22 --------- d-------- C:\DOCUME~1\Walldo\APPLIC~1\Talkback
2007-07-14 23:12 --------- d-------- C:\Program Files\MSN Apps
2007-07-14 22:57 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\ICQLite
2007-07-14 22:57 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\ICQLite
2007-07-14 21:23 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\OLYMPUS
2007-07-14 21:23 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\OLYMPUS
2007-07-14 21:15 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\WinRAR
2007-07-14 21:15 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\WinRAR
2007-07-14 21:10 --------- d-------- C:\Program Files\OLYMPUS
2007-07-14 21:05 --------- d-------- C:\Program Files\QuickTime
2007-07-14 21:04 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
2007-07-14 20:10 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\Talkback
2007-07-14 20:10 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\Talkback
2007-07-14 12:07 --------- d-------- C:\DOCUME~1\Walldo\APPLIC~1\WinRAR
2007-07-13 22:49 --------- d-------- C:\Program Files\EA GAMES
2007-07-13 21:12 --------- d-------- C:\Program Files\Common Files\DirectX
2007-07-13 20:40 --------- d-------- C:\Program Files\MAC
2007-07-13 20:40 --------- d-------- C:\Program Files\Classic PhoneTools
2007-07-13 20:40 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
2007-06-15 14:37 27376 --a------ C:\WINDOWS\system32\SBBD.exe
2007-06-09 19:39 45411 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-06-09 19:39 203264 --a------ C:\WINDOWS\system32\uxtheme.dll
2007-06-09 19:39 1934 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-06-08 18:43 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-06-07 19:55 53248 --a------ C:\WINDOWS\system32\unrar.dll
2007-06-07 19:27 0 -rahs---- C:\MSDOS.SYS
2007-06-07 19:27 0 -rahs---- C:\IO.SYS
2007-06-07 19:27 0 --a------ C:\CONFIG.SYS
2007-06-07 19:27 0 --------- C:\AUTOEXEC.BAT
2007-06-07 19:26 8738 --a------ C:\WINDOWS\pchealth\HelpCtr\Config\Cntstore.bin
2004-10-01 15:00 40960 --a------ C:\Program Files\Uninstall_CDS.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 10:58 C:\WINDOWS\RTHDCPL.exe]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-07-12 11:58]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2007-06-08 18:54]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-04-27 11:54]
"WinampAgent"="C:\Program Files\Winamp3\winampa.exe" [2002-07-23 18:58]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17]
"msnappau"="C:\Program Files\MSN Apps\Updater\01.02.3000.1001\sk-sk\msnappau.exe" [2004-08-13 17:41]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48]
"nwiz"="nwiz.exe" [2006-08-11 15:43 C:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-14 21:04]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-08-26 23:30]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-08-11 15:43]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-06-15 15:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 03:41]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 15:08]
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 10:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe -trayboot

R0 stwlfbus;stwlfbus;C:\WINDOWS\System32\DRIVERS\stwlfbus.sys
R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys
R3 st3wolf;st3wolf;C:\WINDOWS\System32\DRIVERS\st3wolf.sys
S1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys
S1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
S3 PSched;QoS Packet Scheduler;C:\WINDOWS\System32\DRIVERS\psched.sys
S4 MSWindows;Network Windows Service;"C:\WINDOWS\System32\urdvxc.exe" /service

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-27 18:58:14
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-27 18:58:34
C:\ComboFix-quarantined-files.txt ... 2007-08-27 18:58

--- E O F ---

[bayaa]

ComboFix 07-08-25.2 - "Bayaa" 2007-08-27 18:56:39.2 - NTFSx86 MINIMAL
Syst‚m Microsoft Windows XP Professional 5.1.2600.1.1250.1.1033.18.841 [GMT 2:00]


((((((((((((((((((((((((( Files Created from 2007-07-27 to 2007-08-27 )))))))))))))))))))))))))))))))


2007-08-26 23:12 <DIR> d-------- C:\Program Files\Crawler
2007-08-26 22:48 <DIR> d-------- C:\Program Files\PhotoFiltre
2007-08-26 21:51 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-25 23:29 <DIR> d-------- C:\Program Files\Zeallsoft
2007-08-25 21:16 <DIR> d-------- C:\Program Files\Face Smoother
2007-08-23 20:12 28,160 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-08-21 22:26 <DIR> d-------- C:\Program Files\Magic Photo Editor
2007-08-20 16:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sunbelt Software
2007-08-15 21:22 <DIR> d-------- C:\DOCUME~1\WALLDO~1\APPLIC~1\ICQLite
2007-08-13 21:35 35,132 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2007-08-13 21:34 130,048 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-08-13 21:34 1,872 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Nero Mp4 Codec.dat
2007-08-13 21:34 <DIR> d-------- C:\Program Files\Illustrate
2007-08-11 21:19 <DIR> d-------- C:\DOCUME~1\Walldo\APPLIC~1\ICQLite
2007-08-08 15:25 <DIR> d-------- C:\DOCUME~1\Walldo\APPLIC~1\Ahead
2007-08-05 21:40 <DIR> d-------- C:\DOCUME~1\WALLDO~1\APPLIC~1\Opera
2007-08-02 18:34 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-02 16:47 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-08-02 16:47 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-02 16:47 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-08-02 16:47 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-08-02 16:47 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-02 16:47 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-02 16:47 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-01 18:36 262,144 --a------ C:\WINDOWS\system32\config\SYSTEM~1\NtUser.dat
2007-08-01 18:34 <DIR> d-------- C:\kav
2007-07-30 20:13 <DIR> d-------- C:\DOCUME~1\Bayaa\APPLIC~1\ACD Systems
2007-07-30 20:12 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2007-07-29 19:40 <DIR> d-------- C:\Program Files\Microsoft AutoRoute
2007-07-29 19:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-29 19:19 <DIR> d-------- C:\DOCUME~1\WALLDO~1\APPLIC~1\Lavasoft
2007-07-27 19:58 <DIR> d-------- C:\DOCUME~1\WALLDO~1\APPLIC~1\CyberLink
2007-07-27 19:25 1,835,008 --ah----- C:\DOCUME~1\WALLDO~1\NTUSER.DAT
2007-07-27 19:25 <DIR> d-------- C:\DOCUME~1\WALLDO~1\APPLIC~1\Teleca
2007-07-27 19:25 <DIR> d-------- C:\DOCUME~1\WALLDO~1\APPLIC~1\Sunbelt Software
2007-07-27 19:25 <DIR> d-------- C:\DOCUME~1\WALLDO~1\APPLIC~1\Spyware Terminator


