trojan šmejd QZD

[dady64sk]

ahoj,
prosim o pomoc pri odstraneni infekcie, a pozriet, ci okrem podozrivych
E:\WINDOWS\Qsaxoa.exe
E:\DOCUME~1\User\LOCALS~1\Temp\Qzd.exe
tam nie je este aj nieco dalsie; thx

log z RSIT:
Logfile of random's system information tool 1.08 (written by random/random)
Run by User at 2011-03-10 08:47:20
Systém Microsoft Windows XP Professional Service Pack 2
System drive E: has 2 GB (9%) free of 22 GB
Total RAM: 1536 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:48:04, on 10.3.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\AVG\AVG9\avgchsvx.exe
E:\Program Files\AVG\AVG9\avgrsx.exe
E:\Program Files\AVG\AVG9\avgcsrvx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
E:\Program Files\AVG\AVG9\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\system32\PrintCtrl.exe
E:\Program Files\AVG\AVG9\avgam.exe
E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\Program Files\AVG\AVG9\avgnsx.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\AVG\AVG9\avgemc.exe
E:\Program Files\AVG\AVG9\avgcsrvx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\Qsaxoa.exe
E:\WINDOWS\htpatch.exe
E:\Program Files\Unlocker\UnlockerAssistant.exe
E:\PROGRA~1\AVG\AVG9\avgtray.exe
E:\WINDOWS\system32\PrintDisp.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe
E:\Program Files\Microsoft Office\Office\1029\msoffice.exe
E:\Program Files\Canon\CAL\CALMAIN.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Skype\Plugin Manager\skypePM.exe
E:\Program Files\AVG\AVG9\avgcsrvx.exe
E:\Program Files\Mozilla Thunderbird\thunderbird.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\totalcmd\TOTALCMD.EXE
E:\DOCUME~1\User\LOCALS~1\Temp\Qzd.exe
X:\software\antivir\RSIT.exe
E:\Program Files\trend micro\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - E:\WINDOWS\system32\HDBHO.dll
O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - E:\Program Files\Freecorder\tbFre0.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - E:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - E:\Program Files\Freecorder\tbFre0.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [HTpatch] E:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "E:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] E:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [PrintDisp] E:\WINDOWS\system32\PrintDisp.exe
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [KUGHGZXAKT] E:\DOCUME~1\User\LOCALS~1\Temp\Qzd.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: Dropbox.lnk = E:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Dropbox.lnk = E:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = E:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://E:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download with GetRight - E:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - E:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Stiahni polozku pomocou Net Transport - E:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stiahni vsetky polozky cez Net Transport - E:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .swf: E:\Program Files\Netscape\Communicator\Program\PLUGINS\NPSWF32.dll
O15 - Trusted Zone: http://www.applian.com
O15 - Trusted Zone: http://izgard.cenia.cz
O15 - Trusted Zone: http://*.czshare.com
O15 - Trusted Zone: *.enviro.gov.sk
O15 - Trusted Zone: http://www.katasterportal.sk
O15 - Trusted Zone: http://www.podnemapy.sk
O15 - Trusted Zone: http://*.podnemapy.sk
O15 - Trusted Zone: http://www.post.sk
O15 - Trusted Zone: http://www.radiosamson.cz
O15 - Trusted Zone: *.sazp.sk
O15 - Trusted Zone: www.slsp.sk
O15 - Trusted Zone: www.turistickamapa.sk
O15 - Trusted IP range: http://195.28.70.134
O15 - Trusted IP range: 192.168.233.101
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://E:\Program Files\Jigsaw Puzzle Platinum\Images\stg_drm.ocx
O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://192.168.233.101/cab/OCXChecker_6110.cab
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) -
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://E:\Program Files\Jigsaw Puzzle Platinum\Images\armhelper.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5F8C7B1-E411-48C2-A754-A9F5AF2EFB2E}: NameServer = 192.168.110.99,192.168.110.100,195.146.128.60
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE0D91B7-709A-4F6C-88AD-9F640E3333E5}: NameServer = 192.168.110.99,192.168.110.100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ArcGIS License Manager - Unknown owner - E:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - E:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - E:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - E:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Printer Control - ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM - E:\WINDOWS\system32\PrintCtrl.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 11371 bytes

