Re: PC nereaguje + services - posladna kontrola RSIT

[motji]

Obnova systému - vrátíte pc do stavu třeba před třemi dny, podle toho, jaký bod obnovy zvolíte. Už ho nedělejte, když je vše ok.

Ta černá obrazovka bude souviset s konzolízotavení. Můžeme ji pak odstranit, pokud Vám bude vadit. Jinak se doporučuje v pc ponechat, kdyby někdy spadl systém, dá se z ní opravit.

Ještě Vám pomažu nějaké zbytky. GameMon používáte?

[Zello]

nie enpouzivam ani neviem co to je

[motji]

Ještě otestujte na www.virustotal.com
c:\windows\InZU31.exe
c:\windows\system32\drivers\PzWDM.sys
c:\windows\system32\vbscript.dll

[Zello]

vsetky 3 su ciste

[motji]

Ještě prosím otestujte na http://www.virustotal.com
c:\documents and settings\STANO ILENIN\My Documents\ICQ\335983735\ReceivedFiles\338786477 Roggi\Tool\Driver.sys




Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

File::
c:\windows\system32\GameMon.des

Folder::
c:\program files\AskBarDis
c:\program files\SweetIM

Driver::
npggsvc

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"=-
[-HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[-HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]

DDS::
uDefault_Search_URL = hxxp://search.qip.ru

Firefox::
FF - ProfilePath - c:\documents and settings\STANO ILENIN\Application Data\Mozilla\Firefox\Profiles\pdne8svo.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=

Driver::
ASKUpgrade

Folder::
c:\program files\AskBarDis

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci


Vidím dva antiviry - Nod a Avast. Nod odinstalujte, je to již stará verze

[Zello]

nastal problem

script som sice vlozil a combofix aj pomazal subory ale pri naslednom restarte PC nabehol automaticky NOD nahodilo modre okno a logt neurobilo

[motji]

Spustte combofix ještě jednou bez skriptu

[Zello]

to som aj urobil v nudzovom rezime a tu je log:

Lenze teraz zapnem pc vyhodi chybovu hlasku nieco s combofixom, pipne procesor a vyhadzuje to THe system has recovered from a serious error

ComboFix 10-04-15.05 - STANO ILENIN 18.04.2010 18:27:52.5.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2046.1668 [GMT 2:00]
Running from: c:\documents and settings\STANO ILENIN\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\AskSplash.exe
c:\program files\AskBarDis\bar\bin\AskTBApp.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\01EA275E
c:\program files\AskBarDis\bar\Cache\01EA2B94.bin
c:\program files\AskBarDis\bar\Cache\01EA2F1F.bin
c:\program files\AskBarDis\bar\Cache\01EA3048.bin
c:\program files\AskBarDis\bar\Cache\01EA3161.bin
c:\program files\AskBarDis\bar\Cache\01EA327A.bin
c:\program files\AskBarDis\bar\Cache\01EA33C2.bin
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\AskLogo.ico
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\bar\Settings\prevCfg2.htm
c:\program files\AskBarDis\PopSwatter\History\allowed
c:\program files\AskBarDis\PopSwatter\History\notallow
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\program files\SweetIM\Messenger\default.xml
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\SweetIM\Messenger\mgAIMAuto.dll
c:\program files\SweetIM\Messenger\mgAIMMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgArchive.dll
c:\program files\SweetIM\Messenger\mgcommon.dll
c:\program files\SweetIM\Messenger\mgcommunication.dll
c:\program files\SweetIM\Messenger\mgconfig.dll
c:\program files\SweetIM\Messenger\mgFlashPlayer.dll
c:\program files\SweetIM\Messenger\mghooking.dll
c:\program files\SweetIM\Messenger\mgICQAuto.dll
c:\program files\SweetIM\Messenger\mgICQMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgIEPlayer.dll
c:\program files\SweetIM\Messenger\mglogger.dll
c:\program files\SweetIM\Messenger\mgMediaPlayer.dll
c:\program files\SweetIM\Messenger\mgMsnAuto.dll
c:\program files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgsimcommon.dll
c:\program files\SweetIM\Messenger\mgSweetIM.dll
c:\program files\SweetIM\Messenger\mgUpdateSupport.dll
c:\program files\SweetIM\Messenger\mgxml_wrapper.dll
c:\program files\SweetIM\Messenger\mgYahooAuto.dll
c:\program files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
c:\program files\SweetIM\Messenger\msvcp71.dll
c:\program files\SweetIM\Messenger\msvcr71.dll
c:\program files\SweetIM\Messenger\resources\images\AudibleButton.png
c:\program files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
c:\program files\SweetIM\Messenger\resources\images\EmoticonButton.png
c:\program files\SweetIM\Messenger\resources\images\NudgeButton.png
c:\program files\SweetIM\Messenger\resources\images\SoundFxButton.png
c:\program files\SweetIM\Messenger\resources\images\WinksButton.png
c:\program files\SweetIM\Messenger\SweetIM.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\default.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\msvcp71.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\msvcr71.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Bookmarks_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Email_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Games_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Greetingcards_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Logo.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Mobile_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Music_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\News_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Shoping_23x18.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\sweetimicons.bmp
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\version.txt
c:\windows\system32\command.pif
c:\windows\system32\GameMon.des