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-27 18:55 295992 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-08-27 16:37 --------- d-------- C:\Program Files\Spyware Terminator
2007-08-27 16:15 --------- d-------- C:\Program Files\lg_fwupdate
2007-08-27 12:49 --------- d-------- C:\DOCUME~1\Walldo\APPLIC~1\Spyware Terminator
2007-08-26 23:37 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\Spyware Terminator
2007-08-26 23:37 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\Spyware Terminator
2007-08-26 23:34 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
2007-08-26 23:30 138624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-08-26 20:23 --------- d-------- C:\Program Files\HiJackThis_v2
2007-08-20 16:09 --------- d-------- C:\Program Files\Sunbelt Software
2007-08-19 20:26 --------- d-------- C:\Program Files\Sony Ericsson
2007-08-15 21:22 --------- d-------- C:\Program Files\ICQLite
2007-08-09 12:29 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-05 21:39 --------- d-------- C:\Program Files\Opera
2007-08-03 23:09 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-01 18:42 --------- d-------- C:\Program Files\Kaspersky Lab
2007-07-29 12:33 5178 --a------ C:\WINDOWS\pchealth\HelpCtr\PackageStore\SkuStore.bin
2007-07-22 19:26 --------- d-------- C:\DOCUME~1\Walldo\APPLIC~1\My Games
2007-07-22 19:17 --------- d-------- C:\DOCUME~1\Walldo\APPLIC~1\Sunbelt Software
2007-07-22 15:01 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\My Games
2007-07-22 15:01 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\My Games
2007-07-22 14:40 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-07-22 14:38 --------- d-------- C:\Program Files\Firaxis Games
2007-07-22 13:30 --------- d-------- C:\Program Files\CCleaner
2007-07-22 11:47 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\Sunbelt Software
2007-07-22 11:47 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\Sunbelt Software
2007-07-21 21:38 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak
2007-07-21 18:01 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-07-19 19:12 --------- d--h----- C:\Program Files\WindowsUpdate
2007-07-19 11:00 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\CyberLink
2007-07-19 11:00 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\CyberLink
2007-07-19 10:56 --------- d-------- C:\Program Files\Kodak
2007-07-17 21:09 --------- d-------- C:\DOCUME~1\Walldo\APPLIC~1\Opera
2007-07-17 17:36 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\Opera
2007-07-17 17:36 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\Opera
2007-07-17 13:26 --------- d-------- C:\Program Files\Common Files\EasyInfo
2007-07-15 12:24 --------- d-------- C:\Program Files\Alwil Software
2007-07-15 11:28 --------- d-------- C:\Program Files\Ideal Browser Firefox
2007-07-15 11:22 --------- d-------- C:\DOCUME~1\Walldo\APPLIC~1\Talkback
2007-07-14 23:12 --------- d-------- C:\Program Files\MSN Apps
2007-07-14 22:57 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\ICQLite
2007-07-14 22:57 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\ICQLite
2007-07-14 21:23 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\OLYMPUS
2007-07-14 21:23 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\OLYMPUS
2007-07-14 21:15 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\WinRAR
2007-07-14 21:15 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\WinRAR
2007-07-14 21:10 --------- d-------- C:\Program Files\OLYMPUS
2007-07-14 21:05 --------- d-------- C:\Program Files\QuickTime
2007-07-14 21:04 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
2007-07-14 20:10 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\Talkback
2007-07-14 20:10 --------- d-------- C:\DOCUME~1\Bayaa\APPLIC~1\Talkback
2007-07-14 12:07 --------- d-------- C:\DOCUME~1\Walldo\APPLIC~1\WinRAR
2007-07-13 22:49 --------- d-------- C:\Program Files\EA GAMES
2007-07-13 21:12 --------- d-------- C:\Program Files\Common Files\DirectX
2007-07-13 20:40 --------- d-------- C:\Program Files\MAC
2007-07-13 20:40 --------- d-------- C:\Program Files\Classic PhoneTools
2007-07-13 20:40 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
2007-06-15 14:37 27376 --a------ C:\WINDOWS\system32\SBBD.exe
2007-06-09 19:39 45411 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-06-09 19:39 203264 --a------ C:\WINDOWS\system32\uxtheme.dll
2007-06-09 19:39 1934 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-06-08 18:43 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-06-07 19:55 53248 --a------ C:\WINDOWS\system32\unrar.dll
2007-06-07 19:27 0 -rahs---- C:\MSDOS.SYS
2007-06-07 19:27 0 -rahs---- C:\IO.SYS
2007-06-07 19:27 0 --a------ C:\CONFIG.SYS
2007-06-07 19:27 0 --------- C:\AUTOEXEC.BAT
2007-06-07 19:26 8738 --a------ C:\WINDOWS\pchealth\HelpCtr\Config\Cntstore.bin
2004-10-01 15:00 40960 --a------ C:\Program Files\Uninstall_CDS.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 10:58 C:\WINDOWS\RTHDCPL.exe]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-07-12 11:58]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2007-06-08 18:54]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-04-27 11:54]
"WinampAgent"="C:\Program Files\Winamp3\winampa.exe" [2002-07-23 18:58]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17]
"msnappau"="C:\Program Files\MSN Apps\Updater\01.02.3000.1001\sk-sk\msnappau.exe" [2004-08-13 17:41]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48]
"nwiz"="nwiz.exe" [2006-08-11 15:43 C:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-14 21:04]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-08-26 23:30]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-08-11 15:43]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-06-15 15:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 03:41]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 15:08]
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 10:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe -trayboot

