Rozosielam spam

Zpráva

knox · #31 Příspěvek od **knox** » 24 pro 2009 00:13

DrWeb (co s tym, resp. co dalej:) :
EvID4226Patch.exe;C:\Documents and Settings\Admin\Desktop\tr;Program.Tcpip;;
EvID4226Patch.exe;C:\Program Files\uTorrent;Program.Tcpip;;
A0191903.exe\32788R22FWJFW\List-C.bat;C:\System Volume Information\_restore{1562B327-B575-4A09-B3D2-D468A9E1BB5A}\RP1198\A0191903.exe;Pravdepodobne BATCH.Virus;;
A0191903.exe;C:\System Volume Information\_restore{1562B327-B575-4A09-B3D2-D468A9E1BB5A}\RP1198;Archív obsahuje infikované objekty;Presunuté;
A0191914.bat;C:\System Volume Information\_restore{1562B327-B575-4A09-B3D2-D468A9E1BB5A}\RP1198;Pravdepodobne BATCH.Virus;;
A0192000.bat;C:\System Volume Information\_restore{1562B327-B575-4A09-B3D2-D468A9E1BB5A}\RP1198;Pravdepodobne BATCH.Virus;;
A0192125.bat;C:\System Volume Information\_restore{1562B327-B575-4A09-B3D2-D468A9E1BB5A}\RP1198;Pravdepodobne BATCH.Virus;;
A0192195.bat;C:\System Volume Information\_restore{1562B327-B575-4A09-B3D2-D468A9E1BB5A}\RP1198;Pravdepodobne BATCH.Virus;;
A0192373.bat;C:\System Volume Information\_restore{1562B327-B575-4A09-B3D2-D468A9E1BB5A}\RP1198;Pravdepodobne BATCH.Virus;;
A0192573.sys;C:\System Volume Information\_restore{1562B327-B575-4A09-B3D2-D468A9E1BB5A}\RP1199;Trojan.Packed.600;Vymazané;
A0192583.exe\32788R22FWJFW\List-C.bat;C:\System Volume Information\_restore{1562B327-B575-4A09-B3D2-D468A9E1BB5A}\RP1199\A0192583.exe;Pravdepodobne BATCH.Virus;;
A0192583.exe;C:\System Volume Information\_restore{1562B327-B575-4A09-B3D2-D468A9E1BB5A}\RP1199;Archív obsahuje infikované objekty;Presunuté;
A0192594.bat;C:\System Volume Information\_restore{1562B327-B575-4A09-B3D2-D468A9E1BB5A}\RP1199;Pravdepodobne BATCH.Virus;;
A0192679.bat;C:\System Volume Information\_restore{1562B327-B575-4A09-B3D2-D468A9E1BB5A}\RP1199;Pravdepodobne BATCH.Virus;;
A0192798.exe\32788R22FWJFW\List-C.bat;C:\System Volume Information\_restore{1562B327-B575-4A09-B3D2-D468A9E1BB5A}\RP1199\A0192798.exe;Pravdepodobne BATCH.Virus;;
A0192798.exe;C:\System Volume Information\_restore{1562B327-B575-4A09-B3D2-D468A9E1BB5A}\RP1199;Archív obsahuje infikované objekty;Presunuté;
A0192809.bat;C:\System Volume Information\_restore{1562B327-B575-4A09-B3D2-D468A9E1BB5A}\RP1199;Pravdepodobne BATCH.Virus;;
A0192866.exe;C:\System Volume Information\_restore{1562B327-B575-4A09-B3D2-D468A9E1BB5A}\RP1199;Trojan.StartPage.21667;Vymazané;
A0192887.exe;C:\System Volume Information\_restore{1562B327-B575-4A09-B3D2-D468A9E1BB5A}\RP1199;Trojan.StartPage.21667;Vymazané;
A0192894.exe;C:\System Volume Information\_restore{1562B327-B575-4A09-B3D2-D468A9E1BB5A}\RP1199;Trojan.Packed.593;Vymazané;
A0191413.bat;C:\System Volume Information\_restore{1562B327-B575-4A09-B3D2-D468A9E1BB5A}\RP1197;Pravdepodobne BATCH.Virus;;
A0191566.bat;C:\System Volume Information\_restore{1562B327-B575-4A09-B3D2-D468A9E1BB5A}\RP1197;Pravdepodobne BATCH.Virus;;
A0191693.bat;C:\System Volume Information\_restore{1562B327-B575-4A09-B3D2-D468A9E1BB5A}\RP1197;Pravdepodobne BATCH.Virus;;