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASKUPGRADE
-------\Service_ASKUpgrade
-------\Service_npggsvc


((((((((((((((((((((((((( Files Created from 2010-03-18 to 2010-04-18 )))))))))))))))))))))))))))))))
.

2010-04-18 15:18 . 2010-04-18 15:18 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-04-17 08:51 . 2010-04-17 08:51 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-16 13:19 . 2010-04-16 13:19 -------- d-----w- c:\program files\Alwil Software
2010-04-16 13:19 . 2010-04-16 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-16 13:14 . 2010-04-16 13:14 -------- d-----w- c:\program files\CCleaner
2010-04-16 08:28 . 2010-04-16 08:29 -------- d-----w- c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP
2010-04-16 08:25 . 2010-04-16 08:25 -------- d-----w- c:\program files\Enigma Software Group
2010-04-16 08:11 . 2010-04-16 08:11 -------- d-----w- C:\rsit
2010-04-16 07:59 . 2010-04-16 07:59 -------- d-----w- c:\program files\Trend Micro
2010-04-16 07:47 . 2010-04-16 07:47 -------- d-----w- c:\documents and settings\STANO ILENIN\Application Data\Uniblue
2010-04-12 08:03 . 2007-03-09 14:13 221184 ----a-w- c:\windows\InZU31.exe
2010-04-12 08:03 . 2005-06-29 00:38 15172 ----a-w- c:\windows\system32\drivers\PzWDM.sys
2010-04-12 08:03 . 2010-04-12 08:03 -------- d-----w- c:\program files\ONES (E)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-18 15:11 . 2008-04-30 18:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-16 12:51 . 2010-04-16 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-04-15 17:19 . 2008-05-04 03:59 -------- d-----w- c:\documents and settings\STANO ILENIN\Application Data\Skype
2010-04-15 08:37 . 2008-05-04 04:01 -------- d-----w- c:\documents and settings\STANO ILENIN\Application Data\skypePM
2010-04-14 21:19 . 2009-01-12 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-14 13:14 . 2009-11-24 15:14 79488 ----a-w- c:\documents and settings\STANO ILENIN\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-04-12 07:17 . 2008-05-21 15:13 -------- d-----w- c:\program files\Webteh
2010-03-18 11:54 . 2010-03-18 11:54 -------- d-----w- c:\program files\XTB-Trader
2010-03-09 11:09 . 2004-08-04 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 13:52 . 2008-05-07 18:45 -------- d-----w- c:\program files\Google
2010-03-01 09:45 . 2010-03-01 09:45 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-01 09:30 . 2010-03-01 09:30 -------- d-----w- c:\documents and settings\STANO ILENIN\Application Data\Malwarebytes
2010-03-01 09:30 . 2010-03-01 09:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-01 09:23 . 2010-03-01 09:23 0 ----a-w- c:\windows\nsreg.dat
2010-02-26 05:43 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-20 11:23 . 2010-02-20 11:23 -------- d-----w- c:\documents and settings\All Users\Application Data\BioWare
2010-02-20 11:19 . 2010-02-20 11:00 -------- d-----w- c:\program files\Common Files\BioWare
2010-02-16 14:08 . 2004-08-04 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-15 15:15 . 2008-04-30 18:14 129664 ----a-w- c:\documents and settings\STANO ILENIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 15:39 . 2010-02-11 15:39 71364 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-18 20:54 . 2009-11-14 09:45 4087 ----a-w- c:\documents and settings\STANO ILENIN\Application Data\settings.dat
2008-05-04 03:58 . 2008-05-04 03:58 22300968 ----a-w- c:\program files\SkypeSetup.exe
2009-09-18 15:29 . 2008-07-26 08:30 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [BU]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544]
"Google Update"="c:\documents and settings\STANO ILENIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-28 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-21 68856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-04-30 949376]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"Gainward"="c:\windows\TBPanel.exe" [2008-01-09 2189864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-03-15 54832]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-12 136600]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [BU]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"nwiz"="nwiz.exe" [2009-04-30 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-11-1 25214]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Document Assistant.lnk - c:\hpdesk\hppddir.exe [2008-5-15 384512]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2008-5-15 303104]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\INSTAL\\rc10\\StrongDC.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\HRY\\Ultima Online Kelevar\\client.exe"=
"e:\\HRY\\Ultima Online Kelevar\\KelevarClient.exe"=
"c:\\Program Files\\UOAM\\uoam.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\12Voip.com\\12Voip\\12Voip.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\HRY\\MEerchant\\KaM - The Peasants Rebellion\\KM_TPR.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\FIFA 2010\\FIFA10.exe"=
"e:\\HRY\\Dragon Age\\bin_ship\\daorigins.exe"=
"e:\\HRY\\Dragon Age\\DAOriginsLauncher.exe"=
"e:\\HRY\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Documents and Settings\\STANO ILENIN\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\AOE\\age2_x1.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"24285:TCP"= 24285:TCP:BitComet 24285 TCP
"24285:UDP"= 24285:UDP:BitComet 24285 UDP