R0 stwlfbus;stwlfbus;C:\WINDOWS\System32\DRIVERS\stwlfbus.sys
R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys
R3 st3wolf;st3wolf;C:\WINDOWS\System32\DRIVERS\st3wolf.sys
S1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys
S1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
S3 PSched;QoS Packet Scheduler;C:\WINDOWS\System32\DRIVERS\psched.sys
S4 MSWindows;Network Windows Service;"C:\WINDOWS\System32\urdvxc.exe" /service

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-27 18:58:14
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-27 18:58:34
C:\ComboFix-quarantined-files.txt ... 2007-08-27 18:58

--- E O F ---

[riffman]

v logu z Combofixu neni videt nic skodliveho

stahnete a aplikujte Deckard system scanner - http://www.geekstogo.com/forum/index.ph ... load&id=19
spustte aplikaci, potvrdte v okne OK; vas stroj bude skenovan;

behem skenu budete dotazan na instalaci hijackthis, potvrdte ji a nechte sken dale probihat

po ukonceni vam aplikace vytvori dva logy - zkopirujte sem jejich obsah...

v jednom z logu by mely byt zaznamenany chybova hlaseni win...

[bayaa]

Deckard's System Scanner v20070826.66
Run by Bayaa on 2007-08-27 19:16:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
37: 2007-08-27 17:16:32 UTC - RP37 - Deckard's System Scanner Restore Point
36: 2007-08-26 19:52:15 UTC - RP36 - ComboFix created restore point
35: 2007-08-24 15:07:49 UTC - RP35 - Kontrolný bod systému
34: 2007-08-23 11:12:20 UTC - RP34 - Removed Pro Evolution Soccer 6
33: 2007-08-22 13:14:43 UTC - RP33 - Kontrolný bod systému


-- First Restore Point --
1: 2007-07-25 09:04:31 UTC - RP1 - Kontrolný bod systému


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Bayaa.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:05, on 27.8.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\sk-sk\msnappau.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Winamp3\Studio.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Bayaa\Desktop\dss.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\sk-sk\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\sk-sk\msntb.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\sk-sk\msnappau.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4866165718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5382445984
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA6B763F-B6D0-4B21-AECD-29BA48CED80A}: NameServer = 195.146.132.58 195.146.128.60
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7545 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 stwlfbus - c:\windows\system32\drivers\stwlfbus.sys
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 sp_rsdrv2 (Spyware Terminator Driver 2) - c:\windows\system32\drivers\sp_rsdrv2.sys
R3 ltmodem5 (DeskPorte 56K Internal L) - c:\windows\system32\drivers\ltmdmnt.sys <Not Verified; LT; LT V.92 Data+Fax Modem Version 8.22>
R3 st3wolf - c:\windows\system32\drivers\st3wolf.sys

S3 catchme - c:\docume~1\bayaa\locals~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>

S4 MSWindows (Network Windows Service) - "c:\windows\system32\urdvxc.exe" /service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_81681849&REV_01\4&38D2602C&0&00E1
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_81681849&REV_01\4&38D2602C&0&00E1
Service:


-- Files created between 2007-07-27 and 2007-08-27 -----------------------------

2007-08-27 19:18:05 0 d-------- C:\Program Files\Trend Micro
2007-08-26 23:12:44 0 d-------- C:\Program Files\Crawler
2007-08-26 22:48:38 0 d-------- C:\Program Files\PhotoFiltre
2007-08-25 23:29:37 0 d-------- C:\Program Files\Zeallsoft
2007-08-25 21:16:51 0 d-------- C:\Program Files\Face Smoother
2007-08-22 17:36:08 0 d--hs---- C:\Documents and Settings\Bayaa\Recent
2007-08-21 22:26:15 0 d-------- C:\Program Files\Magic Photo Editor
2007-08-20 16:09:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2007-08-15 21:22:27 0 d-------- C:\Documents and Settings\Walldo333\Application Data\ICQLite
2007-08-13 21:35:41 35132 --a------ C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
2007-08-13 21:34:59 1872 --a------ C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Nero Mp4 Codec.dat
2007-08-13 21:34:59 130048 --a------ C:\WINDOWS\System32\SpoonUninstall.exe
2007-08-13 21:34:58 0 d-------- C:\Program Files\Illustrate
2007-08-12 22:48:29 0 d-------- C:\Documents and Settings\Walldo333\Application Data\Adobe
2007-08-12 22:28:05 0 d-------- C:\Documents and Settings\Walldo333\Application Data\Mozilla
2007-08-12 22:23:34 0 d-------- C:\Documents and Settings\Walldo333\Application Data\Macromedia
2007-08-11 21:19:02 0 d-------- C:\Documents and Settings\Walldo\Application Data\ICQLite
2007-08-08 15:25:30 0 d-------- C:\Documents and Settings\Walldo\Application Data\Ahead
2007-08-05 21:40:12 0 d-------- C:\Documents and Settings\Walldo333\Application Data\Opera
2007-08-02 18:34:08 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-01 18:34:44 0 d-------- C:\kav
2007-07-30 20:13:40 0 d-------- C:\Documents and Settings\Bayaa\Application Data\ACD Systems
2007-07-30 20:12:16 0 d-------- C:\Program Files\Common Files\ACD Systems
2007-07-29 21:26:28 0 d-------- C:\Documents and Settings\Bayaa\Application Data\Adobe
2007-07-29 19:40:33 0 d-------- C:\Program Files\Microsoft AutoRoute
2007-07-29 19:35:19 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-29 19:19:23 0 d-------- C:\Documents and Settings\Walldo333\Application Data\Lavasoft
2007-07-27 19:58:26 0 d-------- C:\Documents and Settings\Walldo333\Application Data\CyberLink
2007-07-27 19:25:37 0 d-------- C:\Documents and Settings\Walldo333\Application Data\Spyware Terminator
2007-07-27 19:25:36 0 d-------- C:\Documents and Settings\Walldo333\Application Data\Teleca
2007-07-27 19:25:36 0 d-------- C:\Documents and Settings\Walldo333\Application Data\Sunbelt Software
2007-07-27 19:25:29 0 d-------- C:\Documents and Settings\Walldo333\Application Data\Identities
2007-07-27 19:25:18 0 d--h----- C:\Documents and Settings\Walldo333\Templates
2007-07-27 19:25:18 0 dr------- C:\Documents and Settings\Walldo333\Start Menu
2007-07-27 19:25:18 0 dr-h----- C:\Documents and Settings\Walldo333\SendTo
2007-07-27 19:25:18 0 d--hs---- C:\Documents and Settings\Walldo333\Recent
2007-07-27 19:25:18 0 d--h----- C:\Documents and Settings\Walldo333\PrintHood
2007-07-27 19:25:18 1835008 --ah----- C:\Documents and Settings\Walldo333\NTUSER.DAT
2007-07-27 19:25:18 0 d--h----- C:\Documents and Settings\Walldo333\NetHood
2007-07-27 19:25:18 0 d---s---- C:\Documents and Settings\Walldo333\My Documents
2007-07-27 19:25:18 0 d--h----- C:\Documents and Settings\Walldo333\Local Settings
2007-07-27 19:25:18 0 d---s---- C:\Documents and Settings\Walldo333\Favorites
2007-07-27 19:25:18 0 d-------- C:\Documents and Settings\Walldo333\Desktop
2007-07-27 19:25:18 0 d---s---- C:\Documents and Settings\Walldo333\Cookies
2007-07-27 19:25:18 0 dr-h----- C:\Documents and Settings\Walldo333\Application Data
2007-07-27 19:25:18 0 d---s---- C:\Documents and Settings\Walldo333\Application Data\Microsoft


