prosim o kontrolu logu

[mirec66]

prosim o kontrolu logu, udajne mam vir v PC, spomaluje mi internet

Logfile of random's system information tool 1.06 (written by random/random)
Run by Adrián Pyteľ at 2010-08-26 12:29:58
Systém Microsoft Windows XP Professional Service Pack 4
System drive C: has 765 MB (4%) free of 20 GB
Total RAM: 1023 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:12, on 26.8.2010
Platform: Windows XP SP4 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Adrián Pyteľ\Desktop\RSIT.exe
C:\Program Files\trend micro\Adrián Pyteľ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?o=15161&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66022
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Programz\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Compress Image Using Image Compressor 2008 - D:\Programy\image compressor 08 pro ed\imcieex_compress.html
O8 - Extra context menu item: &Download by Orbit - res://D:\Programz\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Programz\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Programz\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Programz\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {248F1F2D-E854-40AD-BB42-2E69EBC1CD8B} (ST WebDialer Control) - https://zona.t-com.sk/VianKampan2007/STWebDialer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37A055EB-FE2D-476C-92EE-88BDDD2D3473}: NameServer = 217.119.124.1 217.119.124.146
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1ca56fca6d5367e) (gupdate1ca56fca6d5367e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 9506 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - D:\Programz\Orbitdownloader\orbitcth.dll [2009-12-21 240912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-15 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431}
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-08-15 949376]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]
"RDesc"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-10 218032]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2009-09-28 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll [2005-01-31 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
D:\Programy\WindowBlinds\wbsrv.dll [2008-03-16 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\PROGRA~1\COMMON~1\stardock\MCPCore.dll [2005-05-10 86016]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=255
"NoDriveTypeAutoRun"=255
"HonorAutoRunSetting"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Programy\uTorrent\utorrent.exe"="D:\Programy\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"D:\Programy\Clear FTP 2006\clearftp.exe"="D:\Programy\Clear FTP 2006\clearftp.exe:*:Enabled:clearftp"
"D:\Programy\Fps Creator\MyGames\arenaskuska\arenaskuska.exe"="D:\Programy\Fps Creator\MyGames\arenaskuska\arenaskuska.exe:*:Enabled:FPSC Game"
"D:\Programy\Fps Creator\FPSC-Game.exe"="D:\Programy\Fps Creator\FPSC-Game.exe:*:Enabled:FPSC Game"
"D:\Programy\eDisk klient\eDisk klient.exe"="D:\Programy\eDisk klient\eDisk klient.exe:*:Enabled:eDisk klient"
"D:\Programy\Fps Creator\MyGames\arenaskuska2\arenaskuska2.exe"="D:\Programy\Fps Creator\MyGames\arenaskuska2\arenaskuska2.exe:*:Enabled:FPSC Game"
"D:\Programy\GoQ - NetRadio\NetRadio.exe"="D:\Programy\GoQ - NetRadio\NetRadio.exe:*:Enabled:NetRadio"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\Programy\HLSW\hlsw.exe"="D:\Programy\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"D:\Programy\QIP Infium\infium.exe"="D:\Programy\QIP Infium\infium.exe:*:Enabled:QIP Infium"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"D:\Programz\Orbitdownloader\orbitdm.exe"="D:\Programz\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"D:\Programz\Orbitdownloader\orbitnet.exe"="D:\Programz\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"D:\Programy\LimeWire\LimeWire.exe"="D:\Programy\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"D:\HRY\Call of Duty 4 - Modern Warfare\iw3mp.exe"="D:\HRY\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Programy\Edisk\eDisk klient\eDisk klient.exe"="D:\Programy\Edisk\eDisk klient\eDisk klient.exe:*:Enabled:eDisk klient"
"D:\Programy\real player\realplay.exe"="D:\Programy\real player\realplay.exe:*:Enabled:RealPlayer"
"D:\Programy\iTunes\iTunes.exe"="D:\Programy\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\Programy\Plugin Manager\skypePM.exe"="D:\Programy\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\Programy\Xfire\Xfire.exe"="D:\Programy\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"D:\HRY\Requiem\Requiem\UPDATERUSA.EXE"="D:\HRY\Requiem\Requiem\UPDATERUSA.EXE:*:Enabled:Requiem"
"D:\Programy\Phone\Skype.exe"="D:\Programy\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\HRY\Combat Arms\CombatArms.exe"="D:\HRY\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\HRY\Combat Arms\Engine.exe"="D:\HRY\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"D:\HRY\kos\game_sting_pak\sting.exe"="D:\HRY\kos\game_sting_pak\sting.exe:*:Enabled:˝şĆÿ¶óŔÎ"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8402e58-9d67-11df-9b9c-000b6abf036f}]
shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2b17c3c-6d7b-11df-9b2e-000b6abf036f}]
shell\downloadsb\command - explorer http://www.philips.com/songbird


