Zdravim, pc ma zjavne problem bezat aspon chvilu bez toho aby sa zasekol. Bude tu toho spusta som si isty..aspon podla procesov ktore su momentalne spustene..problem osobne nepouzivam, takze neviem co vsetko bolo tu instalovane, pripadne co to sposobuje. Prikladam log z RSIT:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Lilly at 2011-01-27 00:34:30
Microsoft Windows XP Professional Service Pack 2
System drive C: has 796 MB (8%) free of 10 GB
Total RAM: 255 MB (33% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:34:58, on 27. 1. 2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\PROGRA~1\MOBILI~1\FMMSER~1.EXE
C:\Documents and Settings\LocalService\Application Data\Microsoft\sytuh.exe
C:\Programy\alcohol\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\j2re1.4.2_14\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Mobility Manager\MobilityManager.exe
C:\WINDOWS\system32\erszisjr.exe
C:\Program Files\Mobility Manager\jre\bin\javaw.exe
C:\windows\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\h7963F5E8.tmp
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\TEMP\hozgawwo7B8D53D3.tmp
C:\Documents and Settings\Lilly\Desktop\RSIT.exe
C:\Program Files\trend micro\Lilly.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fullarticles.net
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe "C:\DOCUME~1\Lilly\LOCALS~1\Temp\goqw.tco" vnbyln
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_14\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MobilityManager] C:\Program Files\Mobility Manager\MobilityManager
O4 - HKLM\..\Run: [NVIDIA driver monitor] c:\windows\nvsvc32.exe
O4 - HKLM\..\Run: [erszisjr] C:\WINDOWS\system32\erszisjr.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [wr] C:\WINDOWS\system32\umdmgr.exe
O4 - HKCU\..\Run: [{39144447-8FF8-61B9-BE65-186E4AB7ADE8}] "C:\Documents and Settings\Lilly\Application Data\Fyabb\nykua.exe"
O4 - HKCU\..\Run: [{9772E225-27CE-E988-5958-BDF5A7BA7607}] "C:\Documents and Settings\Lilly\Application Data\Poik\onvue.exe"
O4 - HKCU\..\Run: [erszisjr] C:\WINDOWS\system32\erszisjr.exe
O4 - HKCU\..\Run: [JP595IR86O] C:\DOCUME~1\Lilly\LOCALS~1\Temp\Xhd.exe
O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\wjdrive32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Startup: 0lofhz6.exe
O4 - Startup: bv00bnafza.exe
O4 - Startup: bvkj6xekv.exe
O4 - Startup: dozmc5uf.exe
O4 - Startup: dvo0npgqlxw.exe
O4 - Startup: em56qhvoqz.exe
O4 - Startup: g00lxiuxjiy.exe
O4 - Startup: i01winei56x.exe
O4 - Startup: mltwgts0.exe
O4 - Startup: mmjq01dgcf.exe
O4 - Startup: olnkmj56k.exe
O4 - Startup: osrwkpv0.exe
O4 - Startup: poaz56qnhq.exe
O4 - Startup: pt01vyoxnmf.exe
O4 - Startup: qkfwb5iv.exe
O4 - Startup: sazpqth0.exe
O4 - Startup: ufwx6udoz.exe
O4 - Startup: wjbqkn56o.exe
O4 - Startup: zredjem5.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_14\bin\npjpi142_14.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_14\bin\npjpi142_14.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastavit prekladac - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložit &oznacený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9964EE31-5653-4D26-8E70-30F48FC876A0}: NameServer = 192.138.27.98
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FMMService - Flarion Technologies, Inc. - C:\PROGRA~1\MOBILI~1\FMMSER~1.EXE
O23 - Service: Backbone Service (k8piwl8efu3nr5uh) - Google Inc. - C:\Documents and Settings\LocalService\Application Data\Microsoft\sytuh.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProPortmap Service - Unknown owner - C:\ptc\portmap\portmap.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programy\alcohol\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 7317 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\PROGRA~1\PCTRAN~1\webie.dll [2004-05-13 319488]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_14\bin\jusched.exe [2007-03-14 32881]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-02-26 2140880]
"MobilityManager"=C:\Program Files\Mobility Manager\MobilityManager []
"NVIDIA driver monitor"=c:\windows\nvsvc32.exe [2010-12-18 65024]
"erszisjr"=C:\WINDOWS\system32\erszisjr.exe [2010-04-02 26112]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-09-01 158208]
"wr"=C:\WINDOWS\system32\umdmgr.exe [2011-01-27 61440]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Microsoft Driver Setup"=C:\WINDOWS\wjdrive32.exe [2011-01-26 65536]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"{39144447-8FF8-61B9-BE65-186E4AB7ADE8}"=C:\Documents and Settings\Lilly\Application Data\Fyabb\nykua.exe [2010-05-20 159232]
"{9772E225-27CE-E988-5958-BDF5A7BA7607}"=C:\Documents and Settings\Lilly\Application Data\Poik\onvue.exe [2010-10-30 158208]
"erszisjr"=C:\WINDOWS\system32\erszisjr.exe [2010-04-02 26112]
"JP595IR86O"=C:\DOCUME~1\Lilly\LOCALS~1\Temp\Xhd.exe [2010-12-23 240640]
"12CFG214-K641-12SF-N85P"=C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe [2011-01-27 40960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\12CFG214-K641-12SF-N85P]
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe [2011-01-27 40960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\erszisjr]
C:\WINDOWS\system32\erszisjr.exe [2010-04-02 26112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTV Agent]
C:\Program Files\HTV\HTV.exe [2007-05-19 482816]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JP595IR86O]
C:\DOCUME~1\Lilly\LOCALS~1\Temp\Xhd.exe [2010-12-23 240640]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Driver Setup]
C:\WINDOWS\wjdrive32.exe [2011-01-26 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA driver monitor]
c:\windows\nvsvc32.exe [2010-12-18 65024]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tyfigoup]
C:\WINDOWS\system32\rodu.exe [2011-01-26 229888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vyre32]
C:\WINDOWS\system32\vyre32.exe [2011-01-26 167936]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wr]
C:\WINDOWS\system32\umdmgr.exe [2011-01-27 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{39144447-8FF8-61B9-BE65-186E4AB7ADE8}]
C:\Documents and Settings\Lilly\Application Data\Fyabb\nykua.exe [2010-05-20 159232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{9772E225-27CE-E988-5958-BDF5A7BA7607}]
C:\Documents and Settings\Lilly\Application Data\Poik\onvue.exe [2010-10-30 158208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\Programy\Adobe\READER~1.0\Reader\READER~1.EXE [2006-10-23 40048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\Programy\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
D:\programy\MSOFFI~1\Office\OSA9.EXE [2007-01-29 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^REALTEK 11n USB Wireless LAN Utility.lnk]
C:\PROGRA~1\REALTEK\11NUSB~1\RtWLan.exe [2009-05-04 933888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^0lofhz6.exe]
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\0lofhz6.exe [2011-01-26 42496]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^bvkj6xekv.exe]
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\bvkj6xekv.exe [2011-01-26 43008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^dozmc5uf.exe]
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\dozmc5uf.exe [2011-01-26 43008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^dvo0npgqlxw.exe]
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\dvo0npgqlxw.exe [2011-01-26 42496]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^em56qhvoqz.exe]
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\em56qhvoqz.exe [2011-01-26 43008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^g00lxiuxjiy.exe]
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\g00lxiuxjiy.exe [2011-01-26 42496]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^i01winei56x.exe]
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\i01winei56x.exe [2011-01-26 43520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^mltwgts0.exe]
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\mltwgts0.exe [2011-01-26 43520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^olnkmj56k.exe]
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\olnkmj56k.exe [2011-01-26 43520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^osrwkpv0.exe]
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\osrwkpv0.exe [2011-01-26 42496]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^poaz56qnhq.exe]
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\poaz56qnhq.exe [2011-01-26 42496]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^qkfwb5iv.exe]
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\qkfwb5iv.exe [2011-01-26 43520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^sazpqth0.exe]
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\sazpqth0.exe [2011-01-26 43520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^ufwx6udoz.exe]
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\ufwx6udoz.exe [2011-01-26 43008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^wjbqkn56o.exe]
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\wjbqkn56o.exe [2011-01-26 43008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^zredjem5.exe]
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\zredjem5.exe [2011-01-26 43008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdate"=2
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup
0lofhz6.exe
bv00bnafza.exe
bvkj6xekv.exe
dozmc5uf.exe
dvo0npgqlxw.exe
em56qhvoqz.exe
g00lxiuxjiy.exe
i01winei56x.exe
mltwgts0.exe
mmjq01dgcf.exe
olnkmj56k.exe
osrwkpv0.exe
poaz56qnhq.exe
pt01vyoxnmf.exe
qkfwb5iv.exe
sazpqth0.exe
ufwx6udoz.exe
wjbqkn56o.exe
zredjem5.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Programy\BORGChat\BORGChat.exe"="C:\Programy\BORGChat\BORGChat.exe:*:Enabled:BORGChat"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Programy\BORGChat\Inbox\LOL\r_server.exe"="C:\Programy\BORGChat\Inbox\LOL\r_server.exe:*:Enabled:Remote control tool"
"C:\hry\Need for Speed Underground 2\speed2.exe"="C:\hry\Need for Speed Underground 2\speed2.exe:*:Enabled:speed2"
"C:\Programy\ICQ6\ICQ.exe"="C:\Programy\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\proe2001\i486_nt\obj\xtop.exe"="C:\Program Files\proe2001\i486_nt\obj\xtop.exe:*:Enabled:xtop"
"C:\Program Files\proe2001\i486_nt\nms\nmsd.exe"="C:\Program Files\proe2001\i486_nt\nms\nmsd.exe:*:Enabled:nmsd"
"C:\Program Files\proe2001\i486_nt\obj\pro_comm_msg.exe"="C:\Program Files\proe2001\i486_nt\obj\pro_comm_msg.exe:*:Enabled:pro_comm_msg"
"C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe"="C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan"
"C:\Programy\ICQ6.5\ICQ.exe"="C:\Programy\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Documents and Settings\Lilly\My Documents\Preberanie\image96523489.exe"="c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\DOCUME~1\Lilly\LOCALS~1\Temp\219.exe"="C:\DOCUME~1\Lilly\LOCALS~1\Temp\219.exe:*:C:\WINDOWS\wjdrive32.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
======List of files/folders created in the last 1 months======
2011-01-27 00:34:33 ----D---- C:\Program Files\trend micro
2011-01-27 00:34:30 ----D---- C:\rsit
2011-01-27 00:24:01 ----A---- C:\WINDOWS\system32\umdmgr.exe
2011-01-26 23:17:25 ----D---- C:\WINDOWS\pss
2011-01-26 20:52:30 ----RSH---- C:\WINDOWS\wjdrive32.exe
2011-01-26 20:48:42 ----A---- C:\WINDOWS\system32\vyre32.exe
2011-01-26 10:38:30 ----A---- C:\WINDOWS\system32\zissessibe.exe
2011-01-25 22:16:03 ----AH---- C:\Documents and Settings\Lilly\Application Data\HhdFJl61DD.txt
2011-01-25 22:16:02 ----AH---- C:\Documents and Settings\Lilly\Application Data\Bgm7fGCGHJ.txt
2011-01-25 22:16:00 ----A---- C:\WINDOWS\system32\rodu.exe
2011-01-25 22:14:59 ----RSH---- C:\Documents and Settings\Lilly\Application Data\juzjf.exe
2011-01-25 22:14:58 ----AH---- C:\Documents and Settings\Lilly\Application Data\IK6fDMGl71.txt
2011-01-25 01:46:11 ----D---- C:\Documents and Settings\Lilly\Application Data\Help
2011-01-25 00:46:35 ----D---- C:\Documents and Settings\Lilly\Application Data\skypePM
2011-01-25 00:40:51 ----D---- C:\Program Files\Common Files\Skype
2011-01-20 02:07:54 ----D---- C:\Documents and Settings\Lilly\Application Data\Poik
2011-01-20 02:07:54 ----D---- C:\Documents and Settings\Lilly\Application Data\Naxy
2011-01-20 02:00:28 ----D---- C:\Documents and Settings\Lilly\Application Data\Udug
2011-01-20 02:00:28 ----D---- C:\Documents and Settings\Lilly\Application Data\Fyabb
2010-12-28 22:28:47 ----A---- C:\WINDOWS\system32\drivers\appdrv01.sys
2010-12-28 22:28:45 ----A---- C:\WINDOWS\system32\appdrvrem01.exe
2010-12-28 20:18:18 ----D---- C:\Program Files\V mene Pana zastupov
======List of files/folders modified in the last 1 months======
2011-01-27 00:35:02 ----D---- C:\WINDOWS\Temp
2011-01-27 00:34:33 ----RD---- C:\Program Files
2011-01-27 00:33:37 ----RSHD---- C:\RECYCLER
2011-01-27 00:24:37 ----D---- C:\WINDOWS\system32
2011-01-27 00:15:56 ----SD---- C:\WINDOWS\Tasks
2011-01-27 00:13:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-01-27 00:08:38 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2011-01-27 00:07:32 ----D---- C:\WINDOWS
2011-01-27 00:07:32 ----A---- C:\WINDOWS\RTacDbg.txt
2011-01-26 23:46:15 ----SH---- C:\boot.ini
2011-01-26 23:46:14 ----A---- C:\WINDOWS\win.ini
2011-01-26 23:46:14 ----A---- C:\WINDOWS\system.ini
2011-01-26 20:34:29 ----D---- C:\WINDOWS\Prefetch
2011-01-26 02:05:55 ----D---- C:\Documents and Settings\Lilly\Application Data\Skype
2011-01-25 18:15:10 ----D---- C:\WINDOWS\system32\CatRoot2
2011-01-25 01:46:11 ----D---- C:\WINDOWS\Help
2011-01-25 00:43:38 ----SHD---- C:\WINDOWS\Installer
2011-01-25 00:43:24 ----HD---- C:\Config.Msi
2011-01-25 00:40:59 ----RD---- C:\Program Files\Skype
2011-01-25 00:40:51 ----D---- C:\Program Files\Common Files
2011-01-25 00:39:48 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2011-01-25 00:32:31 ----D---- C:\Documents and Settings\Lilly\Application Data\ICQ
2011-01-24 09:42:14 ----D---- C:\WINDOWS\Minidump
2011-01-17 11:40:18 ----SD---- C:\Documents and Settings\Lilly\Application Data\Microsoft
2011-01-17 11:39:08 ----D---- C:\WINDOWS\WinSxS
2011-01-17 11:39:01 ----RSD---- C:\WINDOWS\Fonts
2011-01-17 11:38:39 ----D---- C:\Program Files\Microsoft Office
2011-01-17 11:38:35 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-01-09 13:07:31 ----D---- C:\Program Files\MSECache
2011-01-06 10:15:11 ----D---- C:\Program Files\ICQ7.2
2010-12-28 21:28:47 ----D---- C:\WINDOWS\system32\drivers
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-05-16 46080]
R0 Vax347b;Vax347b; C:\WINDOWS\system32\DRIVERS\Vax347b.sys [2005-04-25 159616]
R0 Vax347s;Vax347s; C:\WINDOWS\System32\Drivers\Vax347s.sys [2004-04-30 5248]
R1 appdrv01;Application Driver (01); C:\WINDOWS\System32\Drivers\appdrv01.sys [2010-12-28 3333808]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-02-26 114984]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-02-26 55232]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.1.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-03-16 21361]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-02-26 139192]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-02-26 134488]
R2 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-02-26 32584]
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