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [12.4.2010 10:03 15172]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.5.2008 1:11 685816]
S1 aswSP;aswSP; [x]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [30.4.2008 20:12 15424]
S2 aswFsBlk;aswFsBlk; [x]
S2 clr_optimization_v4.0.21006_32;Microsoft .NET Framework NGEN v4.0.21006_X86;c:\windows\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe [7.10.2009 3:44 129856]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [26.12.2009 15:19 233472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6.3.2010 15:52 135664]
S2 HPPECP00;HPPECP00;c:\windows\system32\drivers\hppecp00.sys [15.5.2008 3:54 42048]
S2 LF30FS;LF30FS;c:\program files\WinZip\LF30XP.sys [20.11.2004 3:07 101488]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\hry\Dragon Age\bin_ship\daupdatersvc.service.exe [20.2.2010 13:13 25832]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [26.12.2009 15:19 36608]
S3 MaxuvDevice;Maxuv hak pro 9 draku;c:\documents and settings\STANO ILENIN\My Documents\ICQ\335983735\ReceivedFiles\338786477 Roggi\Tool\Driver.sys [2.3.2010 20:21 4096]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [26.12.2009 15:19 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [26.12.2009 15:19 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [26.12.2009 15:19 121856]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe [7.10.2009 3:44 752984]
.
Contents of the 'Scheduled Tasks' folder