======File associations======

.js - edit - "D:\Programy\dreamweaver8\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2010-08-22 14:44:51 ----D---- C:\Documents and Settings\Adrián Pyteľ\Application Data\GeoGet
2010-08-20 14:56:31 ----D---- C:\Documents and Settings\Adrián Pyteľ\Application Data\vlc
2010-08-20 14:55:09 ----D---- C:\Program Files\VideoLAN
2010-08-17 21:15:25 ----D---- C:\Nový priečinok
2010-08-17 20:50:34 ----D---- C:\Marienka
2010-08-11 19:22:57 ----D---- C:\Program Files\Team6 game studios
2010-08-09 17:53:40 ----D---- C:\Queen - the greatest hits
2010-08-06 23:54:41 ----D---- C:\Program Files\FunWebProducts
2010-07-30 14:31:01 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts

======List of files/folders modified in the last 1 months======

2010-08-26 12:30:12 ----D---- C:\WINDOWS\Prefetch
2010-08-26 12:30:03 ----D---- C:\Program Files\trend micro
2010-08-26 12:30:01 ----D---- C:\WINDOWS\temp
2010-08-26 12:26:33 ----D---- C:\Program Files\Mozilla Firefox
2010-08-26 12:23:02 ----D---- C:\Program Files\Common Files\Akamai
2010-08-25 23:22:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-25 23:22:22 ----D---- C:\Documents and Settings\Adrián Pyteľ\Application Data\ICQ
2010-08-25 19:27:12 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-08-25 19:26:12 ----D---- C:\Documents and Settings\Adrián Pyteľ\Application Data\MyPhoneExplorer
2010-08-25 19:23:39 ----D---- C:\Program Files\ICQ7.1
2010-08-25 19:23:08 ----SD---- C:\WINDOWS\Temporary Internet Files
2010-08-25 13:55:25 ----D---- C:\Documents and Settings\Adrián Pyteľ\Application Data\HLSW
2010-08-25 13:55:04 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-08-24 13:12:43 ----D---- C:\Documents and Settings\Adrián Pyteľ\Application Data\uTorrent
2010-08-21 22:28:23 ----D---- C:\WINDOWS\system32\drivers
2010-08-20 14:59:31 ----A---- C:\WINDOWS\NeroDigital.ini
2010-08-20 14:55:09 ----AD---- C:\Program Files
2010-08-20 14:55:07 ----SHD---- C:\WINDOWS\Installer
2010-08-20 14:55:07 ----D---- C:\Config.Msi
2010-08-20 14:54:47 ----D---- C:\Documents and Settings\Adrián Pyteľ\Application Data\Orbit
2010-08-19 15:36:50 ----D---- C:\WINDOWS
2010-08-17 21:55:42 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-11 20:18:52 ----D---- C:\Documents and Settings\Adrián Pyteľ\Application Data\Adobe
2010-08-11 19:24:20 ----D---- C:\WINDOWS\system32\DirectX
2010-08-11 19:24:17 ----RSD---- C:\WINDOWS\assembly
2010-08-10 14:12:44 ----D---- C:\Documents and Settings\Adrián Pyteľ\Application Data\BattlePunks
2010-08-08 19:08:03 ----D---- C:\WINDOWS\system32
2010-08-02 21:37:35 ----HD---- C:\WINDOWS\inf
2010-07-28 15:14:51 ----D---- C:\WINDOWS\Debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-08-15 15424]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-05-13 79488]
R1 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-01-20 31644]
R1 sdpiosys;sdpiosys; C:\WINDOWS\system32\drivers\sdpiosys.sys [2004-11-30 161792]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-08-15 512096]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-11-11 278984]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-11-11 25416]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-01-08 812416]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2010-02-12 15664]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-08-11 10144]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 PAC207;PC Camera; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-29 508160]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-12-25 47360]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 aiptektp;Pen Pad; C:\WINDOWS\system32\DRIVERS\aiptektp.sys [2005-12-23 22656]
S2 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 a4s6vzxt;a4s6vzxt; C:\WINDOWS\system32\drivers\a4s6vzxt.sys []
S3 actser;actser; C:\WINDOWS\system32\drivers\actser.sys [2004-08-23 29440]
S3 at4anlwi;at4anlwi; C:\WINDOWS\system32\drivers\at4anlwi.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\system32\DRIVERS\hidgame.sys [2001-08-17 8576]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 rak;rak; \??\C:\WINDOWS\system32\rakion.sys []
S3 RivaTuner32;RivaTuner32; \??\D:\Programy\RivaTuner v2.06\RivaTuner32.sys []
S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-06-29 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-06-29 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-06-29 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-06-29 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-06-29 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-06-29 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-06-29 98952]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 86368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-05-09 40704]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-04-11 87808]
S3 XDva349;XDva349; \??\C:\WINDOWS\system32\XDva349.sys []
S3 zlportio;zlportio; \??\D:\from torrent\ultrastardx-101a-full\zlportio.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R01000000 papycpu2;papycpu2; C:\WINDOWS\System32\DRIVERS\papycpu2.sys [2003-01-17 1984]
R01000000 papyjoy;papyjoy; C:\WINDOWS\System32\DRIVERS\papyjoy.sys [2003-01-17 1856]
R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-05-15 153376]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-08-15 552064]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2008-12-11 3575808]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-03-01 75064]
R2 wmcmgc;Windows Management Configuration; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 gupdate1ca56fca6d5367e;Služba Google Update (gupdate1ca56fca6d5367e); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-27 133104]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-01-13 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-17 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2008-03-03 68096]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; D:\Programy\Sony SF8 Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-08-23 724992]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-10-29 3407292]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; D:\Programy\Sony SF8 Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-05-09 823808]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