R3 FlrnUSB;Leadtek USB Network Interface; C:\WINDOWS\system32\DRIVERS\LtkUSB.sys [2008-05-14 41907]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-09-01 20480]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 AR9271;Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys [2009-08-14 1668352]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 K320bus;Sony Ericsson K320 driver (WDM); C:\WINDOWS\system32\DRIVERS\K320bus.sys [2006-08-18 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\K320mdfl.sys [2006-08-18 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\K320mdm.sys [2006-08-18 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\K320mgmt.sys [2006-08-18 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\K320obex.sys [2006-08-18 86368]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8192su.sys [2009-05-08 583552]
S3 sermouse;Serial Mouse Driver; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2004-09-01 17664]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-02-26 810120]
R2 FMMService;FMMService; C:\PROGRA~1\MOBILI~1\FMMSER~1.EXE [2007-12-06 40960]
R2 StarWindService;StarWind iSCSI Service; C:\Programy\alcohol\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\WINDOWS\System32\appdrvrem01.exe [2010-12-28 316888]
S2 k8piwl8efu3nr5uh;Backbone Service; C:\Documents and Settings\LocalService\Application Data\Microsoft\sytuh.exe [2011-01-26 229888]
S2 sgjiomo;Config Support; C:\WINDOWS\system32\svchost.exe [2004-09-01 14336]
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2004-09-01 14336]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-02-26 33560]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 ProPortmap Service;ProPortmap Service; C:\ptc\portmap\portmap.exe [2001-01-19 57344]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-17 135664]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
PC mrzne, nereaguje - prosim o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
justrideit
- Návštěvník
- Příspěvky: 73
- Registrován: 15 pro 2009 10:12
Re: PC mrzne, nereaguje - prosim o kontrolu
Zdravim a pekny den preji 
Vy jste se dal na chov konicku trojskych a stadecka rootkitu 
Zaliskane to mate jak jetel 
Uvolnete volne misto na disku alespon na 2 giga, jinak se windows udusi
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
Pri stahovani ComboFixu - navod nize - jej ulozte jako Beruska.com
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Vy jste se dal na chov konicku trojskych a stadecka rootkitu Zaliskane to mate jak jetel Uvolnete volne misto na disku alespon na 2 giga, jinak se windows udusi Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
- Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif - Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
- Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
- RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
- Ted nerestartujte PC - prisli byste o ucinek RKillu
Pri stahovani ComboFixu - navod nize - jej ulozte jako Beruska.comPROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.-
justrideit
- Návštěvník
- Příspěvky: 73
- Registrován: 15 pro 2009 10:12
Re: PC mrzne, nereaguje - prosim o kontrolu
Log z combofixu:
ComboFix 11-01-26.01 - Lilly . 01. 2011 15:16:05.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.83 [GMT 1:00]
Running from: c:\documents and settings\Lilly\Desktop\beruska.com.exe
AV: ESET Smart Security 4.2 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Lilly\LOCALS~1\Temp\goqw.tco
c:\documents and settings\Lilly\Application Data\Fyabb
c:\documents and settings\Lilly\Application Data\Fyabb\nykua.exe
c:\documents and settings\Lilly\Application Data\juzjf.exe
c:\documents and settings\Lilly\Application Data\Poik
c:\documents and settings\Lilly\Application Data\Poik\onvue.exe
c:\documents and settings\Lilly\Application Data\PriceGong
c:\documents and settings\Lilly\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Lilly\Application Data\Udug
c:\documents and settings\Lilly\Application Data\Udug\doecy.ori
c:\documents and settings\Lilly\Application Data\Udug\doecy.tmp
c:\documents and settings\Lilly\Local Settings\Temp\goqw.tco
c:\documents and settings\Lilly\vr.exe
c:\documents and settings\LocalService\Application Data\Microsoft\rodu.exe
c:\documents and settings\LocalService\Application Data\Microsoft\sytuh.exe
c:\documents and settings\LocalService\Application Data\Microsoft\zissessibe.exe
c:\program files\HTV
c:\program files\HTV\akv.cfg
c:\program files\HTV\AKV.exe
c:\program files\HTV\HTV.001
c:\program files\HTV\HTV.002
c:\program files\HTV\HTV.003
c:\program files\HTV\HTV.004
c:\program files\HTV\HTV.005
c:\program files\HTV\HTV.006
c:\program files\HTV\HTV.007
c:\program files\HTV\HTV.009
c:\program files\HTV\HTV.exe
c:\program files\HTV\HTV.chm
c:\program files\HTV\menu.gif
c:\program files\HTV\qs.html
c:\program files\HTV\tray.gif
c:\program files\HTV\Uninstall.exe
c:\windows\system32\erszisjr.exe
c:\windows\TEMP\h7963F5E8.tmp
c:\windows\TEMP\hozgawwo7B8D53D3.tmp
E:\AUTORUN.INF
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
-------\Service_SSHNAS
-------\Legacy_k8piwl8efu3nr5uh
-------\Service_k8piwl8efu3nr5uh
((((((((((((((((((((((((( Files Created from 2010-12-27 to 2011-01-27 )))))))))))))))))))))))))))))))
.
2011-01-26 23:52 . 2011-01-27 09:42 40960 ----a-w- C:\bntr.exe
2011-01-26 23:34 . 2011-01-26 23:34 -------- d-----w- c:\program files\trend micro
2011-01-26 23:34 . 2011-01-26 23:35 -------- d-----w- C:\rsit
2011-01-26 23:24 . 2011-01-26 23:24 61440 ----a-w- c:\windows\system32\umdmgr.exe
2011-01-26 19:52 . 2011-01-26 23:50 65536 --sh--r- c:\windows\wjdrive32.exe
2011-01-26 19:48 . 2011-01-26 22:38 167936 ----a-w- c:\windows\system32\vyre32.exe
2011-01-26 12:28 . 2011-01-26 12:28 0 ----a-w- c:\documents and settings\Lilly\MobilityManager.tmp
2011-01-26 09:38 . 2011-01-26 22:32 229888 ----a-w- c:\windows\system32\zissessibe.exe
2011-01-25 21:16 . 2011-01-26 22:32 229888 ----a-w- c:\windows\system32\rodu.exe
2011-01-25 00:46 . 2011-01-25 00:46 -------- d-----w- c:\documents and settings\Lilly\Local Settings\Application Data\Help
2011-01-24 23:46 . 2011-01-27 09:48 -------- d-----w- c:\documents and settings\Lilly\Application Data\skypePM
2011-01-24 23:40 . 2011-01-24 23:40 -------- d-----w- c:\program files\Common Files\Skype
2011-01-20 01:07 . 2011-01-27 00:00 -------- d-----w- c:\documents and settings\Lilly\Application Data\Naxy
2010-12-28 21:28 . 2010-12-28 21:28 3333808 ----a-w- c:\windows\system32\drivers\appdrv01.sys
2010-12-28 21:28 . 2010-12-28 21:28 316888 ----a-w- c:\windows\system32\appdrvrem01.exe
2010-12-28 19:18 . 2010-12-28 19:22 -------- d-----w- c:\program files\V mene Pana zastupov
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-23 22:15 . 2010-12-23 22:16 239104 ----a-w- c:\windows\Xzujua.exe
2010-12-23 22:15 . 2010-12-23 22:15 327680 ----a-w- c:\windows\system32\sshnas21.dll
2010-12-18 19:14 . 2010-12-18 19:14 65024 --sh--r- c:\windows\nvsvc32.exe
2007-09-15 16:27 . 2007-09-15 16:27 18398423 ----a-w- c:\program files\MediaCoder-0.6.0.3798.exe
2007-09-15 16:12 . 2007-09-15 16:12 20256064 ----a-w- c:\program files\QuickTimeInstaller.exe
2007-01-29 09:16 . 2007-01-29 09:16 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
2007-01-29 09:16 . 2007-01-29 09:16 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
2007-01-29 09:16 . 2007-01-29 09:16 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
2007-01-29 09:16 . 2007-01-29 09:16 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
2007-01-29 09:16 . 2007-01-29 09:16 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
2007-01-29 09:16 . 2007-01-29 09:16 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
.
------- Sigcheck -------
[-] 2004-09-01 . 7B11118B078B88F87183FE69EDA43137 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
[-] 2004-09-01 . A77219A971029DC2FB683E8513713803 . 215552 . . [5.1.2600.2055] . . c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobilityManager"="c:\program files\Mobility Manager\MobilityManager" [X]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_14\bin\jusched.exe" [2007-03-14 32881]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-02-26 2140880]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-01 15360]
c:\documents and settings\Lukass\Start Menu\Programs\Startup\
Girder3.lnk - e:\crack\Girder 3022\Girder 3022\Girder 3022\Girder.exe [2007-10-31 897536]
Shortcut to r_server.lnk - c:\programy\BORGChat\Inbox\LOL\r_server.exe [N/A]
Tray Tools 2000.lnk - c:\programy\tray\TrayTool.exe [2007-11-7 155648]
c:\documents and settings\Lilly\Start Menu\Programs\Startup\
0lofhz6.exe [2011-1-26 42496]
1fmahsm.exe [2011-1-27 43008]
bv00bnafza.exe [2011-1-27 42496]
bvkj6xekv.exe [2011-1-26 43008]
dozmc5uf.exe [2011-1-26 43008]
dvo0npgqlxw.exe [2011-1-26 42496]
em56qhvoqz.exe [2011-1-26 43008]
g00lxiuxjiy.exe [2011-1-26 42496]
i01winei56x.exe [2011-1-26 43520]
mltwgts0.exe [2011-1-26 43520]
mmjq01dgcf.exe [2011-1-27 43008]
olnkmj56k.exe [2011-1-26 43520]
osrwkpv0.exe [2011-1-26 42496]
poaz56qnhq.exe [2011-1-26 42496]
pt01vyoxnmf.exe [2011-1-27 43520]
qkfwb5iv.exe [2011-1-26 43520]
sazpqth0.exe [2011-1-26 43520]
ufwx6udoz.exe [2011-1-26 43008]
viyttmq5.exe [2011-1-27 42496]
wjbqkn56o.exe [2011-1-26 43008]
zredjem5.exe [2011-1-26 43008]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^REALTEK 11n USB Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk
backup=c:\windows\pss\REALTEK 11n USB Wireless LAN Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^0lofhz6.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\0lofhz6.exe
backup=c:\windows\pss\0lofhz6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^bvkj6xekv.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\bvkj6xekv.exe
backup=c:\windows\pss\bvkj6xekv.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^dozmc5uf.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\dozmc5uf.exe
backup=c:\windows\pss\dozmc5uf.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^dvo0npgqlxw.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\dvo0npgqlxw.exe
backup=c:\windows\pss\dvo0npgqlxw.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^em56qhvoqz.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\em56qhvoqz.exe
backup=c:\windows\pss\em56qhvoqz.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^g00lxiuxjiy.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\g00lxiuxjiy.exe
backup=c:\windows\pss\g00lxiuxjiy.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^i01winei56x.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\i01winei56x.exe
backup=c:\windows\pss\i01winei56x.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^mltwgts0.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\mltwgts0.exe
backup=c:\windows\pss\mltwgts0.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^olnkmj56k.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\olnkmj56k.exe
backup=c:\windows\pss\olnkmj56k.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^osrwkpv0.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\osrwkpv0.exe
backup=c:\windows\pss\osrwkpv0.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^poaz56qnhq.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\poaz56qnhq.exe
backup=c:\windows\pss\poaz56qnhq.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^qkfwb5iv.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\qkfwb5iv.exe
backup=c:\windows\pss\qkfwb5iv.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^sazpqth0.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\sazpqth0.exe
backup=c:\windows\pss\sazpqth0.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^ufwx6udoz.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\ufwx6udoz.exe
backup=c:\windows\pss\ufwx6udoz.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^wjbqkn56o.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\wjbqkn56o.exe
backup=c:\windows\pss\wjbqkn56o.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^zredjem5.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\zredjem5.exe
backup=c:\windows\pss\zredjem5.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 13:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 11:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Driver Setup]
2011-01-26 23:50 65536 --sh--r- c:\windows\wjdrive32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-03 23:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA driver monitor]
2010-12-18 19:14 65024 --sh--r- c:\windows\nvsvc32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 15:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tyfigoup]
2011-01-26 22:32 229888 ----a-w- c:\windows\system32\rodu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vyre32]
2011-01-26 22:38 167936 ----a-w- c:\windows\system32\vyre32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wr]
2011-01-26 23:24 61440 ----a-w- c:\windows\system32\umdmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdate"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\proe2001\\i486_nt\\obj\\xtop.exe"=
"c:\\Program Files\\proe2001\\i486_nt\\nms\\nmsd.exe"=
"c:\\Program Files\\proe2001\\i486_nt\\obj\\pro_comm_msg.exe"=
"c:\\Program Files\\REALTEK\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Documents and Settings\\Lilly\\My Documents\\Preberanie\\image96523489.exe"= c:\\windows\\nvsvc32.exe
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3212:TCP"= 3212:TCP:BND
"7661:TCP"= 7661:TCP:BND
"9536:TCP"= 9536:TCP:hoyyifgi
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
"1878:TCP"= 1878:TCP:BND
"4444:TCP"= 4444:TCP:BND
"7052:TCP"= 7052:TCP:BND
"20944:TCP"= 20944:TCP:BND
"17798:TCP"= 17798:TCP:BND
"29838:TCP"= 29838:TCP:BND
"25963:TCP"= 25963:TCP:BND
"3251:TCP"= 3251:TCP:BND
"18240:TCP"= 18240:TCP:BND
"18560:TCP"= 18560:TCP:BND
"9347:TCP"= 9347:TCP:BND
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [30. 4. 2007 8:59 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [30. 4. 2007 8:59 5248]
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [28. 12. 2010 22:28 3333808]
R1 ddfcc;ddfcc;c:\windows\system32\drivers\ddfcc.sys [8. 12. 2008 11:23 195832]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [26. 2. 2010 5:41 114984]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [26. 2. 2010 5:41 810120]
R2 FMMService;FMMService;c:\progra~1\MOBILI~1\FMMSER~1.EXE [24. 10. 2010 19:25 40960]
R2 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVicHW32.sys [31. 10. 2007 15:57 25040]
R3 FlrnUSB;Leadtek USB Network Interface;c:\windows\system32\drivers\LtkUSB.sys [24. 10. 2010 19:25 41907]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S2 sgjiomo;Config Support;c:\windows\system32\svchost.exe -k netsvcs [1. 9. 2004 8:00 14336]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [17. 3. 2010 14:55 1668352]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [26. 10. 2008 14:21 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [26. 10. 2008 14:21 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [26. 10. 2008 14:21 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [26. 10. 2008 14:24 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [26. 10. 2008 14:24 86368]
S3 ProPortmap Service;ProPortmap Service;c:\ptc\portmap\portmap.exe [31. 10. 2007 1:53 57344]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [16. 3. 2010 19:00 583552]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17. 3. 2010 16:22 135664]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sgjiomo
.