2010-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 13:52]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 13:52]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1644491937-725345543-1003Core.job
- c:\documents and settings\STANO ILENIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-28 15:10]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1644491937-725345543-1003UA.job
- c:\documents and settings\STANO ILENIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-28 15:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.tuke.sk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyServer = proxy.tuke.sk:3128
uInternet Settings,ProxyOverride = ;*.lokal;<local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\STANO ILENIN\Application Data\Mozilla\Firefox\Profiles\pdne8svo.default\
FF - plugin: c:\documents and settings\STANO ILENIN\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Musicnotes\npmusicn.dll
FF - plugin: c:\program files\Musicnotes\NPSibelius.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1220945662-1644491937-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:17,e7,ec,73,25,fd,02,37,1d,f8,67,ac,93,6c,c3,e9,d7,07,f5,87,8d,ab,ad,
72,77,35,63,57,4f,57,08,88,d5,cf,43,b3,28,d2,49,ed,7a,f1,f1,5d,ef,9f,55,a2,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1220945662-1644491937-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:fb,10,96,c9,88,0b,1c,d3,47,9d,80,f4,a4,dc,a8,89,d0,73,9f,e0,2d,
99,09,1b,8c,e0,29,64,f7,71,ca,91,f0,0b,79,dd,11,34,e2,f0,27,f8,7d,a6,6f,9e,\
"rkeysecu"=hex:54,a2,9b,f5,48,a1,50,04,d3,11,06,0f,69,6b,e2,fa
.
Completion time: 2010-04-18 18:36:26
ComboFix-quarantined-files.txt 2010-04-18 16:36
ComboFix2.txt 2010-04-17 08:51
ComboFix3.txt 2010-04-16 15:42
ComboFix4.txt 2010-04-16 14:56

Pre-Run: 9 048 956 928 bytes free
Post-Run: 9 010 491 392 bytes free

- - End Of File - - CFAFD0885DCD8052E8D304C4ADC25E89

[Zello]

Restartoval som PC, tentoraz nevyhodilo chybu Combofixu ani Error message lenze 2x piplo ako v predoslom pripade ako sa toho zbavim???

[motji]

Můžu Vás poprosit o log ze Rsitu? Patrně se combofix špatně ukončil
Ten Nod už máte odinstalovaný?

[Zello]