[stell]

zdravim
odinstaluj
C:\Program Files\Ask.com

PROSIM CITAJTE POZORNE NAVODY!!!,

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte>>
http://download.bleepingcomputer.com/sUBs/ComboFix.exe



Suhlasit instalacio Konzoly pre zotavenie (Recovery console)


- ComboFix je třeba spustit pod účtem s právy administrátora.
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano;

A este raz >ANO<

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího modreho okna

- Po dokončení skenování, trvajícího maximálně 10-15 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah do svého threadu na forum
- Před použitím ComboFixu je treba vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. NAVOD: http://www.bleepingcomputer.com/forums/topic114351.html
Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
V případě detekce antiviru u ComboFixu se jedná o falešný poplach.

[mirec66]

log z combofixu:
http://www.edisk.cz/stahni/88558/ComboF ... .51KB.html

[stell]

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
Driver::
wmcmgc
rak
zlportio
Rootkit::
c:\windows\system32\rakion.sys
DDS::
uStart Page = hxxp://eu.ask.com/?o=15161&l=dis
uDefault_Search_URL = hxxp://search13.net/
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
Trusted Zone: ketsujin.com\fighterace
Trusted Zone: ketsujin.com\primary
Trusted Zone: ketsujin.com\update
Trusted Zone: ketsujin.com\www
Trusted Zone: stormofaces.com\www
DPF: {248F1F2D-E854-40AD-BB42-2E69EBC1CD8B} - hxxps://zona.t-com.sk/VianKampan2007/STWebDialer.cab
FireFox::
FF - ProfilePath - c:\documents and settings\Adrián Pyteľ\Application Data\Mozilla\Firefox\Profiles\xevyq5n9.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
RegNull::
[HKEY_USERS\S-1-5-21-1960408961-73586283-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C66FA57D-0266-5A04-AB49-A8256C658F9F}*]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ř•€|˙˙˙˙•€|ů•A~*]
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{469bb76b-d2d4-4723-8d9c-227b21a487cc}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ř•€|˙˙˙˙•€|ů•A~*]
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Audio Sound Blaster System"=-
"Running Task Manager"=-

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :


Po skonceni skenu vlož log čo ComboFix vytvorí

[mirec66]

ComboFix 10-08-25.01 - Adrián Pyteľ 27.08.2010 12:49:02.10.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.4.1250.421.1033.18.1023.597 [GMT 2:00]
Running from: c:\documents and settings\Adrián Pyteľ\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Adrián Pyteľ\Desktop\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RAK
-------\Legacy_WMCMGC
-------\Service_rak
-------\Service_wmcmgc
-------\Service_zlportio


((((((((((((((((((((((((( Files Created from 2010-07-27 to 2010-08-27 )))))))))))))))))))))))))))))))
.

2010-08-20 12:55 . 2010-08-20 12:55 -------- d-----w- c:\program files\VideoLAN
2010-08-17 19:15 . 2010-08-20 13:22 -------- d-----w- C:\Nový priečinok
2010-08-17 18:50 . 2010-08-20 13:17 -------- d-----w- C:\Marienka
2010-08-11 17:22 . 2010-08-11 17:22 -------- d-----w- c:\program files\Team6 game studios
2010-08-09 15:53 . 2010-08-09 15:54 -------- d-----w- C:\Queen - the greatest hits
2010-07-30 12:31 . 2010-07-30 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-27 11:01 . 2010-06-14 17:21 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-26 10:30 . 2009-06-24 12:04 -------- d-----w- c:\program files\trend micro
2010-08-25 17:27 . 2007-12-15 09:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-25 17:23 . 2010-05-08 13:58 -------- d-----w- c:\program files\ICQ7.1
2010-08-25 11:55 . 2008-06-04 09:30 224960 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-25 10:20 . 2008-06-04 09:30 137944 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-09 19:04 . 2010-07-09 19:04 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-07-01 12:42 . 2010-05-24 18:22 -------- d-----w- c:\program files\Anti Trojan Elite
2010-07-01 12:21 . 2010-06-30 12:07 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-01 12:21 . 2010-06-30 11:26 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-01 12:21 . 2009-10-27 11:57 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-01 12:18 . 2008-08-27 13:52 -------- d-----w- c:\program files\DivX
2010-07-01 10:20 . 2010-06-30 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-30 15:14 . 2010-06-30 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-06-30 15:14 . 2010-06-30 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-06-02 02:55 . 2010-06-17 14:46 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-06-17 14:46 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-06-17 14:46 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-29 21:07 . 2009-02-01 14:59 96 -c-ha-w- c:\windows\system32\HsInfo.dat
2010-04-03 16:14 . 2010-04-03 16:14 66936 --sha-w- c:\windows\dlinfo_0.drv
2005-06-29 01:46 . 2004-08-04 12:00 14744064 --sh--w- c:\windows\system32\icm64.dll
.