Contents of the 'Scheduled Tasks' folder
2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-17 15:21]
2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-17 15:21]
2011-01-27 c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
- c:\windows\Xzujua.exe [2010-12-23 22:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://fullarticles.net
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
TCP: {9964EE31-5653-4D26-8E70-30F48FC876A0} = 192.138.27.98
FF - ProfilePath - c:\documents and settings\Lilly\Application Data\Mozilla\Firefox\Profiles\3atajlwo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2405280&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-{39144447-8FF8-61B9-BE65-186E4AB7ADE8} - c:\documents and settings\Lilly\Application Data\Fyabb\nykua.exe
HKCU-Run-{9772E225-27CE-E988-5958-BDF5A7BA7607} - c:\documents and settings\Lilly\Application Data\Poik\onvue.exe
HKCU-Run-erszisjr - c:\windows\system32\erszisjr.exe
HKLM-Run-erszisjr - c:\windows\system32\erszisjr.exe
HKU-Default-RunOnce-IETI - c:\program files\Skype\Phone\IEPlugin\unins000.exe
MSConfigStartUp-12CFG214-K641-12SF-N85P - c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
MSConfigStartUp-erszisjr - c:\windows\system32\erszisjr.exe
MSConfigStartUp-HTV Agent - c:\program files\HTV\HTV.exe
MSConfigStartUp-JP595IR86O - c:\docume~1\Lilly\LOCALS~1\Temp\Xhd.exe
MSConfigStartUp-{39144447-8FF8-61B9-BE65-186E4AB7ADE8} - c:\documents and settings\Lilly\Application Data\Fyabb\nykua.exe
MSConfigStartUp-{9772E225-27CE-E988-5958-BDF5A7BA7607} - c:\documents and settings\Lilly\Application Data\Poik\onvue.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-27 15:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1164)
c:\windows\SYSTEM32\RtlGina\RtlGina.DLL
- - - - - - - > 'explorer.exe'(3012)
c:\windows\system32\browselc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\programy\alcohol\Alcohol 120\StarWind\StarWindService.exe
c:\windows\ddfcc\PKMailer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Mobility Manager\MobilityManager.exe
c:\program files\Mobility Manager\jre\bin\javaw.exe
c:\program files\Skype\Phone\Skype.exe
.
**************************************************************************
.
Completion time: 2011-01-27 15:44:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-27 14:43
Pre-Run: 1 391 636 480 bytes free
Post-Run: 1 660 231 680 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - CDF13D0C8D4674EC1401D04CCDFB0ACD
ComboFix 11-01-26.01 - Lilly . 01. 2011 15:16:05.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.83 [GMT 1:00]
Running from: c:\documents and settings\Lilly\Desktop\beruska.com.exe
AV: ESET Smart Security 4.2 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Lilly\LOCALS~1\Temp\goqw.tco
c:\documents and settings\Lilly\Application Data\Fyabb
c:\documents and settings\Lilly\Application Data\Fyabb\nykua.exe
c:\documents and settings\Lilly\Application Data\juzjf.exe
c:\documents and settings\Lilly\Application Data\Poik
c:\documents and settings\Lilly\Application Data\Poik\onvue.exe
c:\documents and settings\Lilly\Application Data\PriceGong
c:\documents and settings\Lilly\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Lilly\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Lilly\Application Data\Udug
c:\documents and settings\Lilly\Application Data\Udug\doecy.ori
c:\documents and settings\Lilly\Application Data\Udug\doecy.tmp
c:\documents and settings\Lilly\Local Settings\Temp\goqw.tco
c:\documents and settings\Lilly\vr.exe
c:\documents and settings\LocalService\Application Data\Microsoft\rodu.exe
c:\documents and settings\LocalService\Application Data\Microsoft\sytuh.exe
c:\documents and settings\LocalService\Application Data\Microsoft\zissessibe.exe
c:\program files\HTV
c:\program files\HTV\akv.cfg
c:\program files\HTV\AKV.exe
c:\program files\HTV\HTV.001
c:\program files\HTV\HTV.002
c:\program files\HTV\HTV.003
c:\program files\HTV\HTV.004
c:\program files\HTV\HTV.005
c:\program files\HTV\HTV.006
c:\program files\HTV\HTV.007
c:\program files\HTV\HTV.009
c:\program files\HTV\HTV.exe
c:\program files\HTV\HTV.chm
c:\program files\HTV\menu.gif
c:\program files\HTV\qs.html
c:\program files\HTV\tray.gif
c:\program files\HTV\Uninstall.exe
c:\windows\system32\erszisjr.exe
c:\windows\TEMP\h7963F5E8.tmp
c:\windows\TEMP\hozgawwo7B8D53D3.tmp
E:\AUTORUN.INF
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
-------\Service_SSHNAS
-------\Legacy_k8piwl8efu3nr5uh
-------\Service_k8piwl8efu3nr5uh
((((((((((((((((((((((((( Files Created from 2010-12-27 to 2011-01-27 )))))))))))))))))))))))))))))))
.
2011-01-26 23:52 . 2011-01-27 09:42 40960 ----a-w- C:\bntr.exe
2011-01-26 23:34 . 2011-01-26 23:34 -------- d-----w- c:\program files\trend micro
2011-01-26 23:34 . 2011-01-26 23:35 -------- d-----w- C:\rsit
2011-01-26 23:24 . 2011-01-26 23:24 61440 ----a-w- c:\windows\system32\umdmgr.exe
2011-01-26 19:52 . 2011-01-26 23:50 65536 --sh--r- c:\windows\wjdrive32.exe
2011-01-26 19:48 . 2011-01-26 22:38 167936 ----a-w- c:\windows\system32\vyre32.exe
2011-01-26 12:28 . 2011-01-26 12:28 0 ----a-w- c:\documents and settings\Lilly\MobilityManager.tmp
2011-01-26 09:38 . 2011-01-26 22:32 229888 ----a-w- c:\windows\system32\zissessibe.exe
2011-01-25 21:16 . 2011-01-26 22:32 229888 ----a-w- c:\windows\system32\rodu.exe
2011-01-25 00:46 . 2011-01-25 00:46 -------- d-----w- c:\documents and settings\Lilly\Local Settings\Application Data\Help
2011-01-24 23:46 . 2011-01-27 09:48 -------- d-----w- c:\documents and settings\Lilly\Application Data\skypePM
2011-01-24 23:40 . 2011-01-24 23:40 -------- d-----w- c:\program files\Common Files\Skype
2011-01-20 01:07 . 2011-01-27 00:00 -------- d-----w- c:\documents and settings\Lilly\Application Data\Naxy
2010-12-28 21:28 . 2010-12-28 21:28 3333808 ----a-w- c:\windows\system32\drivers\appdrv01.sys
2010-12-28 21:28 . 2010-12-28 21:28 316888 ----a-w- c:\windows\system32\appdrvrem01.exe
2010-12-28 19:18 . 2010-12-28 19:22 -------- d-----w- c:\program files\V mene Pana zastupov
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-23 22:15 . 2010-12-23 22:16 239104 ----a-w- c:\windows\Xzujua.exe
2010-12-23 22:15 . 2010-12-23 22:15 327680 ----a-w- c:\windows\system32\sshnas21.dll
2010-12-18 19:14 . 2010-12-18 19:14 65024 --sh--r- c:\windows\nvsvc32.exe
2007-09-15 16:27 . 2007-09-15 16:27 18398423 ----a-w- c:\program files\MediaCoder-0.6.0.3798.exe
2007-09-15 16:12 . 2007-09-15 16:12 20256064 ----a-w- c:\program files\QuickTimeInstaller.exe
2007-01-29 09:16 . 2007-01-29 09:16 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
2007-01-29 09:16 . 2007-01-29 09:16 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
2007-01-29 09:16 . 2007-01-29 09:16 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
2007-01-29 09:16 . 2007-01-29 09:16 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
2007-01-29 09:16 . 2007-01-29 09:16 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
2007-01-29 09:16 . 2007-01-29 09:16 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
.