-- Find3M Report ---------------------------------------------------------------

2007-08-27 19:00:19 0 d-------- C:\Program Files\lg_fwupdate
2007-08-27 16:37:18 0 d-------- C:\Program Files\Spyware Terminator
2007-08-26 23:37:20 0 d-------- C:\Documents and Settings\Bayaa\Application Data\Spyware Terminator
2007-08-26 20:23:05 0 d-------- C:\Program Files\HiJackThis_v2
2007-08-20 16:09:39 0 d-------- C:\Program Files\Sunbelt Software
2007-08-19 20:26:43 0 d-------- C:\Program Files\Sony Ericsson
2007-08-15 21:22:27 0 d-------- C:\Program Files\ICQLite
2007-08-09 12:29:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-05 21:39:56 0 d-------- C:\Program Files\Opera
2007-08-01 18:42:29 0 d-------- C:\Program Files\Kaspersky Lab
2007-07-30 20:12:16 0 d-------- C:\Program Files\Common Files
2007-07-22 15:01:10 0 d-------- C:\Documents and Settings\Bayaa\Application Data\My Games
2007-07-22 14:38:22 0 d-------- C:\Program Files\Firaxis Games
2007-07-22 13:30:30 0 d-------- C:\Program Files\CCleaner
2007-07-22 11:50:31 0 --a------ C:\WINDOWS\System32\SBRC.dat
2007-07-22 11:50:31 0 --a------ C:\WINDOWS\System32\SBFC.dat
2007-07-22 11:47:59 0 d-------- C:\Documents and Settings\Bayaa\Application Data\Sunbelt Software
2007-07-19 19:12:23 0 d--h----- C:\Program Files\WindowsUpdate
2007-07-19 11:00:15 0 d-------- C:\Documents and Settings\Bayaa\Application Data\CyberLink
2007-07-19 10:56:52 0 d-------- C:\Program Files\Kodak
2007-07-17 17:36:33 0 d-------- C:\Documents and Settings\Bayaa\Application Data\Opera
2007-07-17 13:26:20 0 d-------- C:\Program Files\Common Files\EasyInfo
2007-07-15 12:24:28 0 d-------- C:\Program Files\Alwil Software
2007-07-15 11:28:48 0 d-------- C:\Program Files\Ideal Browser Firefox
2007-07-15 11:22:07 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-14 23:12:49 0 d-------- C:\Program Files\MSN Apps
2007-07-14 22:57:16 0 d-------- C:\Documents and Settings\Bayaa\Application Data\ICQLite
2007-07-14 21:23:34 0 d-------- C:\Documents and Settings\Bayaa\Application Data\OLYMPUS
2007-07-14 21:15:31 0 d-------- C:\Documents and Settings\Bayaa\Application Data\WinRAR
2007-07-14 21:10:57 0 d-------- C:\Program Files\OLYMPUS
2007-07-14 21:05:25 0 d-------- C:\Program Files\QuickTime
2007-07-14 20:10:16 0 d-------- C:\Documents and Settings\Bayaa\Application Data\Talkback
2007-07-14 20:10:14 180 --a------ C:\Documents and Settings\Bayaa\Application Data\defaults.ini
2007-07-14 20:10:14 24 --a------ C:\Documents and Settings\Bayaa\Application Data\components.ini
2007-07-14 20:10:14 65 --a------ C:\Documents and Settings\Bayaa\Application Data\compatibility.ini
2007-07-14 20:10:12 0 d-------- C:\Documents and Settings\Bayaa\Application Data\Mozilla
2007-07-14 20:07:38 0 d-------- C:\Documents and Settings\Bayaa\Application Data\AVG7
2007-07-13 22:49:52 0 d-------- C:\Program Files\EA GAMES
2007-07-13 21:12:46 0 d-------- C:\Program Files\Common Files\DirectX
2007-07-13 20:40:51 0 d-------- C:\Program Files\Classic PhoneTools
2007-07-13 20:40:28 0 d-------- C:\Program Files\MAC
2007-07-13 19:55:59 4212 ---h----- C:\WINDOWS\System32\zllictbl.dat
2007-06-09 19:39:22 203264 --a------ C:\WINDOWS\System32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-09 19:39:22 45411 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-06-09 19:39:22 1934 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-06-08 18:43:25 98304 --a------ C:\WINDOWS\System32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2007-06-07 21:14:06 62 --ahs---- C:\Documents and Settings\Bayaa\Application Data\desktop.ini
2007-06-07 19:55:41 53248 --a------ C:\WINDOWS\System32\unrar.dll
2007-06-07 19:27:04 0 -rahs---- C:\MSDOS.SYS
2007-06-07 19:27:04 0 -rahs---- C:\IO.SYS
2007-06-07 19:27:04 0 --a------ C:\CONFIG.SYS
2007-06-07 19:27:04 0 -----n--- C:\AUTOEXEC.BAT
2007-06-07 19:24:19 21640 --a------ C:\WINDOWS\System32\emptyregdb.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [12.09.2006 10:58 C:\WINDOWS\RTHDCPL.exe]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [02.11.2004 20:24]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [12.07.2006 11:58]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [08.06.2007 18:54]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [27.04.2003 11:54]
"WinampAgent"="C:\Program Files\Winamp3\winampa.exe" [23.07.2002 18:58]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26.10.2005 16:17]
"msnappau"="C:\Program Files\MSN Apps\Updater\01.02.3000.1001\sk-sk\msnappau.exe" [13.08.2004 17:41]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [15.07.2005 23:48]
"nwiz"="nwiz.exe" [11.08.2006 15:43 C:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [14.07.2007 21:04]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [26.08.2007 23:30]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [11.08.2006 15:43]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [28.07.2007 00:03]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [15.06.2007 15:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [29.08.2002 03:41]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [20.08.2002 15:08]
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [21.04.2004 10:26]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23.9.2005 22:05:26]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule




-- End of Deckard's System Scanner: finished at 2007-08-27 19:20:29 ------------

[bayaa]

Deckard's System Scanner v20070826.66
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Systém Microsoft Windows XP Professional (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz
CPU 1: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 1023.23 MiB / 562.57 MiB
Pagefile Memory (total/avail): 2450.38 MiB / 1971.28 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1981.04 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 146.48 GiB total, 118.23 GiB free.
D: is Fixed (NTFS) - 151.6 GiB total, 56.15 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - ST3320620AS - 298.09 GiB - 2 partitions
\PARTITION0 (bootable) - Inštalovateľný systém súborov - 146.48 GiB - C:
\PARTITION1 - Inštalovateľný systém súborov - 151.6 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Bayaa\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=VAS-VMJ985P67JH
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Bayaa
LOGONSERVER=\\VAS-VMJ985P67JH
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Bayaa\LOCALS~1\Temp
TMP=C:\DOCUME~1\Bayaa\LOCALS~1\Temp
USERDOMAIN=VAS-VMJ985P67JH
USERNAME=Bayaa
USERPROFILE=C:\Documents and Settings\Bayaa
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Walldo (admin)
Bayaa (admin)
Walldo333 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> D:\hry\age3\Uninstall AoE3_sK.exe
--> D:\hry\age3\Uninstall AoE3W_sK.exe
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Civilization IV SK --> C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Odinštalovať Civ4_SK.exe
Classic PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\Setup.exe" -l0x5 ControlPanel
Crawler Toolbar with Web Security Guard --> C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe uninst
DAEMON Tools --> MsiExec.exe /I{7A27AE24-F5B8-4ABC-B3DA-AB57BC7309FB}
dBpowerAMP Music Converter --> "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
dBpowerAMP Nero Mp4 Codec --> "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Nero Mp4 Codec.dat
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
EA SPORTS online 2007 --> C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
EW : Cossacks --> C:\WINDOWS\uncsetup.exe
Face Smoother 1.17 --> "C:\Program Files\Face Smoother\unins000.exe"
FIFA 07 --> D:\hry\Fifa2007\EAUninstall.exe
FunPhotor 5.0 --> "C:\Program Files\Zeallsoft\FunPhotor\unins000.exe"
GameSpy Arcade --> D:\hry\batl\UNWISE.EXE D:\hry\batl\INSTALL.LOG
Google Gmail Notifier --> "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hitman 2: Silent Assassin --> D:\hry\HITMAN~1\uninstall.exe
ICQ 5.1 --> C:\Program Files\ICQLite\ICQLiteUninstall.EXE
ImageMixer VCD/DVD2 for OLYMPUS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}\Setup.exe" -l0x9 UNINSTALL
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
Intel(R) Graphics Media Accelerator Driver --> C:\WINDOWS\System32\igxpun.exe -uninstall
LG ODD Auto Firmware Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe"
MAC - Microcom Advanced Configurator --> "C:\Program Files\MAC\unins000.exe"
Magic Photo Editor 3.95 --> "C:\Program Files\Magic Photo Editor\unins000.exe"
MotoGP URT 3 --> "C:\hry\MotoGP URT 3\unins000.exe"
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 7.5 --> MsiExec.exe /I{9C8EBF76-03EE-11DA-BFBD-00065BBDC0B5}
MSN Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\sk-sk\mtbs.exe c
Multimedia Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Need for Speed Underground 2 --> C:\Program Files\EA GAMES\Need for Speed Underground 2\EAUninstall.exe
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
OLYMPUS Master --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1033 /zUNINSTALL
Opera 9.21 --> MsiExec.exe /X{39619863-8A11-4B60-A166-E6747C986EBE}
PhotoFiltre --> "C:\Program Files\PhotoFiltre\Uninst.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x1b -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Sony Ericsson PC Suite 1.20.173 --> MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794}
Sony Ericsson Themes Creator 1.80 --> C:\Program Files\Sony Ericsson\Themes Creator\Uninstall.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Terminator --> "C:\Program Files\Spyware Terminator\unins000.exe"
Stalin Subway 2 --> "D:\hry\Stalin Subway 2\unins000.exe"
Sunbelt Kerio Personal Firewall --> MsiExec.exe /X{E659E0EE-10E6-49B7-8696-60F38D0EB174}
Winamp3 (remove only) --> C:\Program Files\Winamp3\uninst-wa3.EXE
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type375 / Error
Event Submitted/Written: 08/27/2007 06:55:23 PM
Event ID/Source: 8193 / VSS
Event Description:
Chyba služby Tieňová kópia zväzku: pri volaní funkcie CoCreateInstance sa vyskytla neočakávaná chyba. hr= 0x80040206.