------- Sigcheck -------

[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\erdnt\cache\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2006-04-20 . 45265CBAD25C6254AFAFC7BDD88BDB4B . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot_2010-08-26_14.30.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-27 11:00 . 2010-08-27 11:00 32768 c:\windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-27 11:01 . 2010-08-27 11:01 16384 c:\windows\temp\Perflib_Perfdata_564.dat
+ 2010-08-27 11:01 . 2010-08-27 11:01 16384 c:\windows\temp\Perflib_Perfdata_114.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-08-15 949376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 18:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 14:13 49152 ----a-w- c:\progra~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-03-16 13:31 229376 ----a-w- d:\programy\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="d:\programy\Phone\Skype.exe" /nosplash /minimized
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
"DAEMON Tools Lite"="d:\programy\DAEMON Tools Lite\daemon.exe" -autorun
"DAEMON Tools Pro Agent"="d:\programy\DAEMON Tools Pro\DTProAgent.exe"
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
"µTorrent"=d:\programy\uTorrent\utorrent.exe
"Pando Media Booster"=c:\program files\Pando Networks\Media Booster\PMB.exe
"uTorrent"="d:\programy\uTorrent\utorrent.exe"
"sbitunesagent"=c:\program files\Philips\Philips Songbird\songbirditunesagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"QuickTime Task"="d:\programy\QuickTIme\qttask.exe" -atboottime
"RivaTunerStartupDaemon"="d:\programy\RivaTuner v2.06\RivaTuner.exe" /S
"atwtusb"=atwtusb.exe beta
"PWRISOVM.EXE"=d:\programy\PowerISO\PWRISOVM.EXE
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="d:\programy\iTunes\iTunesHelper.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"PhilipsSongbirdLauncher"=c:\program files\Philips\Philips Songbird\extensions\philips-autoplay@philips.com\application\PhilipsSongbirdLauncher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programy\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Programy\\Clear FTP 2006\\clearftp.exe"=
"d:\\Programy\\Fps Creator\\MyGames\\arenaskuska\\arenaskuska.exe"=
"d:\\Programy\\Fps Creator\\FPSC-Game.exe"=
"d:\\Programy\\eDisk klient\\eDisk klient.exe"=
"d:\\Programy\\Fps Creator\\MyGames\\arenaskuska2\\arenaskuska2.exe"=
"d:\\Programy\\GoQ - NetRadio\\NetRadio.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Programy\\HLSW\\hlsw.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"d:\\Programy\\QIP Infium\\infium.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\Programz\\Orbitdownloader\\orbitdm.exe"=
"d:\\Programz\\Orbitdownloader\\orbitnet.exe"=
"d:\\Programy\\LimeWire\\LimeWire.exe"=
"d:\\HRY\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Programy\\Edisk\\eDisk klient\\eDisk klient.exe"=
"d:\\Programy\\real player\\realplay.exe"=
"d:\\Programy\\iTunes\\iTunes.exe"=
"d:\\Programy\\Plugin Manager\\skypePM.exe"=
"d:\\Programy\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"d:\\HRY\\Requiem\\Requiem\\UPDATERUSA.EXE"=
"d:\\Programy\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59137:TCP"= 59137:TCP:Pando Media Booster
"59137:UDP"= 59137:UDP:Pando Media Booster
"56096:TCP"= 56096:TCP:Pando Media Booster
"56096:UDP"= 56096:UDP:Pando Media Booster
"56772:TCP"= 56772:TCP:Pando Media Booster
"56772:UDP"= 56772:UDP:Pando Media Booster
"1064:TCP"= 1064:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [25.5.2010 10:37 130424]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [15.8.2008 13:13 15424]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [23.4.2010 21:29 95024]
R1 sdpiosys;sdpiosys;c:\windows\system32\drivers\SDPIOSYS.SYS [30.11.2004 13:10 161792]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [20.1.2010 13:28 295432]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4.8.2004 14:00 14336]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [11.12.2008 7:08 3575808]
R3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [29.5.2007 13:30 508160]
S1 aiptektp;Pen Pad;c:\windows\system32\drivers\aiptektp.sys [12.6.2008 14:44 22656]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S2 gupdate1ca56fca6d5367e;Služba Google Update (gupdate1ca56fca6d5367e);c:\program files\Google\Update\GoogleUpdate.exe [27.10.2009 13:57 133104]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [25.5.2010 10:36 348752]
S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.10.2007 11:57 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 11:57]