#32 Příspěvek od **motji** » 24 pro 2009 00:48

Omlouvám se ale už na to dnes nevidím, doladíme to o Svátcích. Ale nevidím už v logu nic špatného, jak se chová počítač?

knox · #33 Příspěvek od **knox** » 24 pro 2009 01:01

Nuz ja som zatial pc moc nepouzival, nechcel som na to sahat ked je v nom barsjake svinstvo...ale momentalne sa mi zda sviznejsi a internet mail od avastu neukazuje ziadne odchadzajuce maily. Ale stale mam zly pocit po tom ako sa ten vir mnozil a robil kto vie co v pocitaci, tak mam paranoje normalne pouzivat pc - maily, nedajboze paypal ci internet banking

#34 Příspěvek od **motji** » 24 pro 2009 01:08

:arrow:Stáhněte OTM http://oldtimer.geekstogo.com/OTM.exe
Stáhněte na plochu Otm, 2krát klikněte na Otm,spustí se program,
Do levého okna "Paste Instructions for Items to be Moved" pod žlutou čáru zkopírujete skript

Kód: Vybrat vše

:processes
explorer.exe
 
:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\WINDOWS\system32\DRIVERS\easdrv.sys
C:\Program Files\Common Files\Ulead Systems
C:\Program Files\ESET

:Services
UleadBurningHelper
easdrv
 mbr
ekrn
CiSvc 
ClipSrv
UPS 
SQLAgent$SONY_MEDIAMGR 
MSSQL$SONY_MEDIAMGR

:commands
[emptytemp]
[start explorer]
[clearallrestorepoints]
[Reboot]

-klikněte na červené tlačítko Moveit!
-sem vložte obsah zeleného okénka
-Pokud se bude chtít restartovat pc, dejte YES,log pak najdete C:\_OTM\MovedFiles. Log vložte sem

Jinak na odinstalaci programů používejte například Revo uninstaller, je důkladnější

Z mého podpisu stahněte Ccleaner
-nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner

záložka Registry
-klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy

udělat zálohu registrů - nemusíte
-kliknete opravit všechny problémy

ok

zavřít

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.

Nevidím ani SAS ani spybot že by se spouštěli po restartu.

Nemáte firewall, více se dočtete http://www.viry.cz/forum/viewtopic.php?f=41&t=20980

Nemáte sp3 http://www.viry.cz/forum/viewtopic.php?f=46&t=86100

Jak to vypadá s počítačem?
Ten vir co jste tam měl stahoval další viry a posílal spam, kde můžete raději změnte hesla, pořidte si firewall
Firewall můžu doporučit Zone Alarm, je sice v angličtině, ale jednoduchý

.
http://www.slunecnice.cz/sw/zonealarm/
(potvrdit instalaci pouze firewallu)
Zde, když to projdete, je trošku popsáno jak firewall nastavit
http://www.viry.cz/forum/viewtopic.php?f=3&t=91519

knox · #35 Příspěvek od **knox** » 24 pro 2009 01:44

- otm zamrzlo a musel som restartovat rucne, pc startoval dost dlho - celkovo sa mi zda ze nabieha dlho...
- ccleaner pouzivam - revo zacnem, dik.
- fw a sp3 to dam coskoro doporiadku len fw som chvilu nemal lebo mi ziadny co som skusal nevyhovoval a potom som na to nejak zabudol - sp3 mi hadzalo chyby pri instalacii ale skusim to podla tohto navodu.
- no pocitac teda zatial okrem toho dlhsieho rozbehu a zozaciatku spomaleneho firefoxu...sa zda byt ok... (co ste urobili vcera s firefoxom, zdalo sa mi ze vtedy isiel najlepsie)
- hesla myslite na mailoch alebo vsade kde sa da?