Event Record #/Type374 / Error
Event Submitted/Written: 08/27/2007 06:55:23 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type373 / Error
Event Submitted/Written: 08/24/2007 09:24:22 PM
Event ID/Source: 1000 / Age of Empires 3
Event Description:
age3.exe4.105.919.3236age3.exe4.105.919.3236000c8280

Event Record #/Type366 / Error
Event Submitted/Written: 08/19/2007 09:42:36 PM
Event ID/Source: 1000 / Application Error
Event Description:
Zlyhanie aplikácie themescreator.exe, verzia 1.80.0.2, zlyhanie modulu themescreator.exe, verzia 1.80.0.2, adresa zlyhania 0x00028cbb.

Event Record #/Type365 / Error
Event Submitted/Written: 08/19/2007 09:42:16 PM
Event ID/Source: 1000 / Application Error
Event Description:
Zlyhanie aplikácie themescreator.exe, verzia 1.80.0.2, zlyhanie modulu themescreator.exe, verzia 1.80.0.2, adresa zlyhania 0x00028cbb.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1345 / Error
Event Submitted/Written: 08/27/2007 06:58:52 PM
Event ID/Source: 10005 / DCOM
Event Description:
Server DCOM zistil chybu %%1084 pri pokuse spustiť službu EventSystem s argumentmi
potrebnú na spustenie servera:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type1344 / Error
Event Submitted/Written: 08/27/2007 06:58:32 PM
Event ID/Source: 10005 / DCOM
Event Description:
Server DCOM zistil chybu %%1084 pri pokuse spustiť službu netman s argumentmi
potrebnú na spustenie servera:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type1343 / Error
Event Submitted/Written: 08/27/2007 06:56:45 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
Aavmker4
aswTdi
Fips
IPSec
khips
MRxSmb
NetBIOS
NetBT
Processor
RasAcd
Rdbss
sp_rsdrv2
Tcpip

Event Record #/Type1342 / Error
Event Submitted/Written: 08/27/2007 06:56:45 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Spustenie služby Spyware Terminator Driver 2, od ktorej závisí služba Spyware Terminator Realtime Shield Service, zlyhalo kvôli nasledujúcej chybe:
%%31

Event Record #/Type1341 / Error
Event Submitted/Written: 08/27/2007 06:56:45 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Spustenie služby IPSEC driver, od ktorej závisí služba IPSEC Services, zlyhalo kvôli nasledujúcej chybe:
%%31



-- End of Deckard's System Scanner: finished at 2007-08-27 19:20:29 ------------

[riffman]

c:\windows\system32\urdvxc.exe otestujte na www.virustotal.com/cs/

(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko send; vysledek sem vlozte)

themescreator.exe znate?

[bayaa]

no asi som blondina ale ten subor tam teda najst naozaj neviem,nevidim ho tam.. , a ano themescreator je program kde robim temy na mobil

[riffman]

tak si dame tradicni skener MWAV - odkaz k nalezeni v mem podpisu

[bayaa]

Objekt "2antispyware Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "savenow Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Soubor C:\Documents and Settings\Walldo\Local Settings\Application Data\Microsoft\CD Burning\IMMXPC-FIFA07\AutoRun.exe je infikovaný virem Exe.Corrupted !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Documents and Settings\Walldo\Local Settings\Application Data\Microsoft\CD Burning\IMMXPC-FIFA07\CommonEASO\Data\EASO\ATLJabber.exe je infikovaný virem Exe.Corrupted !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Documents and Settings\Walldo\Local Settings\Application Data\Microsoft\CD Burning\IMMXPC-FIFA07\CommonEASO\Data\EASO\EASOUNInstaller.exe je infikovaný virem Exe.Corrupted !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Documents and Settings\Walldo\Local Settings\Application Data\Microsoft\CD Burning\IMMXPC-FIFA07\CommonEASO\Data\EASO\SportsWrapper.exe je infikovaný virem Exe.Corrupted !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Documents and Settings\Walldo\Local Settings\Application Data\Microsoft\CD Burning\IMMXPC-FIFA07\CommonEASO\EASOInstaller.exe je infikovaný virem Exe.Corrupted !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Documents and Settings\Walldo\Local Settings\Application Data\Microsoft\CD Burning\IMMXPC-FIFA07\Crack\fifa07.exe je infikovaný virem Exe.Corrupted !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Documents and Settings\Walldo\Local Settings\Application Data\Microsoft\CD Burning\IMMXPC-FIFA07\DIAG.EXE je infikovaný virem Exe.Corrupted !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Documents and Settings\Walldo\Local Settings\Application Data\Microsoft\CD Burning\IMMXPC-FIFA07\DirectX\dxsetup.exe je infikovaný virem Exe.Corrupted !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Documents and Settings\Walldo\Local Settings\Application Data\Microsoft\CD Burning\IMMXPC-FIFA07\eauninstall.exe je infikovaný virem Exe.Corrupted !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Documents and Settings\Walldo\Local Settings\Application Data\Microsoft\CD Burning\IMMXPC-FIFA07\FIFA07.exe je infikovaný virem Exe.Corrupted !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Documents and Settings\Walldo\Local Settings\Application Data\Microsoft\CD Burning\IMMXPC-FIFA07\Macromedia\Shockwave_Installer_Full.exe je infikovaný virem Exe.Corrupted !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Documents and Settings\Walldo\Local Settings\Application Data\Microsoft\CD Burning\IMMXPC-FIFA07\Support\EasyInfo\EasyInfo.exe je infikovaný virem Exe.Corrupted !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Documents and Settings\Walldo\Local Settings\Application Data\Microsoft\CD Burning\IMMXPC-FIFA07\Support\EReg.exe je infikovaný virem Exe.Corrupted !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Documents and Settings\Walldo\Local Settings\Application Data\Microsoft\CD Burning\IMMXPC-FIFA07\Support\FIFA 07_code.exe je infikovaný virem Exe.Corrupted !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Documents and Settings\Walldo\Local Settings\Application Data\Microsoft\CD Burning\IMMXPC-FIFA07\Support\FIFA 07_uninst.exe je infikovaný virem Exe.Corrupted !! Provedené akce: Nic nebylo provedeno.
Soubor C:\System Volume Information\_restore{7D5E655A-F74B-40BF-B4A1-94592BB900E6}\RP32\A0016796.exe je infikovaný virem Exe.Corrupted !! Provedené akce: Nic nebylo provedeno.