------- Sigcheck -------
[-] 2004-09-01 . 7B11118B078B88F87183FE69EDA43137 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
[-] 2004-09-01 . A77219A971029DC2FB683E8513713803 . 215552 . . [5.1.2600.2055] . . c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobilityManager"="c:\program files\Mobility Manager\MobilityManager" [X]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_14\bin\jusched.exe" [2007-03-14 32881]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-02-26 2140880]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-01 15360]
c:\documents and settings\Lukass\Start Menu\Programs\Startup\
Girder3.lnk - e:\crack\Girder 3022\Girder 3022\Girder 3022\Girder.exe [2007-10-31 897536]
Shortcut to r_server.lnk - c:\programy\BORGChat\Inbox\LOL\r_server.exe [N/A]
Tray Tools 2000.lnk - c:\programy\tray\TrayTool.exe [2007-11-7 155648]
c:\documents and settings\Lilly\Start Menu\Programs\Startup\
0lofhz6.exe [2011-1-26 42496]
1fmahsm.exe [2011-1-27 43008]
bv00bnafza.exe [2011-1-27 42496]
bvkj6xekv.exe [2011-1-26 43008]
dozmc5uf.exe [2011-1-26 43008]
dvo0npgqlxw.exe [2011-1-26 42496]
em56qhvoqz.exe [2011-1-26 43008]
g00lxiuxjiy.exe [2011-1-26 42496]
i01winei56x.exe [2011-1-26 43520]
mltwgts0.exe [2011-1-26 43520]
mmjq01dgcf.exe [2011-1-27 43008]
olnkmj56k.exe [2011-1-26 43520]
osrwkpv0.exe [2011-1-26 42496]
poaz56qnhq.exe [2011-1-26 42496]
pt01vyoxnmf.exe [2011-1-27 43520]
qkfwb5iv.exe [2011-1-26 43520]
sazpqth0.exe [2011-1-26 43520]
ufwx6udoz.exe [2011-1-26 43008]
viyttmq5.exe [2011-1-27 42496]
wjbqkn56o.exe [2011-1-26 43008]
zredjem5.exe [2011-1-26 43008]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^REALTEK 11n USB Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk
backup=c:\windows\pss\REALTEK 11n USB Wireless LAN Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^0lofhz6.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\0lofhz6.exe
backup=c:\windows\pss\0lofhz6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^bvkj6xekv.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\bvkj6xekv.exe
backup=c:\windows\pss\bvkj6xekv.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^dozmc5uf.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\dozmc5uf.exe
backup=c:\windows\pss\dozmc5uf.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^dvo0npgqlxw.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\dvo0npgqlxw.exe
backup=c:\windows\pss\dvo0npgqlxw.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^em56qhvoqz.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\em56qhvoqz.exe
backup=c:\windows\pss\em56qhvoqz.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^g00lxiuxjiy.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\g00lxiuxjiy.exe
backup=c:\windows\pss\g00lxiuxjiy.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^i01winei56x.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\i01winei56x.exe
backup=c:\windows\pss\i01winei56x.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^mltwgts0.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\mltwgts0.exe
backup=c:\windows\pss\mltwgts0.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^olnkmj56k.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\olnkmj56k.exe
backup=c:\windows\pss\olnkmj56k.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^osrwkpv0.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\osrwkpv0.exe
backup=c:\windows\pss\osrwkpv0.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^poaz56qnhq.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\poaz56qnhq.exe
backup=c:\windows\pss\poaz56qnhq.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^qkfwb5iv.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\qkfwb5iv.exe
backup=c:\windows\pss\qkfwb5iv.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^sazpqth0.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\sazpqth0.exe
backup=c:\windows\pss\sazpqth0.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^ufwx6udoz.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\ufwx6udoz.exe
backup=c:\windows\pss\ufwx6udoz.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^wjbqkn56o.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\wjbqkn56o.exe
backup=c:\windows\pss\wjbqkn56o.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^zredjem5.exe]
path=c:\documents and settings\Lilly\Start Menu\Programs\Startup\zredjem5.exe
backup=c:\windows\pss\zredjem5.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 13:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 11:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Driver Setup]
2011-01-26 23:50 65536 --sh--r- c:\windows\wjdrive32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-03 23:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA driver monitor]
2010-12-18 19:14 65024 --sh--r- c:\windows\nvsvc32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 15:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tyfigoup]
2011-01-26 22:32 229888 ----a-w- c:\windows\system32\rodu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vyre32]
2011-01-26 22:38 167936 ----a-w- c:\windows\system32\vyre32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wr]
2011-01-26 23:24 61440 ----a-w- c:\windows\system32\umdmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdate"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\proe2001\\i486_nt\\obj\\xtop.exe"=
"c:\\Program Files\\proe2001\\i486_nt\\nms\\nmsd.exe"=
"c:\\Program Files\\proe2001\\i486_nt\\obj\\pro_comm_msg.exe"=
"c:\\Program Files\\REALTEK\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Documents and Settings\\Lilly\\My Documents\\Preberanie\\image96523489.exe"= c:\\windows\\nvsvc32.exe
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3212:TCP"= 3212:TCP:BND
"7661:TCP"= 7661:TCP:BND
"9536:TCP"= 9536:TCP:hoyyifgi
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
"1878:TCP"= 1878:TCP:BND
"4444:TCP"= 4444:TCP:BND
"7052:TCP"= 7052:TCP:BND
"20944:TCP"= 20944:TCP:BND
"17798:TCP"= 17798:TCP:BND
"29838:TCP"= 29838:TCP:BND
"25963:TCP"= 25963:TCP:BND
"3251:TCP"= 3251:TCP:BND
"18240:TCP"= 18240:TCP:BND
"18560:TCP"= 18560:TCP:BND
"9347:TCP"= 9347:TCP:BND
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [30. 4. 2007 8:59 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [30. 4. 2007 8:59 5248]
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [28. 12. 2010 22:28 3333808]
R1 ddfcc;ddfcc;c:\windows\system32\drivers\ddfcc.sys [8. 12. 2008 11:23 195832]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [26. 2. 2010 5:41 114984]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [26. 2. 2010 5:41 810120]
R2 FMMService;FMMService;c:\progra~1\MOBILI~1\FMMSER~1.EXE [24. 10. 2010 19:25 40960]
R2 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVicHW32.sys [31. 10. 2007 15:57 25040]
R3 FlrnUSB;Leadtek USB Network Interface;c:\windows\system32\drivers\LtkUSB.sys [24. 10. 2010 19:25 41907]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S2 sgjiomo;Config Support;c:\windows\system32\svchost.exe -k netsvcs [1. 9. 2004 8:00 14336]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [17. 3. 2010 14:55 1668352]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [26. 10. 2008 14:21 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [26. 10. 2008 14:21 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [26. 10. 2008 14:21 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [26. 10. 2008 14:24 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [26. 10. 2008 14:24 86368]
S3 ProPortmap Service;ProPortmap Service;c:\ptc\portmap\portmap.exe [31. 10. 2007 1:53 57344]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [16. 3. 2010 19:00 583552]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17. 3. 2010 16:22 135664]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sgjiomo
.
Contents of the 'Scheduled Tasks' folder
2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-17 15:21]
2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-17 15:21]
2011-01-27 c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
- c:\windows\Xzujua.exe [2010-12-23 22:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://fullarticles.net
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
TCP: {9964EE31-5653-4D26-8E70-30F48FC876A0} = 192.138.27.98
FF - ProfilePath - c:\documents and settings\Lilly\Application Data\Mozilla\Firefox\Profiles\3atajlwo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2405280&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-{39144447-8FF8-61B9-BE65-186E4AB7ADE8} - c:\documents and settings\Lilly\Application Data\Fyabb\nykua.exe
HKCU-Run-{9772E225-27CE-E988-5958-BDF5A7BA7607} - c:\documents and settings\Lilly\Application Data\Poik\onvue.exe
HKCU-Run-erszisjr - c:\windows\system32\erszisjr.exe
HKLM-Run-erszisjr - c:\windows\system32\erszisjr.exe
HKU-Default-RunOnce-IETI - c:\program files\Skype\Phone\IEPlugin\unins000.exe
MSConfigStartUp-12CFG214-K641-12SF-N85P - c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
MSConfigStartUp-erszisjr - c:\windows\system32\erszisjr.exe
MSConfigStartUp-HTV Agent - c:\program files\HTV\HTV.exe
MSConfigStartUp-JP595IR86O - c:\docume~1\Lilly\LOCALS~1\Temp\Xhd.exe
MSConfigStartUp-{39144447-8FF8-61B9-BE65-186E4AB7ADE8} - c:\documents and settings\Lilly\Application Data\Fyabb\nykua.exe
MSConfigStartUp-{9772E225-27CE-E988-5958-BDF5A7BA7607} - c:\documents and settings\Lilly\Application Data\Poik\onvue.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-27 15:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1164)
c:\windows\SYSTEM32\RtlGina\RtlGina.DLL
- - - - - - - > 'explorer.exe'(3012)
c:\windows\system32\browselc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\programy\alcohol\Alcohol 120\StarWind\StarWindService.exe
c:\windows\ddfcc\PKMailer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Mobility Manager\MobilityManager.exe
c:\program files\Mobility Manager\jre\bin\javaw.exe
c:\program files\Skype\Phone\Skype.exe
.
**************************************************************************
.
Completion time: 2011-01-27 15:44:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-27 14:43
Pre-Run: 1 391 636 480 bytes free
Post-Run: 1 660 231 680 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - CDF13D0C8D4674EC1401D04CCDFB0ACD
Re: PC mrzne, nereaguje - prosim o kontrolu
Stahnete OTM (viz muj podpis)
- Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
- Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize
Kód: Vybrat vše
:reg [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^0lofhz6.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^bvkj6xekv.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^dozmc5uf.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^dvo0npgqlxw.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^em56qhvoqz.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^g00lxiuxjiy.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^i01winei56x.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^mltwgts0.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^olnkmj56k.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^osrwkpv0.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^poaz56qnhq.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^qkfwb5iv.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^sazpqth0.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^ufwx6udoz.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^wjbqkn56o.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^zredjem5.exe] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\DOCUME~1\Lilly\LOCALS~1\Temp\219.exe"=- :files C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\*.exe %windir%\system32\*.tmp.dll /s %windir%\system32\SET*.tmp /s %windir%\*.tmp /s :commands [RESETHOSTS] [EMPTYTEMP] [EMPTYFLASH]- Kliknete na cervene tlacitko MoveIt!
- Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: Collect:: C:\bntr.exe c:\windows\system32\umdmgr.exe c:\windows\wjdrive32.exe c:\windows\system32\vyre32.exe c:\windows\system32\zissessibe.exe c:\windows\system32\rodu.exe c:\windows\Xzujua.exe c:\windows\system32\sshnas21.dll c:\windows\nvsvc32.exe c:\\Documents and Settings\\Lilly\\My Documents\\Preberanie\\image96523489.exe c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job Restore:: c:\windows\system32\drivers\tcpip.sys c:\windows\system32\termsrv.dll Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MobilityManager"=- "SunJavaUpdateSched"=- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Documents and Settings\\Lilly\\My Documents\\Preberanie\\image96523489.exe"=- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3212:TCP"=- "7661:TCP"=- "9536:TCP"=- "1878:TCP"=- "4444:TCP"=- "7052:TCP"=- "20944:TCP"=- "17798:TCP"=- "29838:TCP"=- "25963:TCP"=- "3251:TCP"=- "18240:TCP"=- "18560:TCP"=- "9347:TCP"=- Driver:: sgjiomo gupdate NetSvc:: sgjiomo Folder:: e:\crack File:: c:\documents and settings\Lilly\MobilityManager.tmp c:\documents and settings\Lukass\Start Menu\Programs\Startup\Girder3.lnk c:\windows\Tasks\GoogleUpdateTaskMachineUA.job c:\windows\Tasks\GoogleUpdateTaskMachineCore.job DDS:: uStart Page = hxxp://fullarticles.net uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Firefox:: FF - ProfilePath - c:\documents and settings\Lilly\Application Data\Mozilla\Firefox\Profiles\3atajlwo.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT24052 ... hSource=13 FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.7&q= Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
justrideit
- Návštěvník
- Příspěvky: 73
- Registrován: 15 pro 2009 10:12
Re: PC mrzne, nereaguje - prosim o kontrolu
Log z OTM:
All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^0lofhz6.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^bvkj6xekv.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^dozmc5uf.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^dvo0npgqlxw.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^em56qhvoqz.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^g00lxiuxjiy.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^i01winei56x.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^mltwgts0.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^olnkmj56k.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^osrwkpv0.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^poaz56qnhq.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^qkfwb5iv.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^sazpqth0.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^ufwx6udoz.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^wjbqkn56o.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^zredjem5.exe\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Lilly\LOCALS~1\Temp\219.exe not found.
========== FILES ==========
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\0lofhz6.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\1fmahsm.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\bv00bnafza.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\bvkj6xekv.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\dozmc5uf.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\dvo0npgqlxw.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\em56qhvoqz.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\g00lxiuxjiy.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\i01winei56x.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\mltwgts0.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\mmjq01dgcf.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\olnkmj56k.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\osrwkpv0.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\poaz56qnhq.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\pt01vyoxnmf.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\qkfwb5iv.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\sazpqth0.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\ufwx6udoz.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\viyttmq5.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\wjbqkn56o.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\zredjem5.exe moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\twain_32\hpqgends.tmp moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Lilly
->Temp folder emptied: 96168 bytes
->Temporary Internet Files folder emptied: 4003887 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 62237193 bytes
->Flash cache emptied: 4462 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Lukass
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 63,00 mb
OTM by OldTimer - Version 3.1.17.2 log created on 01272011_212346
Files moved on Reboot...
Registry entries deleted on Reboot...
All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^0lofhz6.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^bvkj6xekv.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^dozmc5uf.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^dvo0npgqlxw.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^em56qhvoqz.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^g00lxiuxjiy.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^i01winei56x.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^mltwgts0.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^olnkmj56k.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^osrwkpv0.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^poaz56qnhq.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^qkfwb5iv.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^sazpqth0.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^ufwx6udoz.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^wjbqkn56o.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lilly^Start Menu^Programs^Startup^zredjem5.exe\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\Lilly\LOCALS~1\Temp\219.exe not found.
========== FILES ==========
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\0lofhz6.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\1fmahsm.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\bv00bnafza.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\bvkj6xekv.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\dozmc5uf.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\dvo0npgqlxw.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\em56qhvoqz.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\g00lxiuxjiy.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\i01winei56x.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\mltwgts0.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\mmjq01dgcf.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\olnkmj56k.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\osrwkpv0.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\poaz56qnhq.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\pt01vyoxnmf.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\qkfwb5iv.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\sazpqth0.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\ufwx6udoz.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\viyttmq5.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\wjbqkn56o.exe moved successfully.
C:\Documents and Settings\Lilly\Start Menu\Programs\Startup\zredjem5.exe moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\twain_32\hpqgends.tmp moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Lilly
->Temp folder emptied: 96168 bytes
->Temporary Internet Files folder emptied: 4003887 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 62237193 bytes
->Flash cache emptied: 4462 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Lukass
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 63,00 mb
OTM by OldTimer - Version 3.1.17.2 log created on 01272011_212346
Files moved on Reboot...
Registry entries deleted on Reboot...