2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 11:57]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://search13.net/
IE: &Compress Image Using Image Compressor 2008 - d:\programy\image compressor 08 pro ed\imcieex_compress.html
IE: &Download by Orbit - d:\programz\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\programz\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - d:\programz\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\programz\Orbitdownloader\orbitmxt.dll/202
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Adrián Pyteľ\Application Data\Mozilla\Firefox\Profiles\xevyq5n9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - component: d:\programz\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: d:\programy\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\programy\QuickTIme\Plugins\npqtplugin.dll
FF - plugin: d:\programy\QuickTIme\Plugins\npqtplugin2.dll
FF - plugin: d:\programy\QuickTIme\Plugins\npqtplugin3.dll
FF - plugin: d:\programy\QuickTIme\Plugins\npqtplugin4.dll
FF - plugin: d:\programy\QuickTIme\Plugins\npqtplugin5.dll
FF - plugin: d:\programy\QuickTIme\Plugins\npqtplugin6.dll
FF - plugin: d:\programy\QuickTIme\Plugins\npqtplugin7.dll
FF - plugin: d:\programy\real player\Netscape6\nppl3260.dll
FF - plugin: d:\programy\real player\Netscape6\nprjplug.dll
FF - plugin: d:\programy\real player\Netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: browser.sessionstore.resume_from_crash - false
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-27 13:01
Windows 5.1.2600 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-73586283-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1960408961-73586283-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:72,f7,86,67,84,fe,af,46,a1,b9,5d,18,88,32,ef,ca,8f,6d,19,8c,a0,d0,ab,
e8,9f,9a,10,0e,9e,8c,d6,cb,d7,e4,4b,75,3f,47,ac,50,7b,56,fb,c2,ea,de,c6,25,\
"??"=hex:39,bd,5a,39,e5,b7,ad,ba,3d,64,ca,36,89,78,e2,2f

[HKEY_USERS\S-1-5-21-1960408961-73586283-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:e3,58,5e,2a,1f,8b,cb,80,cc,0e,73,db,8f,18,5c,dd,b0,98,d7,ec,d5,
f6,96,f2,32,09,91,96,02,b6,a6,be,34,d4,03,a8,e9,f4,86,07,3a,4b,f0,38,eb,c3,\
"rkeysecu"=hex:91,71,aa,24,32,c7,42,d2,0c,cc,b5,32,00,f0,83,54

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ř•€|˙˙˙˙•€|ů•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\windows\system32\LMIinit.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
c:\windows\system32\LMIRfsClientNP.dll
d:\programy\WindowBlinds\wbsrv.dll

- - - - - - - > 'lsass.exe'(616)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(3280)
c:\windows\system32\msi.dll
c:\progra~1\COMMON~1\stardock\MCPCore.dll
d:\programy\WindowBlinds\tray.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\Stardock\SDMCP.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2010-08-27 13:06:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-27 11:06
ComboFix2.txt 2010-08-26 14:35
ComboFix3.txt 2010-02-20 10:12
ComboFix4.txt 2010-02-19 20:47
ComboFix5.txt 2010-08-27 10:46

Pre-Run: 1 464 741 888 bytes free
Post-Run: 2 036 056 064 voľných bajtov

- - End Of File - - 6CC93EF67F2B20CA8EEC84DE85B9ED28

[stell]

odinstalovat
c:\program files\Anti Trojan Elite
Mas este problem s pc??

[mirec66]

problem este mam stale je velky PING 50 a viac predtym som mal PING 10-14 bol tu technik odkal mam net.
ten to premeral na notbuku mal PING 10 v mojom pc 45 tvrdi ze mam nejaky vir v pc rychlost mam uz v poriadku

[stell]

otestuj na www.virustotal.com
c:\windows\system32\drivers\SDPIOSYS.SYS
vysledok vloz sem.

[mirec66]