Logfile of random's system information tool 1.06 (written by random/random)
Run by STANO ILENIN at 2010-04-18 18:56:33
Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (4%) free of 200 GB
Total RAM: 2046 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56:38, on 18.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\TBPanel.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\HPDESK\hppddir.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\STANO ILENIN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\STANO ILENIN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\STANO ILENIN\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\STANO ILENIN.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tuke.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.tuke.sk:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.lokal;<local>;*.local
R3 - URLSearchHook: (no name) - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [combofix] "C:\ComboFix\CF15775.cfxxe" /c "C:\ComboFix\C.bat"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\STANO ILENIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Document Assistant.lnk = C:\HPDESK\hppddir.exe
O4 - Global Startup: Exif Launcher S.lnk = ?
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9550968768
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - E:\HRY\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 14992 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1644491937-725345543-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1644491937-725345543-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll [2005-04-14 327748]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 1267040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-12 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-03-06 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-03-06 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-12 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-12 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll [2005-04-14 327748]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - C:\PROGRA~1\ICQTOO~1\toolbaru.dll []
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 1267040]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-03-06 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-04-30 949376]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]
"Gainward"=C:\WINDOWS\TBPanel.exe [2008-01-09 2189864]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-12 39792]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-04-01 36352]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-07 57344]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-15 71216]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-03-15 54832]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-12 136600]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-05-01 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-06-19 570664]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]
"combofix"=C:\ComboFix\CF15775.cfxxe /c C:\ComboFix\C.bat []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2007-07-02 220544]
"Google Update"=C:\Documents and Settings\STANO ILENIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-28 133104]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-21 68856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-04-02 102400]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
Document Assistant.lnk - C:\HPDESK\hppddir.exe
Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\INSTAL\rc10\StrongDC.exe"="E:\INSTAL\rc10\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"E:\HRY\Ultima Online Kelevar\client.exe"="E:\HRY\Ultima Online Kelevar\client.exe:*:Enabled:Ultima Online Client"
"E:\HRY\Ultima Online Kelevar\KelevarClient.exe"="E:\HRY\Ultima Online Kelevar\KelevarClient.exe:*:Enabled:Ultima Online Client"
"C:\Program Files\UOAM\uoam.exe"="C:\Program Files\UOAM\uoam.exe:*:Enabled:Ultima Online's premier mapping tool."
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\12Voip.com\12Voip\12Voip.exe"="C:\Program Files\12Voip.com\12Voip\12Voip.exe:*:Enabled:12Voip"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"E:\HRY\MEerchant\KaM - The Peasants Rebellion\KM_TPR.exe"="E:\HRY\MEerchant\KaM - The Peasants Rebellion\KM_TPR.exe:*:Enabled:KM_TPR"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\FIFA 2010\FIFA10.exe"="C:\FIFA 2010\FIFA10.exe:*:Enabled:FIFA10"
"E:\HRY\Dragon Age\bin_ship\daorigins.exe"="E:\HRY\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game"
"E:\HRY\Dragon Age\DAOriginsLauncher.exe"="E:\HRY\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher"
"E:\HRY\Dragon Age\bin_ship\daupdatersvc.service.exe"="E:\HRY\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater"
"C:\Documents and Settings\STANO ILENIN\temp\TeamViewer\Version5\TeamViewer.exe"="C:\Documents and Settings\STANO ILENIN\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\AOE\age2_x1.exe"="C:\AOE\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-04-18 18:36:28 ----D---- C:\WINDOWS\temp
2010-04-18 18:36:26 ----A---- C:\ComboFix.txt
2010-04-18 18:26:48 ----D---- C:\ComboFix
2010-04-18 17:18:57 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
2010-04-16 17:35:12 ----A---- C:\Boot.bak
2010-04-16 17:35:08 ----RASHD---- C:\cmdcons
2010-04-16 16:44:28 ----A---- C:\WINDOWS\zip.exe
2010-04-16 16:44:28 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-04-16 16:44:28 ----A---- C:\WINDOWS\SWSC.exe
2010-04-16 16:44:28 ----A---- C:\WINDOWS\SWREG.exe
2010-04-16 16:44:28 ----A---- C:\WINDOWS\sed.exe
2010-04-16 16:44:28 ----A---- C:\WINDOWS\PEV.exe
2010-04-16 16:44:28 ----A---- C:\WINDOWS\NIRCMD.exe
2010-04-16 16:44:28 ----A---- C:\WINDOWS\MBR.exe
2010-04-16 16:44:28 ----A---- C:\WINDOWS\grep.exe
2010-04-16 16:44:21 ----D---- C:\WINDOWS\ERDNT
2010-04-16 15:19:50 ----D---- C:\Program Files\Alwil Software
2010-04-16 15:19:50 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-04-16 15:14:47 ----D---- C:\Program Files\CCleaner
2010-04-16 14:50:10 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2010-04-16 14:50:03 ----D---- C:\Program Files\Security Task Manager
2010-04-16 11:34:36 ----D---- C:\Qoobox
2010-04-16 10:28:47 ----D---- C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP
2010-04-16 10:25:43 ----D---- C:\Program Files\Enigma Software Group
2010-04-16 10:11:22 ----D---- C:\rsit
2010-04-16 09:59:45 ----D---- C:\Program Files\Trend Micro
2010-04-16 09:47:34 ----D---- C:\Documents and Settings\STANO ILENIN\Application Data\Uniblue
2010-04-14 23:19:02 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 23:18:54 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 23:18:47 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$
2010-04-14 23:16:34 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-04-14 23:16:11 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 23:16:04 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 23:15:57 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 23:15:34 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-12 10:03:40 ----A---- C:\WINDOWS\InZU31.exe
2010-04-12 10:03:34 ----D---- C:\Program Files\ONES (E)
2010-03-31 09:12:56 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$
2010-03-26 23:05:50 ----A---- C:\WINDOWS\system32\psisdecd.dll
2010-03-26 23:05:45 ----A---- C:\WINDOWS\system32\dxdllreg.exe