-
justrideit
- Návštěvník
- Příspěvky: 73
- Registrován: 15 pro 2009 10:12
Re: PC mrzne, nereaguje - prosim o kontrolu
log z Combofixu po natiahnuti skriptu:
ComboFix 11-01-26.01 - Lilly . 01. 2011 21:34:33.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.383.140 [GMT 1:00]
Running from: c:\documents and settings\Lilly\Desktop\beruska.com.exe
Command switches used :: c:\documents and settings\Lilly\Desktop\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FILE ::
"c:\documents and settings\Lilly\MobilityManager.tmp"
"c:\documents and settings\Lukass\Start Menu\Programs\Startup\Girder3.lnk"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
file zipped: c:\\Documents and Settings\\Lilly\\My Documents\\Preberanie\\image96523489.exe
file zipped: C:\bntr.exe
file zipped: c:\windows\nvsvc32.exe
file zipped: c:\windows\system32\rodu.exe
file zipped: c:\windows\system32\sshnas21.dll
file zipped: c:\windows\system32\umdmgr.exe
file zipped: c:\windows\system32\vyre32.exe
file zipped: c:\windows\system32\zissessibe.exe
file zipped: c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
file zipped: c:\windows\wjdrive32.exe
file zipped: c:\windows\Xzujua.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\sshnas21.dll
e:\crack
e:\crack\Girder 3022\Girder 3022\Girder 3022\Copying.txt
e:\crack\Girder 3022\Girder 3022\Girder 3022\fuck.gir
e:\crack\Girder 3022\Girder 3022\Girder 3022\Girder.exe
e:\crack\Girder 3022\Girder 3022\Girder 3022\groupswitch.GIR
e:\crack\Girder 3022\Girder 3022\Girder 3022\Help\Girder.GID
e:\crack\Girder 3022\Girder 3022\Girder 3022\Help\GIRDER.HLP
e:\crack\Girder 3022\Girder 3022\Girder 3022\history.txt
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Brazilian Portuguees.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Czech.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Dansk.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Deutsch.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Dutch.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\English.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\French.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Greek.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Hrvatski.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\chinese.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Italiano.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Norwegian.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Polish.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Readme.txt
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Russian.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Slovak.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Slovenian.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Spanish.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Svensk.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\lukass.GIR
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\Hardware\ast.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\Hardware\IgorPlug.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\Hardware\IrDA.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\Hardware\keyboard.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\Hardware\TaskCreate.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\Hardware\TaskSwitch.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\Hardware\tcpip.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\Hardware\uir.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\SoftWare\alarm.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\SoftWare\apm.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\SoftWare\BlockPlugin.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\SoftWare\dfx.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\SoftWare\iwh.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\SoftWare\PopUp.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\SoftWare\Say.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\SoftWare\sendmessage.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\SoftWare\sntp.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\SoftWare\tcpip.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\SoftWare\timer.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Readme.txt
e:\crack\Girder 3022\Girder 3022\Girder 3022\Sample.GIR
e:\crack\Girder 3022\Girder 3022\Girder 3022\tcpclient.exe
e:\crack\Girder 3022\Girder 3022\Girder 3022\Todo.txt
e:\crack\Girder 3022\Girder 3022\Girder 3022\watch.dll
e:\crack\girder\AVR309_doc2556.pdf
e:\crack\girder\file_id.diz
e:\crack\girder\IgorPlugXP.zip
e:\crack\girder\plugins\hardware\IgorPlug.dll
e:\crack\girder\plugins\IgorPlug.dll
e:\crack\girder\REVENGE.nfo
e:\crack\girder\Sound.zip
e:\crack\girder\Sound\0.wav
e:\crack\girder\Sound\1.wav
e:\crack\girder\Sound\10.wav
e:\crack\girder\Sound\11.wav
e:\crack\girder\Sound\12.wav
e:\crack\girder\Sound\13.wav
e:\crack\girder\Sound\14.wav
e:\crack\girder\Sound\15.wav
e:\crack\girder\Sound\16.wav
e:\crack\girder\Sound\17.wav
e:\crack\girder\Sound\18.wav
e:\crack\girder\Sound\19.wav
e:\crack\girder\Sound\2.wav
e:\crack\girder\Sound\20.wav
e:\crack\girder\Sound\3.wav
e:\crack\girder\Sound\30.wav
e:\crack\girder\Sound\4.wav
e:\crack\girder\Sound\40.wav
e:\crack\girder\Sound\5.wav
e:\crack\girder\Sound\50.wav
e:\crack\girder\Sound\6.wav
e:\crack\girder\Sound\60.wav
e:\crack\girder\Sound\7.wav
e:\crack\girder\Sound\70.wav
e:\crack\girder\Sound\8.wav
e:\crack\girder\Sound\80.wav
e:\crack\girder\Sound\9.wav
e:\crack\girder\Sound\90.wav
e:\crack\girder\Sound\am.wav
e:\crack\girder\Sound\oclock.wav
e:\crack\girder\Sound\oh.wav
e:\crack\girder\Sound\pm.wav
e:\crack\girder\Thumbs.db
e:\crack\girder\tsrh.nfo
e:\crack\girder\vratnik.zip
e:\crack\KeyGen.bat
e:\crack\license.dat
e:\crack\ptc.dat
e:\crack\ptc.exe
e:\crack\readme.txt
c:\windows\system32\drivers\tcpip.sys . . . is infected!!
c:\windows\system32\termsrv.dll . . . is infected!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_GUPDATE
-------\Legacy_SGJIOMO
-------\Service_gupdate
-------\Service_sgjiomo
((((((((((((((((((((((((( Files Created from 2010-12-27 to 2011-01-27 )))))))))))))))))))))))))))))))
.
2011-01-27 20:23 . 2011-01-27 20:23 -------- d-----w- C:\_OTM
2011-01-27 20:19 . 2011-01-27 20:19 0 ----a-w- c:\documents and settings\Lilly\MobilityManager.tmp
2011-01-26 23:52 . 2011-01-27 09:42 40960 ----a-w- C:\bntr.exe
2011-01-26 23:34 . 2011-01-26 23:34 -------- d-----w- c:\program files\trend micro
2011-01-26 23:34 . 2011-01-26 23:35 -------- d-----w- C:\rsit
2011-01-26 23:24 . 2011-01-26 23:24 61440 ----a-w- c:\windows\system32\umdmgr.exe
2011-01-26 19:52 . 2011-01-26 23:50 65536 --sha-r- c:\windows\wjdrive32.exe
2011-01-26 19:48 . 2011-01-26 22:38 167936 ----a-w- c:\windows\system32\vyre32.exe
2011-01-26 09:38 . 2011-01-26 22:32 229888 ----a-w- c:\windows\system32\zissessibe.exe
2011-01-25 21:16 . 2011-01-26 22:32 229888 ----a-w- c:\windows\system32\rodu.exe
2011-01-25 00:46 . 2011-01-25 00:46 -------- d-----w- c:\documents and settings\Lilly\Local Settings\Application Data\Help
2011-01-24 23:46 . 2011-01-27 09:48 -------- d-----w- c:\documents and settings\Lilly\Application Data\skypePM
2011-01-24 23:40 . 2011-01-24 23:40 -------- d-----w- c:\program files\Common Files\Skype
2011-01-20 01:07 . 2011-01-27 00:00 -------- d-----w- c:\documents and settings\Lilly\Application Data\Naxy
2010-12-28 21:28 . 2010-12-28 21:28 3333808 ----a-w- c:\windows\system32\drivers\appdrv01.sys
2010-12-28 21:28 . 2010-12-28 21:28 316888 ----a-w- c:\windows\system32\appdrvrem01.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-23 22:15 . 2010-12-23 22:16 239104 ----a-w- c:\windows\Xzujua.exe
2010-12-18 19:14 . 2010-12-18 19:14 65024 --sha-r- c:\windows\nvsvc32.exe
2007-09-15 16:27 . 2007-09-15 16:27 18398423 ----a-w- c:\program files\MediaCoder-0.6.0.3798.exe
2007-09-15 16:12 . 2007-09-15 16:12 20256064 ----a-w- c:\program files\QuickTimeInstaller.exe
2007-01-29 09:16 . 2007-01-29 09:16 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
2007-01-29 09:16 . 2007-01-29 09:16 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
2007-01-29 09:16 . 2007-01-29 09:16 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
2007-01-29 09:16 . 2007-01-29 09:16 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
2007-01-29 09:16 . 2007-01-29 09:16 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
2007-01-29 09:16 . 2007-01-29 09:16 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
.
------- Sigcheck -------
[-] 2004-09-01 . 7B11118B078B88F87183FE69EDA43137 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
[-] 2004-09-01 . A77219A971029DC2FB683E8513713803 . 215552 . . [5.1.2600.2055] . . c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-02-26 2140880]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-01 15360]
c:\documents and settings\Lukass\Start Menu\Programs\Startup\
Girder3.lnk - e:\crack\Girder 3022\Girder 3022\Girder 3022\Girder.exe [N/A]
Shortcut to r_server.lnk - c:\programy\BORGChat\Inbox\LOL\r_server.exe [N/A]
Tray Tools 2000.lnk - c:\programy\tray\TrayTool.exe [2007-11-7 155648]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^REALTEK 11n USB Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk
backup=c:\windows\pss\REALTEK 11n USB Wireless LAN Utility.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 13:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 11:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Driver Setup]
2011-01-26 23:50 65536 --sha-r- c:\windows\wjdrive32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-03 23:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA driver monitor]
2010-12-18 19:14 65024 --sha-r- c:\windows\nvsvc32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 15:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tyfigoup]
2011-01-26 22:32 229888 ----a-w- c:\windows\system32\rodu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vyre32]
2011-01-26 22:38 167936 ----a-w- c:\windows\system32\vyre32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wr]
2011-01-26 23:24 61440 ----a-w- c:\windows\system32\umdmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdate"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\proe2001\\i486_nt\\obj\\xtop.exe"=
"c:\\Program Files\\proe2001\\i486_nt\\nms\\nmsd.exe"=
"c:\\Program Files\\proe2001\\i486_nt\\obj\\pro_comm_msg.exe"=
"c:\\Program Files\\REALTEK\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [30. 4. 2007 8:59 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [30. 4. 2007 8:59 5248]
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [28. 12. 2010 22:28 3333808]
R1 ddfcc;ddfcc;c:\windows\system32\drivers\ddfcc.sys [8. 12. 2008 11:23 195832]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [26. 2. 2010 5:41 114984]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [26. 2. 2010 5:41 810120]
R2 FMMService;FMMService;c:\progra~1\MOBILI~1\FMMSER~1.EXE [24. 10. 2010 19:25 40960]
R2 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVicHW32.sys [31. 10. 2007 15:57 25040]
R3 FlrnUSB;Leadtek USB Network Interface;c:\windows\system32\drivers\LtkUSB.sys [24. 10. 2010 19:25 41907]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [17. 3. 2010 14:55 1668352]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\Lilly\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\Lilly\LOCALS~1\Temp\CFcatchme.sys [?]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [26. 10. 2008 14:21 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [26. 10. 2008 14:21 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [26. 10. 2008 14:21 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [26. 10. 2008 14:24 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [26. 10. 2008 14:24 86368]
S3 ProPortmap Service;ProPortmap Service;c:\ptc\portmap\portmap.exe [31. 10. 2007 1:53 57344]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [16. 3. 2010 19:00 583552]
.
Contents of the 'Scheduled Tasks' folder
2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-17 15:21]
2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-17 15:21]
2011-01-27 c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
- c:\windows\Xzujua.exe [2010-12-23 22:15]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
TCP: {9964EE31-5653-4D26-8E70-30F48FC876A0} = 192.138.27.98
FF - ProfilePath - c:\documents and settings\Lilly\Application Data\Mozilla\Firefox\Profiles\3atajlwo.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-27 21:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1164)
c:\windows\SYSTEM32\RtlGina\RtlGina.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\programy\alcohol\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-01-27 21:52:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-27 20:52
ComboFix2.txt 2011-01-27 14:44
Pre-Run: 1 609 674 752 bytes free
Post-Run: 1 591 373 824 bytes free
- - End Of File - - BD670E21C9AC0AC377047CFEDB52BCEB
Pisalo tam nieco o uploadovani nejakeho suboru na internet, ale tym ze bola nedostupna stranka, tak mi vytvorilo iba html subor, je to potrebne ci nie?
ComboFix 11-01-26.01 - Lilly . 01. 2011 21:34:33.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.383.140 [GMT 1:00]
Running from: c:\documents and settings\Lilly\Desktop\beruska.com.exe
Command switches used :: c:\documents and settings\Lilly\Desktop\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FILE ::
"c:\documents and settings\Lilly\MobilityManager.tmp"
"c:\documents and settings\Lukass\Start Menu\Programs\Startup\Girder3.lnk"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
file zipped: c:\\Documents and Settings\\Lilly\\My Documents\\Preberanie\\image96523489.exe
file zipped: C:\bntr.exe
file zipped: c:\windows\nvsvc32.exe
file zipped: c:\windows\system32\rodu.exe
file zipped: c:\windows\system32\sshnas21.dll
file zipped: c:\windows\system32\umdmgr.exe
file zipped: c:\windows\system32\vyre32.exe
file zipped: c:\windows\system32\zissessibe.exe
file zipped: c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
file zipped: c:\windows\wjdrive32.exe
file zipped: c:\windows\Xzujua.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\sshnas21.dll
e:\crack
e:\crack\Girder 3022\Girder 3022\Girder 3022\Copying.txt
e:\crack\Girder 3022\Girder 3022\Girder 3022\fuck.gir
e:\crack\Girder 3022\Girder 3022\Girder 3022\Girder.exe
e:\crack\Girder 3022\Girder 3022\Girder 3022\groupswitch.GIR
e:\crack\Girder 3022\Girder 3022\Girder 3022\Help\Girder.GID
e:\crack\Girder 3022\Girder 3022\Girder 3022\Help\GIRDER.HLP
e:\crack\Girder 3022\Girder 3022\Girder 3022\history.txt
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Brazilian Portuguees.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Czech.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Dansk.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Deutsch.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Dutch.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\English.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\French.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Greek.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Hrvatski.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\chinese.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Italiano.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Norwegian.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Polish.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Readme.txt
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Russian.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Slovak.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Slovenian.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Spanish.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\i18n\Svensk.lng
e:\crack\Girder 3022\Girder 3022\Girder 3022\lukass.GIR
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\Hardware\ast.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\Hardware\IgorPlug.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\Hardware\IrDA.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\Hardware\keyboard.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\Hardware\TaskCreate.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\Hardware\TaskSwitch.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\Hardware\tcpip.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\Hardware\uir.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\SoftWare\alarm.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\SoftWare\apm.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\SoftWare\BlockPlugin.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\SoftWare\dfx.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\SoftWare\iwh.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\SoftWare\PopUp.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\SoftWare\Say.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\SoftWare\sendmessage.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\SoftWare\sntp.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\SoftWare\tcpip.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Plugins\SoftWare\timer.dll
e:\crack\Girder 3022\Girder 3022\Girder 3022\Readme.txt
e:\crack\Girder 3022\Girder 3022\Girder 3022\Sample.GIR
e:\crack\Girder 3022\Girder 3022\Girder 3022\tcpclient.exe
e:\crack\Girder 3022\Girder 3022\Girder 3022\Todo.txt
e:\crack\Girder 3022\Girder 3022\Girder 3022\watch.dll
e:\crack\girder\AVR309_doc2556.pdf
e:\crack\girder\file_id.diz
e:\crack\girder\IgorPlugXP.zip
e:\crack\girder\plugins\hardware\IgorPlug.dll
e:\crack\girder\plugins\IgorPlug.dll
e:\crack\girder\REVENGE.nfo
e:\crack\girder\Sound.zip
e:\crack\girder\Sound\0.wav
e:\crack\girder\Sound\1.wav
e:\crack\girder\Sound\10.wav
e:\crack\girder\Sound\11.wav
e:\crack\girder\Sound\12.wav
e:\crack\girder\Sound\13.wav
e:\crack\girder\Sound\14.wav
e:\crack\girder\Sound\15.wav
e:\crack\girder\Sound\16.wav
e:\crack\girder\Sound\17.wav
e:\crack\girder\Sound\18.wav
e:\crack\girder\Sound\19.wav
e:\crack\girder\Sound\2.wav
e:\crack\girder\Sound\20.wav
e:\crack\girder\Sound\3.wav
e:\crack\girder\Sound\30.wav
e:\crack\girder\Sound\4.wav
e:\crack\girder\Sound\40.wav
e:\crack\girder\Sound\5.wav
e:\crack\girder\Sound\50.wav
e:\crack\girder\Sound\6.wav
e:\crack\girder\Sound\60.wav
e:\crack\girder\Sound\7.wav
e:\crack\girder\Sound\70.wav
e:\crack\girder\Sound\8.wav
e:\crack\girder\Sound\80.wav
e:\crack\girder\Sound\9.wav
e:\crack\girder\Sound\90.wav
e:\crack\girder\Sound\am.wav
e:\crack\girder\Sound\oclock.wav
e:\crack\girder\Sound\oh.wav
e:\crack\girder\Sound\pm.wav
e:\crack\girder\Thumbs.db
e:\crack\girder\tsrh.nfo
e:\crack\girder\vratnik.zip
e:\crack\KeyGen.bat
e:\crack\license.dat
e:\crack\ptc.dat
e:\crack\ptc.exe
e:\crack\readme.txt
c:\windows\system32\drivers\tcpip.sys . . . is infected!!