Log z otm:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
DllUnregisterServer procedure not found in C:\WINDOWS\system32\drivers\_004860_.tmp.dll
DllUnregisterServer procedure not found in C:\WINDOWS\system32\drivers\_004870_.tmp.dll
C:\WINDOWS\system32\drivers\_004860_.tmp.dll moved successfully.
C:\WINDOWS\system32\drivers\_004870_.tmp.dll moved successfully.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP409.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP426.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP449.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7C10.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8F2.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5B8F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10D7.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP117A.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP125D.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1285.tmp folder moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\5cbae9f608200acfe09bb51d3f8b070a\BITAA72.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\f446a6f50593b55fc5458fa4af798dfe\BITAA73.tmp moved successfully.
C:\WINDOWS\system32\DRIVERS\easdrv.sys moved successfully.
C:\Program Files\Common Files\Ulead Systems\DVD folder moved successfully.
C:\Program Files\Common Files\Ulead Systems folder moved successfully.
File/Folder C:\Program Files\ESET not found.
========== SERVICES/DRIVERS ==========
Service UleadBurningHelper stopped successfully!
Service UleadBurningHelper deleted successfully!
Service easdrv stopped successfully!
Service easdrv deleted successfully!
Error: No service named mbr was found to stop!
Unable to stop service mbr!
Service ekrn stopped successfully!
Service ekrn deleted successfully!
Service CiSvc stopped successfully!
Service CiSvc deleted successfully!
Service ClipSrv stopped successfully!
Service ClipSrv deleted successfully!
Service UPS stopped successfully!
Service UPS deleted successfully!
Service SQLAgent$SONY_MEDIAMGR stopped successfully!
Service SQLAgent$SONY_MEDIAMGR deleted successfully!
Service MSSQL$SONY_MEDIAMGR stopped successfully!
Service MSSQL$SONY_MEDIAMGR deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 356384 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 41399482 bytes
->Opera cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 40,00 mb

Restore points cleared and new OTM Restore Point set!

OTM by OldTimer - Version 3.1.3.0 log created on 12242009_011516

Files moved on Reboot...
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File C:\WINDOWS\temp\Perflib_Perfdata_438.dat not found!

Registry entries deleted on Reboot...

#36 Příspěvek od **motji** » 24 pro 2009 06:58

Pokud Vám sp3 nešlo nainstalovat, tak ho neinstalujte.
Můžete pc ještě trochu pročistit

Smažte cache firefoxu bud ručně nebo ATF Cleanerem
http://www.slunecnice.cz/sw/atf-cleaner/

- v menu nahoře vyberte záložku Firefox / Opera a klikněte na ni
-zatrhněte Select All a pak klikněte na Empty Selected

pozor - přijdete o všechna hesla uložená ve FF /Opere!

-Na záložce main zaškrtněte All users temp a potvrdte Empty selected

Stahněte TFC a použijte
TFC (http://oldtimer.geekstogo.com/TFC.exe)

vyčistění disku
start-spustit - napište cleanmgr - ok..ok
-dát fajfku temporary ,,,offline,,koš,,,dočasné soubory - ok,

start-spustit - napište cleanmgr - ok..ok
-další možnosti - obnovení systému - vyčistit - ok

start-spustit - napište chkdsk /f/r
-[enter]
souhlas - restartuje se pc a nechá se disk zkontrolovat

defragmentace disku
start - ovládací panely - nástroje pro správu - správa počítače - defragmentace disku
-můžete použít i jiný nástroj na defragmentaci, ten ve windows není nic moc

Za sebe můžu doporučit JK defrag, který se neinstaluje
http://www.slunecnice.cz/sw/jkdefrag/

Hesla všude kde to jde

knox · #37 Příspěvek od **knox** » 24 pro 2009 11:06

Takze pc uz je ciste? Co ste vlastne spravili tym predvcerajsim prikazom v combofixe - nieco s profilom firefoxu, zdal sa mi vtedy najsviznejsi...? (a taktiez bolo v spravcovi uloh asi o 13 menej procesov)
Cache aj ostatne mazem pravidelne v oboch prehliadacoch + pouzivam ccleaner, easycleaner a wiseregistry cleaener.
Idem teda na tie dalsie veci a na noc necham disk defragmentovat...
Ja sa tie hesla zatial bojim menit, co ked je este vir v pc a ked ich neodchytil vtedy odchyti ich teraz?