======List of files/folders modified in the last 1 months======

2010-04-18 18:54:10 ----A---- C:\WINDOWS\DFC.INI
2010-04-18 18:47:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-18 18:40:18 ----D---- C:\WINDOWS\Prefetch
2010-04-18 18:36:28 ----D---- C:\WINDOWS
2010-04-18 18:36:28 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-18 18:34:33 ----A---- C:\WINDOWS\system.ini
2010-04-18 18:33:44 ----D---- C:\WINDOWS\system32\drivers
2010-04-18 18:32:36 ----D---- C:\WINDOWS\system32
2010-04-18 18:32:36 ----D---- C:\WINDOWS\AppPatch
2010-04-18 18:32:32 ----D---- C:\Program Files\Common Files
2010-04-18 18:27:34 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-18 18:00:31 ----D---- C:\WINDOWS\system32\config
2010-04-18 17:58:59 ----RD---- C:\Program Files
2010-04-18 17:43:40 ----A---- C:\WINDOWS\wincmd.ini
2010-04-18 17:11:40 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-18 16:31:08 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-18 13:28:03 ----D---- C:\Program Files\Mozilla Firefox
2010-04-16 17:35:13 ----RASH---- C:\boot.ini
2010-04-16 17:31:19 ----SHD---- C:\WINDOWS\CSC
2010-04-16 15:20:12 ----SHD---- C:\WINDOWS\Installer
2010-04-16 15:20:12 ----D---- C:\Config.Msi
2010-04-16 15:20:11 ----D---- C:\WINDOWS\WinSxS
2010-04-16 12:19:42 ----A---- C:\WINDOWS\win.ini
2010-04-16 09:32:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2010-04-15 19:19:15 ----D---- C:\Documents and Settings\STANO ILENIN\Application Data\Skype
2010-04-15 10:37:41 ----D---- C:\Documents and Settings\STANO ILENIN\Application Data\skypePM
2010-04-14 23:19:28 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-04-14 23:19:08 ----HD---- C:\WINDOWS\inf
2010-04-14 23:19:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-14 23:19:00 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-14 23:18:58 ----A---- C:\WINDOWS\imsins.BAK
2010-04-14 22:58:10 ----A---- C:\WINDOWS\wdict32.INI
2010-04-12 10:03:23 ----D---- C:\PROGRAMY
2010-04-12 09:17:15 ----D---- C:\Program Files\Webteh
2010-04-11 14:55:02 ----D---- C:\AOE
2010-04-07 20:21:38 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-03-28 09:46:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-28 01:13:18 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-26 23:08:46 ----D---- C:\WINDOWS\system32\DirectX
2010-03-26 23:08:45 ----RSD---- C:\WINDOWS\assembly
2010-03-26 23:06:44 ----D---- C:\WINDOWS\RegisteredPackages
2010-03-19 18:05:50 ----A---- C:\WINDOWS\system32\wmp.dll
2010-03-19 14:20:12 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-04-30 15424]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-04-30 512096]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-10-20 278984]
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 HPPECP00;HPPECP00; C:\WINDOWS\system32\drivers\HPPECP00.sys [1998-11-12 42048]
R2 LF30FS;LF30FS; \??\C:\Program Files\WinZip\LF30XP.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-10-20 25416]
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-19 4736]
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-18 4547584]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-08-07 98944]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys []
S1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys []
S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys []
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys []
S2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys []
S3 a3dsx1lx;a3dsx1lx; C:\WINDOWS\system32\drivers\a3dsx1lx.sys []
S3 alwy3vkn;alwy3vkn; C:\WINDOWS\system32\drivers\alwy3vkn.sys []
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys []
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 catchme;catchme; \??\C:\DOCUME~1\STANOI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MaxuvDevice;Maxuv hak pro 9 draku; \??\C:\Documents and Settings\STANO ILENIN\My Documents\ICQ\335983735\ReceivedFiles\338786477 Roggi\Tool\Driver.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 npkcrypt;npkcrypt; \??\E:\HRY\Lineage 2\Lineage II C4\system\npkcrypt.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\WINDOWS\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\WINDOWS\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\WINDOWS\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888]
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s117mdm.sys [2007-06-25 108456]
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s117mgmt.sys [2007-06-25 100264]
S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS); C:\WINDOWS\system32\DRIVERS\s117nd5.sys [2007-06-25 22952]
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s117obex.sys [2007-06-25 98344]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\WINDOWS\system32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-12 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-04-30 552064]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-05-01 168004]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-07-14 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-10-29 107832]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008-02-05 272024]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
S2 clr_optimization_v4.0.21006_32;Microsoft .NET Framework NGEN v4.0.21006_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe [2009-10-07 129856]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-06 135664]
S2 PEVSystemStart;PEVSystemStart; C:\ComboFix\PEV.cfxxe EXEC /i C:\ComboFix\REGT.cfxxe /S C:\ComboFix\CregB.dat []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-11-01 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\aspnet_state.exe [2009-10-07 35144]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-06-12 77944]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; E:\HRY\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-22 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe [2009-10-07 752984]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