c:\windows\system32\termsrv.dll . . . is infected!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_GUPDATE
-------\Legacy_SGJIOMO
-------\Service_gupdate
-------\Service_sgjiomo
((((((((((((((((((((((((( Files Created from 2010-12-27 to 2011-01-27 )))))))))))))))))))))))))))))))
.
2011-01-27 20:23 . 2011-01-27 20:23 -------- d-----w- C:\_OTM
2011-01-27 20:19 . 2011-01-27 20:19 0 ----a-w- c:\documents and settings\Lilly\MobilityManager.tmp
2011-01-26 23:52 . 2011-01-27 09:42 40960 ----a-w- C:\bntr.exe
2011-01-26 23:34 . 2011-01-26 23:34 -------- d-----w- c:\program files\trend micro
2011-01-26 23:34 . 2011-01-26 23:35 -------- d-----w- C:\rsit
2011-01-26 23:24 . 2011-01-26 23:24 61440 ----a-w- c:\windows\system32\umdmgr.exe
2011-01-26 19:52 . 2011-01-26 23:50 65536 --sha-r- c:\windows\wjdrive32.exe
2011-01-26 19:48 . 2011-01-26 22:38 167936 ----a-w- c:\windows\system32\vyre32.exe
2011-01-26 09:38 . 2011-01-26 22:32 229888 ----a-w- c:\windows\system32\zissessibe.exe
2011-01-25 21:16 . 2011-01-26 22:32 229888 ----a-w- c:\windows\system32\rodu.exe
2011-01-25 00:46 . 2011-01-25 00:46 -------- d-----w- c:\documents and settings\Lilly\Local Settings\Application Data\Help
2011-01-24 23:46 . 2011-01-27 09:48 -------- d-----w- c:\documents and settings\Lilly\Application Data\skypePM
2011-01-24 23:40 . 2011-01-24 23:40 -------- d-----w- c:\program files\Common Files\Skype
2011-01-20 01:07 . 2011-01-27 00:00 -------- d-----w- c:\documents and settings\Lilly\Application Data\Naxy
2010-12-28 21:28 . 2010-12-28 21:28 3333808 ----a-w- c:\windows\system32\drivers\appdrv01.sys
2010-12-28 21:28 . 2010-12-28 21:28 316888 ----a-w- c:\windows\system32\appdrvrem01.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-23 22:15 . 2010-12-23 22:16 239104 ----a-w- c:\windows\Xzujua.exe
2010-12-18 19:14 . 2010-12-18 19:14 65024 --sha-r- c:\windows\nvsvc32.exe
2007-09-15 16:27 . 2007-09-15 16:27 18398423 ----a-w- c:\program files\MediaCoder-0.6.0.3798.exe
2007-09-15 16:12 . 2007-09-15 16:12 20256064 ----a-w- c:\program files\QuickTimeInstaller.exe
2007-01-29 09:16 . 2007-01-29 09:16 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
2007-01-29 09:16 . 2007-01-29 09:16 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
2007-01-29 09:16 . 2007-01-29 09:16 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
2007-01-29 09:16 . 2007-01-29 09:16 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
2007-01-29 09:16 . 2007-01-29 09:16 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
2007-01-29 09:16 . 2007-01-29 09:16 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
.
------- Sigcheck -------
[-] 2004-09-01 . 7B11118B078B88F87183FE69EDA43137 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
[-] 2004-09-01 . A77219A971029DC2FB683E8513713803 . 215552 . . [5.1.2600.2055] . . c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-02-26 2140880]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-01 15360]
c:\documents and settings\Lukass\Start Menu\Programs\Startup\
Girder3.lnk - e:\crack\Girder 3022\Girder 3022\Girder 3022\Girder.exe [N/A]
Shortcut to r_server.lnk - c:\programy\BORGChat\Inbox\LOL\r_server.exe [N/A]
Tray Tools 2000.lnk - c:\programy\tray\TrayTool.exe [2007-11-7 155648]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^REALTEK 11n USB Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk
backup=c:\windows\pss\REALTEK 11n USB Wireless LAN Utility.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 13:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 11:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Driver Setup]
2011-01-26 23:50 65536 --sha-r- c:\windows\wjdrive32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-03 23:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA driver monitor]
2010-12-18 19:14 65024 --sha-r- c:\windows\nvsvc32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 15:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tyfigoup]
2011-01-26 22:32 229888 ----a-w- c:\windows\system32\rodu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vyre32]
2011-01-26 22:38 167936 ----a-w- c:\windows\system32\vyre32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wr]
2011-01-26 23:24 61440 ----a-w- c:\windows\system32\umdmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdate"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\proe2001\\i486_nt\\obj\\xtop.exe"=
"c:\\Program Files\\proe2001\\i486_nt\\nms\\nmsd.exe"=
"c:\\Program Files\\proe2001\\i486_nt\\obj\\pro_comm_msg.exe"=
"c:\\Program Files\\REALTEK\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [30. 4. 2007 8:59 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [30. 4. 2007 8:59 5248]
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [28. 12. 2010 22:28 3333808]
R1 ddfcc;ddfcc;c:\windows\system32\drivers\ddfcc.sys [8. 12. 2008 11:23 195832]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [26. 2. 2010 5:41 114984]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [26. 2. 2010 5:41 810120]
R2 FMMService;FMMService;c:\progra~1\MOBILI~1\FMMSER~1.EXE [24. 10. 2010 19:25 40960]
R2 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVicHW32.sys [31. 10. 2007 15:57 25040]
R3 FlrnUSB;Leadtek USB Network Interface;c:\windows\system32\drivers\LtkUSB.sys [24. 10. 2010 19:25 41907]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [17. 3. 2010 14:55 1668352]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\Lilly\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\Lilly\LOCALS~1\Temp\CFcatchme.sys [?]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [26. 10. 2008 14:21 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [26. 10. 2008 14:21 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [26. 10. 2008 14:21 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [26. 10. 2008 14:24 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [26. 10. 2008 14:24 86368]
S3 ProPortmap Service;ProPortmap Service;c:\ptc\portmap\portmap.exe [31. 10. 2007 1:53 57344]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [16. 3. 2010 19:00 583552]
.
Contents of the 'Scheduled Tasks' folder
2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-17 15:21]
2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-17 15:21]
2011-01-27 c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
- c:\windows\Xzujua.exe [2010-12-23 22:15]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
TCP: {9964EE31-5653-4D26-8E70-30F48FC876A0} = 192.138.27.98
FF - ProfilePath - c:\documents and settings\Lilly\Application Data\Mozilla\Firefox\Profiles\3atajlwo.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-27 21:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1164)
c:\windows\SYSTEM32\RtlGina\RtlGina.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\programy\alcohol\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-01-27 21:52:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-27 20:52
ComboFix2.txt 2011-01-27 14:44
Pre-Run: 1 609 674 752 bytes free
Post-Run: 1 591 373 824 bytes free
- - End Of File - - BD670E21C9AC0AC377047CFEDB52BCEB
Pisalo tam nieco o uploadovani nejakeho suboru na internet, ale tym ze bola nedostupna stranka, tak mi vytvorilo iba html subor, je to potrebne ci nie?
Re: PC mrzne, nereaguje - prosim o kontrolu
Upload neni nezbytny - jen by se poslaly vzorky haveti k tvurcum ComboFixu pro dalsi vyvoj Havet se tam drzi, takze pouzijem tezsi kalibr Stahnete Avenger (viz muj podpis)
- Pokud pouzivate Win Vista ci W7, kliknete na Avenger pravym a dejte Run As Administrator ci Spustit jako spravce
- Po spusteni Vas program upozorni, ze vse co delate, delate na vlastni riziko - Dejte OK
- Po potvrzeni uz na Vas koukne hlavni okno, kam vlozite skript, ktery mate nize
-
Kód: Vybrat vše
Begin copying here: Files to delete: C:\bntr.exe c:\windows\system32\umdmgr.exe c:\windows\wjdrive32.exe c:\windows\system32\vyre32.exe c:\windows\system32\zissessibe.exe c:\windows\system32\rodu.exe c:\windows\Xzujua.exe c:\windows\nvsvc32.exe c:\documents and settings\Lukass\Start Menu\Programs\Startup\Girder3.lnk c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job Registry keys to delete: HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Driver Setup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA driver monitor HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tyfigoup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vyre32 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wr - Do ctverecku u Scan for rootkits a Automatically disable any rootkits found dejte fajecku
- Nyni uz kliknete na Execute a potvrdte Yes v nasledujicim okne - timto potvrdite spusteni skriptu
- Na otazku Reboot now odpovezte opet OK - timto se PC restartuje
- Po restartu by se mel otevrit poznamkovy blok s logem a jeho obsah vlozte sem. Pokud se tak nestane, naleznete pozadovany dokument v C:\avenger.txt
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
justrideit
- Návštěvník
- Příspěvky: 73
- Registrován: 15 pro 2009 10:12
Re: PC mrzne, nereaguje - prosim o kontrolu
Log z Avenger-a:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File "C:\bntr.exe" deleted successfully.
File "c:\windows\system32\umdmgr.exe" deleted successfully.
File "c:\windows\wjdrive32.exe" deleted successfully.
File "c:\windows\system32\vyre32.exe" deleted successfully.
File "c:\windows\system32\zissessibe.exe" deleted successfully.
File "c:\windows\system32\rodu.exe" deleted successfully.
File "c:\windows\Xzujua.exe" deleted successfully.
File "c:\windows\nvsvc32.exe" deleted successfully.
File "c:\documents and settings\Lukass\Start Menu\Programs\Startup\Girder3.lnk" deleted successfully.
File "c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job" deleted successfully.
Error: registry key "HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk" not found!
Deletion of registry key "HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk" not found!
Deletion of registry key "HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Driver Setup" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA driver monitor" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tyfigoup" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vyre32" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wr" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File "C:\bntr.exe" deleted successfully.
File "c:\windows\system32\umdmgr.exe" deleted successfully.
File "c:\windows\wjdrive32.exe" deleted successfully.
File "c:\windows\system32\vyre32.exe" deleted successfully.
File "c:\windows\system32\zissessibe.exe" deleted successfully.
File "c:\windows\system32\rodu.exe" deleted successfully.
File "c:\windows\Xzujua.exe" deleted successfully.
File "c:\windows\nvsvc32.exe" deleted successfully.
File "c:\documents and settings\Lukass\Start Menu\Programs\Startup\Girder3.lnk" deleted successfully.
File "c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job" deleted successfully.
Error: registry key "HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk" not found!
Deletion of registry key "HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk" not found!
Deletion of registry key "HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Driver Setup" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA driver monitor" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tyfigoup" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vyre32" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wr" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Re: PC mrzne, nereaguje - prosim o kontrolu
jak se chova PC 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
justrideit
- Návštěvník
- Příspěvky: 73
- Registrován: 15 pro 2009 10:12
Re: PC mrzne, nereaguje - prosim o kontrolu
PC uz sa sprava ovela lepsie, uz vcera to bolo citelne..mozno to bolo aj tou doplnenou RAM (i ked len o 128 MB 
) Start je ovela rychlejsi, pc nezamrza, oproti tomu ako sa spraval pred tym je to o 100 % lepsie je potrebne s nim este nieco urobit??