[bayaa]

Brat sa hral hru a PC sa vyplo, doslova to slo pocut... Stalo sa to uz parkrat, hoci je pc aktivny, tak sa zrazu vypne. Pozerala som nastavenia, nenasla som nic zakerne, PC sa neda nijak prebudit, ide to iba tvrdym resetom... Pozriete mi prosim, ci nevidite nejaky virus?


Logfile of random's system information tool 1.09 (written by random/random)
Run by admin at 2012-06-17 10:38:06
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 140 GB (64%) free of 220 GB
Total RAM: 8191 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:38:41, on 17. 6. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT3072253
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Toolbar Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9052 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE 0x2f0
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe"
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
"C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll", saHooker_Initialize_and_Wait
"C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\x64\saHook.dll", saHooker_Initialize_and_Wait
"C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll", saHooker_Initialize_and_Wait
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session
"taskhost.exe"
taskeng.exe {895895BA-BD80-4826-A28D-4A1067A219F0}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
"C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe"
"C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxAggressiveHistoryURLProvider/Aggressive/OmniboxDisallowInlineHQP/Standard/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/11/Prerender/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warm_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="3512.0.1988047026\382255050" /prefetch:3
"C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxAggressiveHistoryURLProvider/Aggressive/OmniboxDisallowInlineHQP/Standard/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/11/Prerender/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warm_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="3512.1.1285464959\2085799752" /prefetch:3
"C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxAggressiveHistoryURLProvider/Aggressive/OmniboxDisallowInlineHQP/Standard/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/11/Prerender/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warm_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="3512.2.117699300\601326843" /prefetch:3
"C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxAggressiveHistoryURLProvider/Aggressive/OmniboxDisallowInlineHQP/Standard/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/11/Prerender/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warm_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="3512.3.99094849\1119120093" /prefetch:3
"C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll" --lang=sk --channel="3512.4.553234461\849493229" /prefetch:4
"C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3512.5.1226574218\830113765" /prefetch:12
"C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxAggressiveHistoryURLProvider/Aggressive/OmniboxDisallowInlineHQP/Standard/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/11/PepperFlash/DisableByDefault/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warm_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="3512.6.260228724\1965707784" /prefetch:3
C:\Windows\system32\rundll32.exe "C:\Users\admin\AppData\Local\Google\Chrome\APPLIC~1\190108~1.56\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\admin\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll" --lang=sk --channel="3512.8.1787110880\31609881" --flash-broker=3164 /prefetch:4
"c:\PROGRA~2\mcafee\SITEAD~1\saui.exe" -Embedding
"C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/HttpPipeliningCompatibility/disable_test/IdleSktToImpact/idle_timeout_10/Instant/Hidden/NetworkConnectivity/disable_network_stats/OmniboxAggressiveHistoryURLProvider/Aggressive/OmniboxDisallowInlineHQP/Standard/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/11/PepperFlash/DisableByDefault/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warm_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="3512.9.601241314\419334140" /prefetch:3
"C:\Users\admin\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1403328668-4227298693-3568314324-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1403328668-4227298693-3568314324-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-03-07 1211776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2012-02-17 348592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll [2012-03-19 1937736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
uTorrentControl2 Toolbar - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2012-02-17 281600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2012-02-17 348592]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-03-07 1211776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2012-02-17 281600]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll [2012-03-19 1937736]
{687578b9-7132-4a7a-80e4-30ee31099e03} - uTorrentControl2 Toolbar - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll [2011-05-09 176936]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"=C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [2012-04-26 3111744]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2012-05-26 880496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-16 116648]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2009-10-28 2763776]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2008-09-12 36352]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-07 4241512]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-06-17 10:38:06 ----D---- C:\rsit
2012-06-17 10:38:06 ----D---- C:\Program Files\trend micro
2012-06-13 23:49:57 ----A---- C:\Windows\SYSWOW64\url.dll
2012-06-13 23:49:57 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-06-13 23:49:57 ----A---- C:\Windows\system32\url.dll
2012-06-13 23:49:57 ----A---- C:\Windows\system32\mshtmled.dll
2012-06-13 23:49:56 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-06-13 23:49:56 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-06-13 23:49:56 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-06-13 23:49:56 ----A---- C:\Windows\system32\urlmon.dll
2012-06-13 23:49:56 ----A---- C:\Windows\system32\ieui.dll
2012-06-13 23:49:56 ----A---- C:\Windows\system32\iertutil.dll
2012-06-13 23:49:55 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-06-13 23:49:55 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-06-13 23:49:55 ----A---- C:\Windows\system32\wininet.dll
2012-06-13 23:49:55 ----A---- C:\Windows\system32\ieUnatt.exe
2012-06-13 23:49:54 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-06-13 23:49:54 ----A---- C:\Windows\system32\jsproxy.dll
2012-06-13 23:49:54 ----A---- C:\Windows\system32\jscript9.dll
2012-06-13 23:49:53 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-06-13 23:49:53 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-06-13 23:49:53 ----A---- C:\Windows\system32\jscript.dll
2012-06-13 23:49:52 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-06-13 23:49:51 ----A---- C:\Windows\system32\mshtml.dll
2012-06-13 23:49:50 ----A---- C:\Windows\system32\ieframe.dll
2012-06-13 23:49:49 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-06-13 21:01:04 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-06-13 21:01:04 ----A---- C:\Windows\system32\rdpwsx.dll
2012-06-13 21:01:04 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-06-13 21:01:00 ----A---- C:\Windows\system32\profsvc.dll
2012-06-13 21:00:56 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-06-13 21:00:54 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-06-13 21:00:53 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-06-13 21:00:51 ----A---- C:\Windows\system32\win32k.sys
2012-06-13 21:00:50 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-06-13 21:00:49 ----A---- C:\Windows\system32\msi.dll
2012-06-13 21:00:48 ----A---- C:\Windows\SYSWOW64\msi.dll
2012-06-13 21:00:44 ----A---- C:\Windows\system32\crypt32.dll
2012-06-13 21:00:43 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2012-06-13 21:00:43 ----A---- C:\Windows\system32\cryptsvc.dll
2012-06-13 21:00:42 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2012-06-13 21:00:42 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2012-06-13 21:00:42 ----A---- C:\Windows\system32\cryptnet.dll
2012-06-13 15:44:44 ----A---- C:\Windows\system32\drivers\aswSP.sys
2012-06-13 15:44:44 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2012-06-13 15:44:42 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2012-06-13 15:44:42 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2012-06-13 15:44:41 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2012-06-13 15:44:39 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2012-06-13 15:44:39 ----A---- C:\Windows\system32\aswBoot.exe
2012-06-13 15:44:13 ----A---- C:\Windows\avastSS.scr
2012-06-13 15:44:12 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2012-06-13 15:44:06 ----D---- C:\ProgramData\AVAST Software
2012-06-13 15:44:06 ----D---- C:\Program Files\AVAST Software
2012-06-08 19:53:42 ----SHD---- C:\ProgramData\DSS
2012-06-08 19:52:24 ----D---- C:\Program Files (x86)\Electronic Arts
2012-05-27 11:09:49 ----D---- C:\ProgramData\DAEMON Tools Lite
2012-05-26 19:20:02 ----D---- C:\Users\admin\AppData\Roaming\Mozilla
2012-05-26 19:20:01 ----D---- C:\Program Files (x86)\Conduit
2012-05-26 19:20:00 ----D---- C:\Program Files (x86)\uTorrentControl2
2012-05-26 19:19:43 ----D---- C:\Program Files (x86)\uTorrent
2012-05-26 19:19:23 ----D---- C:\Users\admin\AppData\Roaming\uTorrent
2012-05-25 22:37:11 ----D---- C:\Users\admin\AppData\Roaming\PhotoFiltre 7
2012-05-25 22:37:09 ----D---- C:\Program Files (x86)\PhotoFiltre 7