nemam odinstalovany NOD pretoze nemam Avast ten som odinstaloval ale nejako s chybou cize ho stale ukazuje
ako mam vypnut ten pipajuci zvuk pri zapnuti systemu

[motji]

Ještě prosím otestujte na http://www.virustotal.com
c:\documents and settings\STANO ILENIN\My Documents\ICQ\335983735\ReceivedFiles\338786477 Roggi\Tool\Driver.sys


:arrow:Stáhněte OTM http://oldtimer.geekstogo.com/OTM.exe
Stáhněte na plochu Otm, 2krát klikněte na Otm,spustí se program,
Do levého okna "Paste Instructions for Items to be Moved" pod žlutou čáru zkopírujete skript

Kód: Vybrat vše

:processes
explorer.exe
 
:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP
c:\program files\SweetIM

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"=-
"combofix"=-
"nwiz"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

:Services
aswSP
aswFsBlk
PEVSystemStart 

:commands
[Reboot]

-klikněte na červené tlačítko Moveit!
-sem vložte obsah zeleného okénka
-Pokud se bude chtít restartovat pc, dejte YES,log pak najdete C:\_OTM\MovedFiles. Log vložte sem

[Zello]

ten subor je cisty

[Zello]

tu je log
co s tym pipajucim zvukom pri zapnuti PC ?? ako sa zbavim toho??


========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\003091_.tmp moved successfully.
C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP folder moved successfully.
C:\WINDOWS\NV31321752.TMP folder moved successfully.
C:\WINDOWS\NV37441608.TMP folder moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2362.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP32AD.tmp folder moved successfully.
C:\WINDOWS\CSC\csc1.tmp moved successfully.
C:\WINDOWS\Installer\MSI1CBD.tmp moved successfully.
C:\WINDOWS\Installer\MSI1D0C.tmp moved successfully.
C:\WINDOWS\Installer\MSI1D11.tmp moved successfully.
C:\WINDOWS\Installer\MSI1EBE.tmp moved successfully.
C:\WINDOWS\Installer\MSI1F5F.tmp moved successfully.
C:\WINDOWS\Installer\MSI35CB.tmp moved successfully.
C:\WINDOWS\Installer\MSI35DB.tmp moved successfully.
C:\WINDOWS\Installer\MSI94F1.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\c2115f16bd3c291aedde6441eb8cc984\BIT2C.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
File/Folder c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP not found.
File/Folder c:\program files\SweetIM not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
Registry key HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b1c1e16-6b34-430e-b074-5928eca4c150}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SweetIM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\combofix deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys\ deleted successfully.
========== SERVICES/DRIVERS ==========
Service aswSP stopped successfully!
Service aswSP deleted successfully!
Service aswFsBlk stopped successfully!
Service aswFsBlk deleted successfully!
Service PEVSystemStart stopped successfully!
Service PEVSystemStart deleted successfully!
========== COMMANDS ==========

OTM by OldTimer - Version 3.1.10.2 log created on 04182010_191540

[motji]

Stále pípá?

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?