) Start je ovela rychlejsi, pc nezamrza, oproti tomu ako sa spraval pred tym je to o 100 % lepsie je potrebne s nim este nieco urobit??Re: PC mrzne, nereaguje - prosim o kontrolu
Odinstalujte Combofix
- Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
- Napiste ComboFix /Uninstall
- Stisknete Enter
- Tohle smaze Combofix a jeho slozky
T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe
- Stahnete a spustte
- Pro potvrzeni volby mackejte A, Enter
- Po pouziti utilitu smazte
- Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
Stahnete Ccleaner (viz muj podpis)Panel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
Dejte novy log z RSIT"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
justrideit
- Návštěvník
- Příspěvky: 73
- Registrován: 15 pro 2009 10:12
Re: PC mrzne, nereaguje - prosim o kontrolu
Novy log z RSIT:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Lilly at 2011-01-28 10:28:13
Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (33%) free of 10 GB
Total RAM: 383 MB (13% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:28:27, on 28. 1. 2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\PROGRA~1\MOBILI~1\FMMSER~1.EXE
C:\Programy\alcohol\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Lilly\Desktop\RSIT.exe
C:\Program Files\trend micro\Lilly.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_14\bin\npjpi142_14.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_14\bin\npjpi142_14.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastavit prekladac - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložit &oznacený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9964EE31-5653-4D26-8E70-30F48FC876A0}: NameServer = 192.138.27.98
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FMMService - Flarion Technologies, Inc. - C:\PROGRA~1\MOBILI~1\FMMSER~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProPortmap Service - Unknown owner - C:\ptc\portmap\portmap.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programy\alcohol\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 5046 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\PROGRA~1\PCTRAN~1\webie.dll [2004-05-13 319488]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-02-26 2140880]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\Programy\Adobe\READER~1.0\Reader\READER~1.EXE [2006-10-23 40048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\Programy\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
D:\programy\MSOFFI~1\Office\OSA9.EXE [2007-01-29 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^REALTEK 11n USB Wireless LAN Utility.lnk]
C:\PROGRA~1\REALTEK\11NUSB~1\RtWLan.exe [2009-05-04 933888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdate"=2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Program Files\proe2001\i486_nt\obj\xtop.exe"="C:\Program Files\proe2001\i486_nt\obj\xtop.exe:*:Enabled:xtop"
"C:\Program Files\proe2001\i486_nt\nms\nmsd.exe"="C:\Program Files\proe2001\i486_nt\nms\nmsd.exe:*:Enabled:nmsd"
"C:\Program Files\proe2001\i486_nt\obj\pro_comm_msg.exe"="C:\Program Files\proe2001\i486_nt\obj\pro_comm_msg.exe:*:Enabled:pro_comm_msg"
"C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe"="C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
======List of files/folders created in the last 1 months======
2011-01-28 10:28:13 ----D---- C:\rsit
2011-01-28 10:14:17 ----SHD---- C:\RECYCLER
2011-01-27 21:53:35 ----D---- C:\WINDOWS\temp
2011-01-27 15:08:05 ----A---- C:\Boot.bak
2011-01-27 15:07:56 ----RASHD---- C:\cmdcons
2011-01-27 00:34:33 ----D---- C:\Program Files\trend micro
2011-01-26 23:17:25 ----D---- C:\WINDOWS\pss
2011-01-25 22:16:03 ----AH---- C:\Documents and Settings\Lilly\Application Data\HhdFJl61DD.txt
2011-01-25 22:16:02 ----AH---- C:\Documents and Settings\Lilly\Application Data\Bgm7fGCGHJ.txt
2011-01-25 22:14:58 ----AH---- C:\Documents and Settings\Lilly\Application Data\IK6fDMGl71.txt
2011-01-25 01:46:11 ----D---- C:\Documents and Settings\Lilly\Application Data\Help
2011-01-25 00:46:35 ----D---- C:\Documents and Settings\Lilly\Application Data\skypePM
2011-01-25 00:40:51 ----D---- C:\Program Files\Common Files\Skype
2011-01-20 02:07:54 ----D---- C:\Documents and Settings\Lilly\Application Data\Naxy
======List of files/folders modified in the last 1 months======
2011-01-28 10:28:16 ----D---- C:\WINDOWS\Prefetch
2011-01-28 10:27:47 ----D---- C:\Documents and Settings\Lilly\Application Data\Skype
2011-01-28 10:22:40 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2011-01-28 10:22:19 ----D---- C:\WINDOWS
2011-01-28 10:22:19 ----A---- C:\WINDOWS\RTacDbg.txt
2011-01-28 10:21:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-01-28 10:12:37 ----SHD---- C:\System Volume Information
2011-01-28 10:12:37 ----D---- C:\WINDOWS\system32\Restore
2011-01-28 10:11:51 ----D---- C:\WINDOWS\system32\drivers
2011-01-28 09:24:46 ----SD---- C:\WINDOWS\Tasks
2011-01-28 09:24:46 ----RD---- C:\Program Files
2011-01-28 09:24:46 ----D---- C:\WINDOWS\system32
2011-01-27 21:50:39 ----D---- C:\WINDOWS\system32\CatRoot2
2011-01-27 21:49:07 ----A---- C:\WINDOWS\system.ini
2011-01-27 21:48:16 ----D---- C:\WINDOWS\system32\drivers\etc
2011-01-27 21:45:29 ----D---- C:\WINDOWS\system32\config
2011-01-27 21:39:52 ----D---- C:\WINDOWS\AppPatch
2011-01-27 21:39:48 ----D---- C:\Program Files\Common Files
2011-01-27 21:23:59 ----D---- C:\WINDOWS\twain_32
2011-01-27 15:08:05 ----RASH---- C:\boot.ini
2011-01-27 11:31:04 ----D---- C:\WINDOWS\Minidump
2011-01-27 10:40:37 ----A---- C:\WINDOWS\win.ini
2011-01-25 01:46:11 ----D---- C:\WINDOWS\Help
2011-01-25 00:43:38 ----SHD---- C:\WINDOWS\Installer
2011-01-25 00:43:25 ----D---- C:\Config.Msi
2011-01-25 00:40:59 ----RD---- C:\Program Files\Skype
2011-01-25 00:39:48 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2011-01-25 00:32:31 ----D---- C:\Documents and Settings\Lilly\Application Data\ICQ
2011-01-17 11:40:18 ----SD---- C:\Documents and Settings\Lilly\Application Data\Microsoft
2011-01-17 11:39:08 ----D---- C:\WINDOWS\WinSxS
2011-01-17 11:39:01 ----RSD---- C:\WINDOWS\Fonts
2011-01-17 11:38:39 ----D---- C:\Program Files\Microsoft Office
2011-01-17 11:38:35 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-01-09 13:07:31 ----D---- C:\Program Files\MSECache
2011-01-06 10:15:11 ----D---- C:\Program Files\ICQ7.2
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-05-16 46080]
R0 Vax347b;Vax347b; C:\WINDOWS\system32\DRIVERS\Vax347b.sys [2005-04-25 159616]
R0 Vax347s;Vax347s; C:\WINDOWS\System32\Drivers\Vax347s.sys [2004-04-30 5248]
R1 appdrv01;Application Driver (01); C:\WINDOWS\System32\Drivers\appdrv01.sys [2010-12-28 3333808]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-02-26 114984]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-02-26 55232]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.1.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-03-16 21361]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-02-26 139192]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-02-26 134488]
R2 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-02-26 32584]
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
R3 FlrnUSB;Leadtek USB Network Interface; C:\WINDOWS\system32\DRIVERS\LtkUSB.sys [2008-05-14 41907]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-09-01 20480]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 AR9271;Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys [2009-08-14 1668352]
S3 CFcatchme;CFcatchme; \??\C:\DOCUME~1\Lilly\LOCALS~1\Temp\CFcatchme.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 K320bus;Sony Ericsson K320 driver (WDM); C:\WINDOWS\system32\DRIVERS\K320bus.sys [2006-08-18 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\K320mdfl.sys [2006-08-18 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\K320mdm.sys [2006-08-18 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\K320mgmt.sys [2006-08-18 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\K320obex.sys [2006-08-18 86368]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8192su.sys [2009-05-08 583552]
S3 sermouse;Serial Mouse Driver; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2004-09-01 17664]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-02-26 810120]
R2 FMMService;FMMService; C:\PROGRA~1\MOBILI~1\FMMSER~1.EXE [2007-12-06 40960]
R2 StarWindService;StarWind iSCSI Service; C:\Programy\alcohol\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\WINDOWS\System32\appdrvrem01.exe [2010-12-28 316888]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-02-26 33560]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 ProPortmap Service;ProPortmap Service; C:\ptc\portmap\portmap.exe [2001-01-19 57344]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
-----------------EOF-----------------
Logfile of random's system information tool 1.08 (written by random/random)
Run by Lilly at 2011-01-28 10:28:13
Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (33%) free of 10 GB
Total RAM: 383 MB (13% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:28:27, on 28. 1. 2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\PROGRA~1\MOBILI~1\FMMSER~1.EXE
C:\Programy\alcohol\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Lilly\Desktop\RSIT.exe
C:\Program Files\trend micro\Lilly.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_14\bin\npjpi142_14.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_14\bin\npjpi142_14.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastavit prekladac - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložit &oznacený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9964EE31-5653-4D26-8E70-30F48FC876A0}: NameServer = 192.138.27.98
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FMMService - Flarion Technologies, Inc. - C:\PROGRA~1\MOBILI~1\FMMSER~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProPortmap Service - Unknown owner - C:\ptc\portmap\portmap.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programy\alcohol\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 5046 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\PROGRA~1\PCTRAN~1\webie.dll [2004-05-13 319488]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-02-26 2140880]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\Programy\Adobe\READER~1.0\Reader\READER~1.EXE [2006-10-23 40048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\Programy\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
D:\programy\MSOFFI~1\Office\OSA9.EXE [2007-01-29 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^REALTEK 11n USB Wireless LAN Utility.lnk]
C:\PROGRA~1\REALTEK\11NUSB~1\RtWLan.exe [2009-05-04 933888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdate"=2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Program Files\proe2001\i486_nt\obj\xtop.exe"="C:\Program Files\proe2001\i486_nt\obj\xtop.exe:*:Enabled:xtop"
"C:\Program Files\proe2001\i486_nt\nms\nmsd.exe"="C:\Program Files\proe2001\i486_nt\nms\nmsd.exe:*:Enabled:nmsd"
"C:\Program Files\proe2001\i486_nt\obj\pro_comm_msg.exe"="C:\Program Files\proe2001\i486_nt\obj\pro_comm_msg.exe:*:Enabled:pro_comm_msg"
"C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe"="C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
======List of files/folders created in the last 1 months======
2011-01-28 10:28:13 ----D---- C:\rsit
2011-01-28 10:14:17 ----SHD---- C:\RECYCLER
2011-01-27 21:53:35 ----D---- C:\WINDOWS\temp
2011-01-27 15:08:05 ----A---- C:\Boot.bak
2011-01-27 15:07:56 ----RASHD---- C:\cmdcons
2011-01-27 00:34:33 ----D---- C:\Program Files\trend micro
2011-01-26 23:17:25 ----D---- C:\WINDOWS\pss
2011-01-25 22:16:03 ----AH---- C:\Documents and Settings\Lilly\Application Data\HhdFJl61DD.txt
2011-01-25 22:16:02 ----AH---- C:\Documents and Settings\Lilly\Application Data\Bgm7fGCGHJ.txt
2011-01-25 22:14:58 ----AH---- C:\Documents and Settings\Lilly\Application Data\IK6fDMGl71.txt
2011-01-25 01:46:11 ----D---- C:\Documents and Settings\Lilly\Application Data\Help
2011-01-25 00:46:35 ----D---- C:\Documents and Settings\Lilly\Application Data\skypePM
2011-01-25 00:40:51 ----D---- C:\Program Files\Common Files\Skype
2011-01-20 02:07:54 ----D---- C:\Documents and Settings\Lilly\Application Data\Naxy
======List of files/folders modified in the last 1 months======
2011-01-28 10:28:16 ----D---- C:\WINDOWS\Prefetch
2011-01-28 10:27:47 ----D---- C:\Documents and Settings\Lilly\Application Data\Skype
2011-01-28 10:22:40 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2011-01-28 10:22:19 ----D---- C:\WINDOWS
2011-01-28 10:22:19 ----A---- C:\WINDOWS\RTacDbg.txt
2011-01-28 10:21:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-01-28 10:12:37 ----SHD---- C:\System Volume Information
2011-01-28 10:12:37 ----D---- C:\WINDOWS\system32\Restore
2011-01-28 10:11:51 ----D---- C:\WINDOWS\system32\drivers
2011-01-28 09:24:46 ----SD---- C:\WINDOWS\Tasks
2011-01-28 09:24:46 ----RD---- C:\Program Files
2011-01-28 09:24:46 ----D---- C:\WINDOWS\system32
2011-01-27 21:50:39 ----D---- C:\WINDOWS\system32\CatRoot2
2011-01-27 21:49:07 ----A---- C:\WINDOWS\system.ini
2011-01-27 21:48:16 ----D---- C:\WINDOWS\system32\drivers\etc
2011-01-27 21:45:29 ----D---- C:\WINDOWS\system32\config
2011-01-27 21:39:52 ----D---- C:\WINDOWS\AppPatch
2011-01-27 21:39:48 ----D---- C:\Program Files\Common Files
2011-01-27 21:23:59 ----D---- C:\WINDOWS\twain_32
2011-01-27 15:08:05 ----RASH---- C:\boot.ini
2011-01-27 11:31:04 ----D---- C:\WINDOWS\Minidump
2011-01-27 10:40:37 ----A---- C:\WINDOWS\win.ini
2011-01-25 01:46:11 ----D---- C:\WINDOWS\Help
2011-01-25 00:43:38 ----SHD---- C:\WINDOWS\Installer
2011-01-25 00:43:25 ----D---- C:\Config.Msi
2011-01-25 00:40:59 ----RD---- C:\Program Files\Skype
2011-01-25 00:39:48 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2011-01-25 00:32:31 ----D---- C:\Documents and Settings\Lilly\Application Data\ICQ
2011-01-17 11:40:18 ----SD---- C:\Documents and Settings\Lilly\Application Data\Microsoft
2011-01-17 11:39:08 ----D---- C:\WINDOWS\WinSxS
2011-01-17 11:39:01 ----RSD---- C:\WINDOWS\Fonts
2011-01-17 11:38:39 ----D---- C:\Program Files\Microsoft Office
2011-01-17 11:38:35 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-01-09 13:07:31 ----D---- C:\Program Files\MSECache
2011-01-06 10:15:11 ----D---- C:\Program Files\ICQ7.2
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-05-16 46080]
R0 Vax347b;Vax347b; C:\WINDOWS\system32\DRIVERS\Vax347b.sys [2005-04-25 159616]
R0 Vax347s;Vax347s; C:\WINDOWS\System32\Drivers\Vax347s.sys [2004-04-30 5248]