======List of files/folders modified in the last 1 month======

2012-06-17 10:38:35 ----D---- C:\Windows\Temp
2012-06-17 10:38:06 ----RD---- C:\Program Files
2012-06-17 10:37:56 ----D---- C:\Windows\System32
2012-06-17 10:37:56 ----D---- C:\Windows\inf
2012-06-17 10:37:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-06-16 23:46:49 ----D---- C:\Windows\system32\config
2012-06-16 20:42:30 ----RSD---- C:\Windows\assembly
2012-06-16 20:42:30 ----D---- C:\Windows\Microsoft.NET
2012-06-14 18:33:08 ----D---- C:\Windows\winsxs
2012-06-14 18:31:50 ----D---- C:\Windows\SysWOW64
2012-06-14 18:31:50 ----D---- C:\Windows\system32\drivers
2012-06-14 18:31:49 ----D---- C:\Windows\SYSWOW64\sk-SK
2012-06-14 18:31:49 ----D---- C:\Windows\system32\sk-SK
2012-06-14 18:31:48 ----D---- C:\Windows\SYSWOW64\migration
2012-06-14 18:31:48 ----D---- C:\Windows\system32\migration
2012-06-14 18:31:48 ----D---- C:\Program Files\Internet Explorer
2012-06-14 18:31:48 ----D---- C:\Program Files (x86)\Internet Explorer
2012-06-13 23:55:11 ----D---- C:\Windows\system32\catroot2
2012-06-13 23:55:08 ----SHD---- C:\Windows\Installer
2012-06-13 23:53:10 ----A---- C:\Windows\system32\MRT.exe
2012-06-13 23:52:15 ----D---- C:\Windows\Prefetch
2012-06-13 23:50:06 ----D---- C:\Windows\system32\catroot
2012-06-13 15:45:26 ----D---- C:\Windows\system32\Tasks
2012-06-13 15:44:13 ----D---- C:\Windows
2012-06-13 15:44:06 ----HD---- C:\ProgramData
2012-06-10 15:40:14 ----SHD---- C:\System Volume Information
2012-06-09 18:11:43 ----SD---- C:\Users\admin\AppData\Roaming\Microsoft
2012-06-08 19:52:36 ----D---- C:\Windows\system32\LogFiles
2012-06-08 19:52:30 ----D---- C:\Users\admin\AppData\Roaming\Adobe
2012-06-08 19:52:24 ----RD---- C:\Program Files (x86)
2012-05-27 22:47:37 ----D---- C:\Windows\system32\wdi
2012-05-20 14:17:37 ----D---- C:\Program Files (x86)\McAfee
2012-05-19 22:00:04 ----D---- C:\Windows\rescache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2009-08-04 13440]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-03-07 53080]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-03-07 819032]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-03-07 337240]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-03-07 59224]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-16 283200]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-03-07 24408]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-03-07 69976]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
R3 NVNET;NVIDIA nForce Ethernet Driver; C:\Windows\system32\DRIVERS\nvmf6264.sys [2010-08-12 350952]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-11-12 29800]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-10-21 1270784]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-07 44768]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-01-13 103440]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-02-29 889664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 257696]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-05-16 1255736]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]

-----------------EOF-----------------

[motji]

Dobrý večer
Udělejte sken podle návodu, nic nemažte a vložte zde log
http://forum.viry.cz/viewtopic.php?f=29&t=115222

[bayaa]

Malwarebytes Anti-Malware (Skúšobná verzia) 1.61.0.1400
www.malwarebytes.org

Verzia databázy: v2012.06.29.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
admin :: AMD_PHENOM [administrátor]

Ochrana: Zapnuté

29. 6. 2012 19:33:24
mbam-log-2012-06-29 (19-35-54).txt

Typ kontroly: Rýchla kontrola
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 244936
Uplynutý čas: 1 min, 58 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 1
C:\Users\admin\Downloads\SoftonicDownloader_for_boinc.exe (PUP.ToolbarDownloader) -> Žiadna úloha nevykonaná.

(koniec)

[motji]

Ten soubor znáte? Otestujte ho na www.virustotal.com