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
SDPIOSYS.SYS
Submission date:
2010-08-27 17:43:50 (UTC)
Current status:
finished
Result:
16 /40 (40.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.08.27.00 2010.08.26 Win-Trojan/Vanti.161792
AntiVir 8.2.4.46 2010.08.27 -
Antiy-AVL 2.0.3.7 2010.08.26 Trojan/Win32.Agent.gen
Authentium 5.2.0.5 2010.08.27 -
Avast 4.8.1351.0 2010.08.27 -
Avast5 5.0.594.0 2010.08.27 -
AVG 9.0.0.851 2010.08.27 BackDoor.Generic9.AFCW
BitDefender 7.2 2010.08.27 -
CAT-QuickHeal 11.00 2010.08.27 -
ClamAV 0.96.2.0-git 2010.08.27 -
Comodo 5877 2010.08.27 UnclassifiedMalware
DrWeb 5.0.2.03300 2010.08.27 -
Emsisoft 5.0.0.37 2010.08.27 Rootkit.Win32.Agent.agw!IK
eTrust-Vet 36.1.7821 2010.08.27 -
F-Prot 4.6.1.107 2010.08.26 -
F-Secure 9.0.15370.0 2010.08.27 -
Fortinet 4.1.143.0 2010.08.26 -
GData 21 2010.08.27 -
Ikarus T3.1.1.88.0 2010.08.27 Rootkit.Win32.Agent.agw
Jiangmin 13.0.900 2010.08.27 Rootkit.Vanti.exp
Kaspersky 7.0.0.125 2010.08.27 -
McAfee 5.400.0.1158 2010.08.27 -
Microsoft 1.6103 2010.08.27 -
NOD32 5402 2010.08.27 -
Norman 6.05.11 2010.08.27 W32/Rootkit.EXJ
nProtect 2010-08-27.01 2010.08.27 -
Panda 10.0.2.7 2010.08.27 Generic Rootkit
PCTools 7.0.3.5 2010.08.27 -
Prevx 3.0 2010.08.27 High Risk System Back Door
Rising 22.62.04.04 2010.08.27 -
Sophos 4.56.0 2010.08.27 -
Sunbelt 6802 2010.08.27 Trojan.Win32.Malware.a
SUPERAntiSpyware 4.40.0.1006 2010.08.27 -
Symantec 20101.1.1.7 2010.08.27 -
TheHacker 6.5.2.1.356 2010.08.26 Trojan/Agent.agw
TrendMicro 9.120.0.1004 2010.08.27 TROJ_ROOTKITD.F
TrendMicro-HouseCall 9.120.0.1004 2010.08.27 TROJ_ROOTKITD.F
VBA32 3.12.14.0 2010.08.27 Rootkit.Win32.Agent.agw
ViRobot 2010.8.25.4006 2010.08.27 Trojan.Win32.Agent.161792
VirusBuster 5.0.27.0 2010.08.27 -
Additional information
Show all
MD5 : 770872e7c4985d3fdf8755ec632c11e1
SHA1 : f951fb11cec7f92e8693dd2b8a27b5a1abd7bfc7
SHA256: c841be8965505d3b514bfae81d48b34d96596a7d9936255f60df6a82396fd08b
ssdeep: 3072:R+rbuiFWkFgrndW6p8V3UXKWo3RRQWiTb8YS8beW5NzhPR:R+rbUkAndW443ROWiTb8YS8
CCP
File size : 161792 bytes
First seen: 2008-03-30 16:08:24
Last seen : 2010-08-27 17:43:50
Magic: PE32 executable for MS Windows (native) Intel 80386 32-bit
TrID:
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: -
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x2F0
timedatestamp....: 0x3C639C3B (Fri Feb 08 09:36:59 2002)
machinetype......: 0x14C (Intel I386)

[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x280, 0x245BC, 0x245C0, 7.93, 14962ea4654e2c4d200f93e0bf80154f
.rdata, 0x24840, 0x20D0, 0x20E0, 7.97, 34fa4cdbcd8e8386664da0aa8b06ea3e
.data, 0x26920, 0x9A0, 0x9A0, 3.69, 1d89424aa6a8668c280ccc286da8c299
INIT, 0x272C0, 0x284, 0x2A0, 4.89, ed4a1331777e6e5c69455e06486f0f49
.reloc, 0x27560, 0x298, 0x2A0, 2.74, 7dc104658be4acaa920cac5b20965c8e

[[ 2 import(s) ]]
hal.dll: HalTranslateBusAddress, ExAcquireFastMutex, ExReleaseFastMutex
ntoskrnl.exe: RtlInitAnsiString, IofCompleteRequest, RtlAnsiStringToUnicodeString, ExFreePool, ExAllocatePoolWithTag, ObReferenceObjectByHandle, ObfDereferenceObject, RtlFreeUnicodeString, IoCreateDevice, KeSetTimer, KeCancelTimer, KeSetEvent, IoStartNextPacket, MmUnmapIoSpace, MmMapIoSpace, IoCreateUnprotectedSymbolicLink, KeInitializeTimer, KeInitializeEvent, KeInitializeDpc
Prevx Info:
http://info.prevx.com/aboutprogramtext. ... 003CF2CC9A
CWSandbox:
http://research.sunbelt-software.com/pa ... ec632c11e1
ThreatExpert:
http://www.threatexpert.com/report.aspx ... ec632c11e1

VT Community

0

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

VirusTotal Team
Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to markup your comments?
You can add basic styles to your comments using the following accepted bbcode tags:

text -- bold
text -- italics
text -- underline
[s]text[/s] -- strikethrough

Kód: Vybrat vše

text

- preformatted text

You can also address comments to particular users using the "@" twitter-like mode. By prepending a "#" symbol to a word you can add custom tags to your comment, tags that can then be searched for.

[stell]

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
Collect::
c:\windows\system32\drivers\SDPIOSYS.SYS
Driver::
sdpiosys
ATE_PROCMON
RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ř•€|˙˙˙˙•€|ů•A~*]
RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ř•€|˙˙˙˙•€|ů•A~*]

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :


Po skonceni skenu vlož log čo ComboFix vytvorí

[mirec66]

ComboFix 10-08-25.01 - Adrián Pyteľ 28.08.2010 15:17:59.11.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.4.1250.421.1033.18.1023.611 [GMT 2:00]
Running from: c:\documents and settings\Adrián Pyteľ\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Adrián Pyteľ\Desktop\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

file zipped: c:\windows\system32\drivers\SDPIOSYS.SYS
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\drivers\SDPIOSYS.SYS
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ATE_PROCMON
-------\Legacy_SDPIOSYS
-------\Service_ATE_PROCMON
-------\Service_sdpiosys


((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-28 )))))))))))))))))))))))))))))))
.