Update: Takze prva chybicka co som postrehol zatial je ze mi nejde spustit EOS utility na skopirovanie fotiek z fotaka do pocitaca

Aplikacia pri starte zmrzne a pocitac nereaguje, musi sa resetnut na tvrdo

(

#38 Příspěvek od **motji** » 24 pro 2009 16:00

Program zkuste přeinstalovat

Máte pocit že mozilla je pomalejší?
Já už o žádné havěti v pc nevím

, zkuste tedy ještě SAS

Stáhněte SAS z mého podpisu.

-Nainstalujte,
-proveďte aktualizaci a dejte uplný sken.
-Co najde, smažte,a napište co našel.
-SAS si můžete ponechat na občasný sken, je to výborný antispyware , ve free verzi bez rezidentního štítu.

knox · #39 Příspěvek od **knox** » 24 pro 2009 19:39

No firefox mi ide vyrazne pomalsie uz dlhsiu dobu, slo mi ale o to ze po tom vcerajsom prikaze siel lepsie - tak ako by mal... Takto je vyrazne pomalsi ako opera.
SAS pouzivam, nenasiel nic ani dnes ale ani predvcerom ked tam boli tie viry

#40 Příspěvek od **motji** » 24 pro 2009 21:17

Zkuste Mozillu přeinstalovat, zda to pomůže. Ještě poprosím o nový log ze Rsitu

knox · #41 Příspěvek od **knox** » 24 pro 2009 21:52

Preinstalovat nepomoze a prist o vsetky nastavenia pri vymazani profilu momentalne nechcem, ale budem sa asi na to muset odhodlat neskor...btw napriklad pri pisani tohto postu momentalne pismenka v mozille naskakuju ovela pomalsie ako pisem...proste nieco v tom fff stale nie je v poriadku...preto by som rad vedel co ste vlastne spravili tymto prikazom vo firefoxe lebo sa mi zdalo ze siel potom sviznejsie...

Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2009-12-24 21:46:13
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 912 MB (5%) free of 20 GB
Total RAM: 1279 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:35, on 24.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trillian Pro\Astra\trillian.exe
C:\Documents and Settings\Admin\Desktop\RSIT.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\trend micro\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=GRman000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gene6 FTP Server (G6FTPServer) - Gene6 - C:\Program Files\Gene6 FTP Server\G6FTPSERVER.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6848 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2006-05-19 1106344]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2006-05-19 1848150]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2006-05-19 126976]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2006-07-08 576320]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-10-03 39792]
"00PCTFW"=C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe [2009-02-23 2652056]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-10-03 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-10-15 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2004-09-07 1871872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-06 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"=C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 192512]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Trillian Pro\trillian.exe"="C:\Program Files\Trillian Pro\trillian.exe:*:Disabled:Trillian"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Trillian Pro\Astra\trillian.exe"="C:\Program Files\Trillian Pro\Astra\trillian.exe:*:Enabled:Trillian"
"C:\Program Files\Java\jre1.6.0_02\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre1.6.0_02\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{765f2bcc-c28d-11db-89fc-806d6172696f}]
shell\AutoRun\command - G:\SETUP.EXE