R1 appdrv01;Application Driver (01); C:\WINDOWS\System32\Drivers\appdrv01.sys [2010-12-28 3333808]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-02-26 114984]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-02-26 55232]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.1.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-03-16 21361]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-02-26 139192]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-02-26 134488]
R2 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-02-26 32584]
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
R3 FlrnUSB;Leadtek USB Network Interface; C:\WINDOWS\system32\DRIVERS\LtkUSB.sys [2008-05-14 41907]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-09-01 20480]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 AR9271;Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys [2009-08-14 1668352]
S3 CFcatchme;CFcatchme; \??\C:\DOCUME~1\Lilly\LOCALS~1\Temp\CFcatchme.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 K320bus;Sony Ericsson K320 driver (WDM); C:\WINDOWS\system32\DRIVERS\K320bus.sys [2006-08-18 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\K320mdfl.sys [2006-08-18 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\K320mdm.sys [2006-08-18 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\K320mgmt.sys [2006-08-18 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\K320obex.sys [2006-08-18 86368]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8192su.sys [2009-05-08 583552]
S3 sermouse;Serial Mouse Driver; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2004-09-01 17664]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-02-26 810120]
R2 FMMService;FMMService; C:\PROGRA~1\MOBILI~1\FMMSER~1.EXE [2007-12-06 40960]
R2 StarWindService;StarWind iSCSI Service; C:\Programy\alcohol\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\WINDOWS\System32\appdrvrem01.exe [2010-12-28 316888]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-02-26 33560]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 ProPortmap Service;ProPortmap Service; C:\ptc\portmap\portmap.exe [2001-01-19 57344]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
-----------------EOF-----------------
Re: PC mrzne, nereaguje - prosim o kontrolu
Jeste poprosim o druhy log z RSIT s nazvem info.txt, je ulozen v c:\rsit
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
justrideit
- Návštěvník
- Příspěvky: 73
- Registrován: 15 pro 2009 10:12
Re: PC mrzne, nereaguje - prosim o kontrolu
Info.txt:
info.txt logfile of random's system information tool 1.08 2011-01-28 10:28:35
======Uninstall list======
-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A80000000000}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Balík Compatibility Pack pre systém Office 2007-->MsiExec.exe /X{90120000-0020-041B-0000-0000000FF1CE}
BS.Player FREE-->"C:\Programy\BSplayer Pro\uninstall.exe"
BSplayer Pro 2.12.941-->"C:\Programy\BSplayer Pro\unins000.exe"
Capture-A-ScreenShot-->C:\Programy\Capture-A-ScreenShot\unins000.exe
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Codec Pack - All In 1 6.0.3.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
CorelDRAW Graphics Suite 11-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{07A540AB-D785-11D5-8E89-0090275862A0}
Dávid-->"C:\Program Files\V mene Pana zastupov\unins000.exe"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
ICQ7.2-->"C:\Program Files\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
Java 2 Runtime Environment, SE v1.4.2_14-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142140}
MediaCoder 0.6.0-->C:\Program Files\MediaCoder\uninst.exe
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000405-78E1-11D2-B60F-006097C998E7}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Mobility Manager-->"C:\Program Files\Mobility Manager\Uninstall Mobility Manager\Uninstall Mobility Manager.exe"
Mozilla Firefox (3.6.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{6869591A-7DD8-46D2-837F-57CBF7358955}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng_web.exe
Nokia PC Suite-->MsiExec.exe /I{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}
PC Connectivity Solution-->MsiExec.exe /I{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}
PC Translator 2004 Komplet-->C:\PROGRA~1\PCTRAN~1\UNWISE.EXE C:\PROGRA~1\PCTRAN~1\INSTALL.LOG
Pro/ENGINEER 2001 [2001150]-->MsiExec.exe /I{E3359739-380C-11D5-80E0-00C04F791ACB}
QIP 2005 Uninstall-->"C:\Programy\QIP\unqip.exe"
REALTEK 11n USB Wireless LAN Driver and Utility-->C:\Program Files\InstallShield Installation Information\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}\Install.exe -uninst -l0x1B
Skype™ 5.1-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
Sony Ericsson PC Suite-->MsiExec.exe /I{5F0FC860-ADE1-4B2D-B0A9-CB9FB17C46E8}
Staò sa svetobežníkom-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{731CC4F1-DD69-46E9-B372-65F1081666B8}\Setup.exe" -l0x1b
Winamp (remove only)-->"C:\Programy\Winamp\UninstWA.exe"
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_0777326F40B753DD4E385F058ADB286B70A301FE\nokbtmdm.inf
Windows Driver Package - Nokia Modem (10/05/2009 4.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_AAB746D5658CCF4CAE7A35CED5F0ADA3C447A973\nokia_bluetooth.inf
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
======Security center information======
AV: ESET Smart Security 4.2 (outdated)
FW: ESET personal firewall
======System event log======
Computer Name: LUKY
Event Code: 59
Message: Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL.
Reference error message: The operation completed successfully.
.
Record Number: 8
Source Name: SideBySide
Time Written: 20110126232636.000000+060
Event Type: error
User:
Computer Name: LUKY
Event Code: 59
Message: Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.
Record Number: 7
Source Name: SideBySide
Time Written: 20110126232636.000000+060
Event Type: error
User:
Computer Name: LUKY
Event Code: 32
Message: Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
Record Number: 6
Source Name: SideBySide
Time Written: 20110126232636.000000+060
Event Type: error
User:
Computer Name: LUKY
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
Record Number: 5
Source Name: DCOM
Time Written: 20110126232623.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM
Computer Name: LUKY
Event Code: 1002
Message: The IP address lease 10.252.95.209 for the Network Card with network address 003004001E8E has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
Record Number: 3
Source Name: Dhcp
Time Written: 20110126232534.000000+060
Event Type: error
User:
=====Application event log=====
Computer Name: LUKY
Event Code: 1040
Message: Windows cannot query ProcessGroupPolicy registry entry for scecli.dll and it will not be loaded. This is most likely caused by a faulty registration.
Record Number: 11
Source Name: Userenv
Time Written: 20100913153641.000000+120
Event Type: error
User: NT AUTHORITY\SYSTEM
Computer Name: LUKY
Event Code: 1040
Message: Windows cannot query ProcessGroupPolicy registry entry for scecli.dll and it will not be loaded. This is most likely caused by a faulty registration.
Record Number: 8
Source Name: Userenv
Time Written: 20100913141018.000000+120
Event Type: error
User: NT AUTHORITY\SYSTEM
Computer Name: LUKY
Event Code: 1040
Message: Windows cannot query ProcessGroupPolicy registry entry for scecli.dll and it will not be loaded. This is most likely caused by a faulty registration.
Record Number: 7
Source Name: Userenv
Time Written: 20100913140529.000000+120
Event Type: error
User: NT AUTHORITY\SYSTEM
Computer Name: LUKY
Event Code: 1040
Message: Windows cannot query ProcessGroupPolicy registry entry for scecli.dll and it will not be loaded. This is most likely caused by a faulty registration.
Record Number: 4
Source Name: Userenv
Time Written: 20100913122228.000000+120
Event Type: error
User: NT AUTHORITY\SYSTEM
Computer Name: LUKY
Event Code: 1040
Message: Windows cannot query ProcessGroupPolicy registry entry for scecli.dll and it will not be loaded. This is most likely caused by a faulty registration.
Record Number: 1
Source Name: Userenv
Time Written: 20100913122214.000000+120
Event Type: error
User: NT AUTHORITY\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\proe2001\bin
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0103
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DEFAULT_CA_NR"=CA6
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.08 2011-01-28 10:28:35
======Uninstall list======
-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A80000000000}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Balík Compatibility Pack pre systém Office 2007-->MsiExec.exe /X{90120000-0020-041B-0000-0000000FF1CE}
BS.Player FREE-->"C:\Programy\BSplayer Pro\uninstall.exe"
BSplayer Pro 2.12.941-->"C:\Programy\BSplayer Pro\unins000.exe"
Capture-A-ScreenShot-->C:\Programy\Capture-A-ScreenShot\unins000.exe
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Codec Pack - All In 1 6.0.3.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
CorelDRAW Graphics Suite 11-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{07A540AB-D785-11D5-8E89-0090275862A0}
Dávid-->"C:\Program Files\V mene Pana zastupov\unins000.exe"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
ICQ7.2-->"C:\Program Files\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
Java 2 Runtime Environment, SE v1.4.2_14-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142140}
MediaCoder 0.6.0-->C:\Program Files\MediaCoder\uninst.exe
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000405-78E1-11D2-B60F-006097C998E7}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Mobility Manager-->"C:\Program Files\Mobility Manager\Uninstall Mobility Manager\Uninstall Mobility Manager.exe"
Mozilla Firefox (3.6.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{6869591A-7DD8-46D2-837F-57CBF7358955}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng_web.exe
Nokia PC Suite-->MsiExec.exe /I{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}
PC Connectivity Solution-->MsiExec.exe /I{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}
PC Translator 2004 Komplet-->C:\PROGRA~1\PCTRAN~1\UNWISE.EXE C:\PROGRA~1\PCTRAN~1\INSTALL.LOG
Pro/ENGINEER 2001 [2001150]-->MsiExec.exe /I{E3359739-380C-11D5-80E0-00C04F791ACB}
QIP 2005 Uninstall-->"C:\Programy\QIP\unqip.exe"
REALTEK 11n USB Wireless LAN Driver and Utility-->C:\Program Files\InstallShield Installation Information\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}\Install.exe -uninst -l0x1B
Skype™ 5.1-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
Sony Ericsson PC Suite-->MsiExec.exe /I{5F0FC860-ADE1-4B2D-B0A9-CB9FB17C46E8}
Staò sa svetobežníkom-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{731CC4F1-DD69-46E9-B372-65F1081666B8}\Setup.exe" -l0x1b
Winamp (remove only)-->"C:\Programy\Winamp\UninstWA.exe"
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_0777326F40B753DD4E385F058ADB286B70A301FE\nokbtmdm.inf
Windows Driver Package - Nokia Modem (10/05/2009 4.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_AAB746D5658CCF4CAE7A35CED5F0ADA3C447A973\nokia_bluetooth.inf
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
======Security center information======
AV: ESET Smart Security 4.2 (outdated)
FW: ESET personal firewall
======System event log======
Computer Name: LUKY
Event Code: 59
Message: Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL.
Reference error message: The operation completed successfully.
.
Record Number: 8
Source Name: SideBySide
Time Written: 20110126232636.000000+060
Event Type: error
User:
Computer Name: LUKY
Event Code: 59
Message: Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.
Record Number: 7
Source Name: SideBySide
Time Written: 20110126232636.000000+060
Event Type: error
User:
Computer Name: LUKY
Event Code: 32
Message: Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
Record Number: 6
Source Name: SideBySide
Time Written: 20110126232636.000000+060
Event Type: error
User:
Computer Name: LUKY
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
Record Number: 5
Source Name: DCOM
Time Written: 20110126232623.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM
Computer Name: LUKY
Event Code: 1002
Message: The IP address lease 10.252.95.209 for the Network Card with network address 003004001E8E has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
Record Number: 3
Source Name: Dhcp
Time Written: 20110126232534.000000+060
Event Type: error
User:
=====Application event log=====
Computer Name: LUKY
Event Code: 1040
Message: Windows cannot query ProcessGroupPolicy registry entry for scecli.dll and it will not be loaded. This is most likely caused by a faulty registration.
Record Number: 11
Source Name: Userenv
Time Written: 20100913153641.000000+120
Event Type: error
User: NT AUTHORITY\SYSTEM
Computer Name: LUKY
Event Code: 1040
Message: Windows cannot query ProcessGroupPolicy registry entry for scecli.dll and it will not be loaded. This is most likely caused by a faulty registration.
Record Number: 8
Source Name: Userenv
Time Written: 20100913141018.000000+120
Event Type: error
User: NT AUTHORITY\SYSTEM
Computer Name: LUKY
Event Code: 1040
Message: Windows cannot query ProcessGroupPolicy registry entry for scecli.dll and it will not be loaded. This is most likely caused by a faulty registration.
Record Number: 7
Source Name: Userenv
Time Written: 20100913140529.000000+120
Event Type: error
User: NT AUTHORITY\SYSTEM
Computer Name: LUKY
Event Code: 1040
Message: Windows cannot query ProcessGroupPolicy registry entry for scecli.dll and it will not be loaded. This is most likely caused by a faulty registration.
Record Number: 4
Source Name: Userenv
Time Written: 20100913122228.000000+120
Event Type: error
User: NT AUTHORITY\SYSTEM
Computer Name: LUKY
Event Code: 1040
Message: Windows cannot query ProcessGroupPolicy registry entry for scecli.dll and it will not be loaded. This is most likely caused by a faulty registration.
Record Number: 1
Source Name: Userenv
Time Written: 20100913122214.000000+120
Event Type: error
User: NT AUTHORITY\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\proe2001\bin
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0103
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DEFAULT_CA_NR"=CA6
-----------------EOF-----------------
Re: PC mrzne, nereaguje - prosim o kontrolu
Mate zastaraly ESET Smart Security - ten predpokladam mate legalni
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?