2010-08-27 11:39 . 2010-08-27 11:39 -------- d---a-w- c:\windows\VDLL.DLL
2010-08-27 11:39 . 2010-08-27 11:39 -------- d---a-w- c:\windows\rundll16.exe
2010-08-27 11:39 . 2010-08-27 11:39 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-08-27 11:39 . 2010-08-27 11:39 -------- d---a-w- c:\windows\logo1_.exe
2010-08-27 11:39 . 2010-08-27 11:39 -------- d---a-w- c:\windows\logo_1.exe
2010-08-20 12:55 . 2010-08-20 12:55 -------- d-----w- c:\program files\VideoLAN
2010-08-17 19:15 . 2010-08-20 13:22 -------- d-----w- C:\Nový priečinok
2010-08-17 18:50 . 2010-08-20 13:17 -------- d-----w- C:\Marienka
2010-08-11 17:22 . 2010-08-11 17:22 -------- d-----w- c:\program files\Team6 game studios
2010-08-09 15:53 . 2010-08-09 15:54 -------- d-----w- C:\Queen - the greatest hits

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-28 13:30 . 2010-06-14 17:21 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-28 13:06 . 2008-06-04 09:30 224960 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-28 12:22 . 2008-06-04 09:30 139104 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-26 10:30 . 2009-06-24 12:04 -------- d-----w- c:\program files\trend micro
2010-08-25 17:27 . 2007-12-15 09:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-25 17:23 . 2010-05-08 13:58 -------- d-----w- c:\program files\ICQ7.1
2010-07-09 19:04 . 2010-07-09 19:04 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-07-01 12:21 . 2010-06-30 12:07 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-01 12:21 . 2010-06-30 11:26 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-01 12:21 . 2009-10-27 11:57 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-01 12:18 . 2008-08-27 13:52 -------- d-----w- c:\program files\DivX
2010-07-01 10:20 . 2010-06-30 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-30 15:14 . 2010-06-30 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-06-30 15:14 . 2010-06-30 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-06-02 02:55 . 2010-06-17 14:46 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-06-17 14:46 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-06-17 14:46 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-04-03 16:14 . 2010-04-03 16:14 66936 --sha-w- c:\windows\dlinfo_0.drv
.

------- Sigcheck -------

[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\erdnt\cache\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2006-04-20 . 45265CBAD25C6254AFAFC7BDD88BDB4B . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot_2010-08-26_14.30.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-28 13:29 . 2010-08-28 13:29 32768 c:\windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-28 13:30 . 2010-08-28 13:30 16384 c:\windows\temp\Perflib_Perfdata_73c.dat
+ 2010-08-28 13:30 . 2010-08-28 13:30 16384 c:\windows\temp\Perflib_Perfdata_2e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-08-15 949376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 18:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 14:13 49152 ----a-w- c:\progra~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-03-16 13:31 229376 ----a-w- d:\programy\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="d:\programy\Phone\Skype.exe" /nosplash /minimized
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
"DAEMON Tools Lite"="d:\programy\DAEMON Tools Lite\daemon.exe" -autorun
"DAEMON Tools Pro Agent"="d:\programy\DAEMON Tools Pro\DTProAgent.exe"
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
"µTorrent"=d:\programy\uTorrent\utorrent.exe
"Pando Media Booster"=c:\program files\Pando Networks\Media Booster\PMB.exe
"uTorrent"="d:\programy\uTorrent\utorrent.exe"
"sbitunesagent"=c:\program files\Philips\Philips Songbird\songbirditunesagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"QuickTime Task"="d:\programy\QuickTIme\qttask.exe" -atboottime
"RivaTunerStartupDaemon"="d:\programy\RivaTuner v2.06\RivaTuner.exe" /S
"atwtusb"=atwtusb.exe beta
"PWRISOVM.EXE"=d:\programy\PowerISO\PWRISOVM.EXE
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="d:\programy\iTunes\iTunesHelper.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"PhilipsSongbirdLauncher"=c:\program files\Philips\Philips Songbird\extensions\philips-autoplay@philips.com\application\PhilipsSongbirdLauncher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programy\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Programy\\Clear FTP 2006\\clearftp.exe"=
"d:\\Programy\\Fps Creator\\MyGames\\arenaskuska\\arenaskuska.exe"=
"d:\\Programy\\Fps Creator\\FPSC-Game.exe"=
"d:\\Programy\\eDisk klient\\eDisk klient.exe"=
"d:\\Programy\\Fps Creator\\MyGames\\arenaskuska2\\arenaskuska2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Programy\\HLSW\\hlsw.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"d:\\Programy\\QIP Infium\\infium.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\Programz\\Orbitdownloader\\orbitdm.exe"=
"d:\\Programz\\Orbitdownloader\\orbitnet.exe"=
"d:\\Programy\\LimeWire\\LimeWire.exe"=
"d:\\HRY\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Programy\\Edisk\\eDisk klient\\eDisk klient.exe"=
"d:\\Programy\\real player\\realplay.exe"=
"d:\\Programy\\iTunes\\iTunes.exe"=
"d:\\Programy\\Plugin Manager\\skypePM.exe"=
"d:\\Programy\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"d:\\HRY\\Requiem\\Requiem\\UPDATERUSA.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\Programy\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59137:TCP"= 59137:TCP:Pando Media Booster
"59137:UDP"= 59137:UDP:Pando Media Booster
"56096:TCP"= 56096:TCP:Pando Media Booster
"56096:UDP"= 56096:UDP:Pando Media Booster
"56772:TCP"= 56772:TCP:Pando Media Booster
"56772:UDP"= 56772:UDP:Pando Media Booster
"1060:TCP"= 1060:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [25.5.2010 10:37 130424]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [15.8.2008 13:13 15424]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [23.4.2010 21:29 95024]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [20.1.2010 13:28 295432]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4.8.2004 14:00 14336]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [11.12.2008 7:08 3575808]
R3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [29.5.2007 13:30 508160]
S1 aiptektp;Pen Pad;c:\windows\system32\drivers\aiptektp.sys [12.6.2008 14:44 22656]
S2 gupdate1ca56fca6d5367e;Služba Google Update (gupdate1ca56fca6d5367e);c:\program files\Google\Update\GoogleUpdate.exe [27.10.2009 13:57 133104]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [25.5.2010 10:36 348752]
S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.10.2007 11:57 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 11:57]