======File associations======

.js - edit -
.js - open -
.vbs - edit -
.vbs - open -

======List of files/folders created in the last 1 months======

2009-12-24 11:14:29 ----D---- C:\Documents and Settings\Admin\Application Data\PCToolsFirewallPlus
2009-12-24 11:10:29 ----D---- C:\Program Files\PC Tools Firewall Plus
2009-12-24 02:01:59 ----D---- C:\Program Files\VS Revo Group
2009-12-24 01:15:16 ----D---- C:\_OTM
2009-12-23 18:03:00 ----D---- C:\rsit
2009-12-23 17:49:19 ----SHD---- C:\Recycled
2009-12-22 23:12:38 ----N---- C:\WINDOWS\system32\ssdpsrv.dll
2009-12-22 23:12:37 ----N---- C:\WINDOWS\system32\regsvc.dll
2009-12-21 21:05:03 ----D---- C:\Program Files\netmeeting
2009-12-21 20:53:11 ----RASHD---- C:\cmdcons
2009-12-21 19:53:48 ----D---- C:\Program Files\trend micro
2009-12-11 01:41:50 ----HD---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-11 01:41:37 ----HD---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-11 01:41:22 ----HD---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-11 01:40:15 ----HD---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-11 01:39:56 ----HD---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-09 22:16:02 ----D---- C:\Documents and Settings\All Users\Application Data\Boss Media
2009-11-25 18:26:13 ----HD---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-25 18:25:57 ----HD---- C:\WINDOWS\$NtUninstallKB973687$

======List of files/folders modified in the last 1 months======

2009-12-24 21:44:42 ----A---- C:\WINDOWS\wincmd.ini
2009-12-24 02:14:24 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-12-23 17:25:38 ----A---- C:\WINDOWS\system.ini
2009-12-23 05:56:40 ----A---- C:\WINDOWS\msicpl.ini
2009-12-21 20:53:26 ----RASH---- C:\boot.ini
2009-12-01 21:06:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-25 00:54:30 ----A---- C:\WINDOWS\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2007-06-19 33408]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys []
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-03-09 77184]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-01-24 5632]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 PCTAppEvent;PCTAppEvent Driver; \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys []
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2006-11-07 32288]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 pctplfw;pctplfw; \??\C:\WINDOWS\system32\drivers\pctplfw.sys []
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2007-08-21 21760]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SFilter;PCTools Driver; C:\WINDOWS\system32\DRIVERS\pctfw.sys [2008-09-22 97408]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S2 BT848;Conexant's BtPCI WDM Video Capture; C:\WINDOWS\system32\drivers\BT848.sys [2008-11-03 362837]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 FlyPCI;FlyPCI; \??\C:\WINDOWS\system32\drivers\FlyPCI.sys []
S3 genmcmn;Genius Mouse Driver; C:\WINDOWS\system32\DRIVERS\gmfiltr.sys []
S3 genmcmnUSB;Genius USB Mouse Driver; C:\WINDOWS\system32\DRIVERS\gflmouhid.sys []
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-03 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 P2k;Motorola USB Device; C:\WINDOWS\system32\DRIVERS\P2k.sys [2004-05-27 16032]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-06-19 47360]
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
S3 se45bus;Sony Ericsson Device 069 driver (WDM); C:\WINDOWS\system32\DRIVERS\se45bus.sys [2006-11-30 61536]
S3 se45mdfl;Sony Ericsson Device 069 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se45mdfl.sys [2006-11-30 9360]
S3 se45mdm;Sony Ericsson Device 069 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se45mdm.sys [2006-11-30 97088]
S3 se45mgmt;Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se45mgmt.sys [2006-11-30 88624]
S3 se45nd5;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (NDIS); C:\WINDOWS\system32\DRIVERS\se45nd5.sys [2006-11-30 18704]
S3 se45obex;Sony Ericsson Device 069 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se45obex.sys [2006-11-30 86432]
S3 se45unic;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (WDM); C:\WINDOWS\system32\DRIVERS\se45unic.sys [2006-11-30 90800]
S3 sermouse;Serial Mouse Driver; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2004-08-04 17664]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 STIrUsb;SigmaTel USB-IrDA Dongle; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2001-08-17 26624]
S3 StMp3Rec;Player Recovery Device Control Driver; C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2005-10-10 65702]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []
S4 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2006-05-19 204800]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus; C:\Program Files\PC Tools Firewall Plus\FWService.exe [2008-12-11 146800]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-01 133104]
S2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-12 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 G6FTPServer;Gene6 FTP Server; C:\Program Files\Gene6 FTP Server\G6FTPSERVER.EXE [2007-02-05 423936]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-19 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#42 Příspěvek od **motji** » 24 pro 2009 21:58