2010-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 11:57]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://search13.net/
IE: &Compress Image Using Image Compressor 2008 - d:\programy\image compressor 08 pro ed\imcieex_compress.html
IE: &Download by Orbit - d:\programz\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\programz\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - d:\programz\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\programz\Orbitdownloader\orbitmxt.dll/202
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Adrián Pyteľ\Application Data\Mozilla\Firefox\Profiles\xevyq5n9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - component: d:\programz\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: d:\programy\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\programy\QuickTIme\Plugins\npqtplugin.dll
FF - plugin: d:\programy\QuickTIme\Plugins\npqtplugin2.dll
FF - plugin: d:\programy\QuickTIme\Plugins\npqtplugin3.dll
FF - plugin: d:\programy\QuickTIme\Plugins\npqtplugin4.dll
FF - plugin: d:\programy\QuickTIme\Plugins\npqtplugin5.dll
FF - plugin: d:\programy\QuickTIme\Plugins\npqtplugin6.dll
FF - plugin: d:\programy\QuickTIme\Plugins\npqtplugin7.dll
FF - plugin: d:\programy\real player\Netscape6\nppl3260.dll
FF - plugin: d:\programy\real player\Netscape6\nprjplug.dll
FF - plugin: d:\programy\real player\Netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: browser.sessionstore.resume_from_crash - false
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-28 15:31
Windows 5.1.2600 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-73586283-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1960408961-73586283-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:72,f7,86,67,84,fe,af,46,a1,b9,5d,18,88,32,ef,ca,8f,6d,19,8c,a0,d0,ab,
e8,9f,9a,10,0e,9e,8c,d6,cb,d7,e4,4b,75,3f,47,ac,50,7b,56,fb,c2,ea,de,c6,25,\
"??"=hex:39,bd,5a,39,e5,b7,ad,ba,3d,64,ca,36,89,78,e2,2f

[HKEY_USERS\S-1-5-21-1960408961-73586283-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:e3,58,5e,2a,1f,8b,cb,80,cc,0e,73,db,8f,18,5c,dd,b0,98,d7,ec,d5,
f6,96,f2,32,09,91,96,02,b6,a6,be,34,d4,03,a8,e9,f4,86,07,3a,4b,f0,38,eb,c3,\
"rkeysecu"=hex:91,71,aa,24,32,c7,42,d2,0c,cc,b5,32,00,f0,83,54

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ř•€|˙˙˙˙•€|ů•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\LMIinit.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
c:\windows\system32\LMIRfsClientNP.dll
d:\programy\WindowBlinds\wbsrv.dll

- - - - - - - > 'lsass.exe'(612)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(3304)
c:\windows\system32\msi.dll
c:\progra~1\COMMON~1\stardock\MCPCore.dll
d:\programy\WindowBlinds\tray.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\Stardock\SDMCP.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2010-08-28 15:36:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-28 13:36
ComboFix2.txt 2010-08-27 11:06
ComboFix3.txt 2010-08-26 14:35
ComboFix4.txt 2010-02-20 10:12
ComboFix5.txt 2010-08-28 13:16

Pre-Run: 1 460 330 496 bytes free
Post-Run: 2 118 787 072 voľných bajtov

- - End Of File - - 2E13D65B128E263339E0292A533F95F8

[stell]

no, ako je na tom pc??

[mirec66]

Zdravim rychlost je uz v poriadku aj PC pracuje rychlejsie ale ten PING je stale vysoky nameral som 45 na NTB 10

[stell]

napis prikaz do prikazoveho riadku, ipconfig /flushdns enter

[mirec66]

rychlost v poriadku PING vysoky 54