Jestli máte na mysli tohle

Firefox::
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\ybn9wdjb.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redi ... searchfor=

tak my websearch je havět, mazala jsem ji

GooredFix

-Stáhněte a uložte na plochu GooredFix

-po staženi spusťte a postupujte podle pokynů
-po ukončení se Vám objeví log, jeho obsah zkopírujte sem (pokud se nezadaři, najdete log na ploše)

knox · #43 Příspěvek od **knox** » 24 pro 2009 22:22

Jaj tak

OK, vdaka za vysvetlenie...
S tym softom k fotaku je problem, odinstaloval som vsetko cez revo uninstaller - nainstaloval znova a robi to presne to iste, zmrzne a nereaguje na nic ani ctrl+alt+del - pomoze az restart natvrdo

Nejak zvlast ma to netrapi, najdem nahradu alebo kupim citacku kariet...len nechapem cim to moze byt.

Log z GooredFix:

GooredFix by jpshortstuff (06.12.09.1)
Log created at 22:18 on 24/12/2009 (Admin)
Firefox version 3.5.6 (sk)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [11:56 07/02/2009]

C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ybn9wdjb.default\extensions\
{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [18:05 02/07/2009]
{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} [23:21 10/02/2009]
{1ced4832-f06e-413f-aa14-9eb63ad40ace} [15:01 29/03/2009]
{20a82645-c095-46ed-80e3-08825760534b} [15:24 25/10/2009]
{6e84150a-d526-41f1-a480-a67d3fed910d} [10:20 03/07/2009]
{76063e7f-3558-4b68-8287-54eb6512adc0} [18:05 02/07/2009]
{888d99e7-e8b5-46a3-851e-1ec45da1e644} [18:05 02/07/2009]
{89736E8E-4B14-4042-8C75-AD00B6BD3900} [23:21 10/02/2009]
{a0faa0a4-f1a7-4098-9a74-21efc3a92372} [18:05 02/07/2009]
{AE93811A-5C9A-4d34-8462-F7B864FC4696} [14:44 24/05/2009]
{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9} [23:21 10/02/2009]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [21:07 05/07/2009]
{DDC359D1-844A-42a7-9AA1-88A850A938A8} [10:20 03/07/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"bkmrksync@nokia.com"="C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\" [07:15 04/02/2009]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [08:34 08/08/2009]

-=E.O.F=-

#44 Příspěvek od **motji** » 24 pro 2009 22:36

Popravdě já v logu už nic škodlivého nevidím

. Nevím proč je mozilla pomalejší a proč Vám nejde ten program

.
Jiné problémy s pc nejsou?

knox · #45 Příspěvek od **knox** » 25 pro 2009 00:21

Ine problemy som nepostrehol, pc je urcie sviznejsie ako predtym takze pokial je to vsetko, dakujem velmi pekne za pomoc a cas ktory ste mi venovali aj takto cez sviatky, velmi si to vazim. Ked si budem bezpecnostou pc este istejsi tak prispejem cez paypal alebo kupim tricko, fakt velka vdaka a pekne sviatky prajem.
(Neskor este necham skontrolovat notebook ktory bol s tymto pc na sieti a casto si vymienali aj usb kluce takze predpokladam ze bude nakazeny tiez.)

VIRY.CZ

Rozosielam spam

Re: Rozosielam spam

Re: Rozosielam spam

Re: Rozosielam spam

Re: Rozosielam spam

Re: Rozosielam spam

Re: Rozosielam spam

Re: Rozosielam spam

Re: Rozosielam spam

Re: Rozosielam spam

Re: Rozosielam spam

Re: Rozosielam spam

Re: Rozosielam spam

Re: Rozosielam spam

Re: Rozosielam spam

Re: Rozosielam spam