======Scheduled tasks folder======

E:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
E:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02DCA195-602B-4B1F-83FF-381B7E804BDB}]
E:\WINDOWS\system32\HDBHO.dll [2003-03-27 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
Freecorder Toolbar - E:\Program Files\Freecorder\tbFre0.dll [2010-09-17 2735200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - E:\Program Files\AVG\AVG9\avgssie.dll [2010-11-25 1623392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - E:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C56CB6B0-0D96-11D6-8C65-B2868B609932}]
NTIECatcher Class - E:\Program Files\Xi\NetTransport 2\NTIEHelper.dll [2004-07-19 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - E:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-22 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-22 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046}
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
{1392b8d2-5c05-419f-a8f6-b9f15a596612} - Freecorder Toolbar - E:\Program Files\Freecorder\tbFre0.dll [2010-09-17 2735200]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"=E:\WINDOWS\htpatch.exe [2002-10-30 28672]
"UnlockerAssistant"=E:\Program Files\Unlocker\UnlockerAssistant.exe [2009-10-26 15872]
"AVG9_TRAY"=E:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-11-25 2069344]
"PrintDisp"=E:\WINDOWS\system32\PrintDisp.exe [2009-08-21 878080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=E:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]
"KUGHGZXAKT"=E:\DOCUME~1\User\LOCALS~1\Temp\Qzd.exe [2011-03-09 125440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
E:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2006-01-12 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Budík]
C:\Ado\My Data\privat\BUDIK104\Budik.exe [2000-01-10 1497600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
E:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelDRAW Graphics Suite 11b]
E:\Program Files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe [2004-06-23 729088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
E:\WINDOWS\System32\ctfmon.exe [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
E:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
E:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KUGHGZXAKT]
E:\DOCUME~1\User\LOCALS~1\Temp\Qzd.exe [2011-03-09 125440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
E:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
E:\WINDOWS\System32\NvCpl.dll [2003-11-17 3022848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
E:\WINDOWS\System32\NVMCTRAY.DLL [2003-11-17 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
E:\Program Files\QuickTime\qttask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
E:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
E:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
E:\Program Files\Java\jre6\bin\jusched.exe [2009-06-22 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
E:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
E:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2005-10-24 307200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
E:\PROGRA~1\Adobe\ACROBA~1.0CE\Distillr\AcroTray.exe [2001-03-15 49254]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
E:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-02-15 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
E:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2002-01-15 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
E:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office\OSA9.EXE

E:\Documents and Settings\User\Start Menu\Programs\Startup
Dropbox.lnk - E:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
E:\WINDOWS\system32\avgrsstx.dll [2010-06-22 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0xB1000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Program Files\GetRight\getright.exe"="E:\Program Files\GetRight\getright.exe:*:Enabled:GetRight® www.getright.com"
"E:\Program Files\WinHTTrack\WinHTTrack.exe"="E:\Program Files\WinHTTrack\WinHTTrack.exe:*:Disabled:WinHTTrack Website Copier, Web Site mirroring for professional and private purposes"
"E:\Program Files\Mozilla Firefox\firefox.exe"="E:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"E:\Program Files\Windows Media Player\wmplayer.exe"="E:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"E:\Program Files\Internet Explorer\iexplore.exe"="E:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\wincmd\WINCMD32.EXE"="C:\wincmd\WINCMD32.EXE:*:Enabled:Windows Commander 32 bit international version, file manager replacement for Windows"
"E:\Program Files\VideoLAN\VLC\vlc.exe"="E:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"E:\Program Files\Java\jre1.5.0_01\bin\javaw.exe"="E:\Program Files\Java\jre1.5.0_01\bin\javaw.exe:*:Disabled:Java(TM) 2 Platform Standard Edition binary"
"X:\Download\_rapget141\rapget.exe"="X:\Download\_rapget141\rapget.exe:*:Enabled:rapget"
"E:\Program Files\AVG\AVG8\avgam.exe"="E:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"E:\Program Files\AVG\AVG8\avgdiag.exe"="E:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"E:\Program Files\AVG\AVG8\avgdiagex.exe"="E:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"E:\Program Files\AVG\AVG8\avgemc.exe"="E:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"E:\Program Files\AVG\AVG8\avgupd.exe"="E:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"E:\Program Files\AVG\AVG8\avgnsx.exe"="E:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"E:\Program Files\Mozilla Thunderbird\thunderbird.exe"="E:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"E:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe"="E:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe:*:Enabled:Adobe Acrobat 7.0"
"E:\Program Files\Java\jre6\bin\javaw.exe"="E:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"E:\Program Files\Java\jre6\bin\java.exe"="E:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"E:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\PaperCapture\Server\Roman\capserve.exe"="E:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\PaperCapture\Server\Roman\capserve.exe:*:Enabled:Adobe Acrobat Capture Server"
"E:\Program Files\Bonjour\mDNSResponder.exe"="E:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\Program Files\AVG\AVG9\avgam.exe"="E:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"E:\Program Files\AVG\AVG9\avgdiagex.exe"="E:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"E:\Program Files\AVG\AVG9\avgemc.exe"="E:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"E:\Program Files\AVG\AVG9\avgupd.exe"="E:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"E:\Program Files\AVG\AVG9\avgnsx.exe"="E:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"E:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="E:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"E:\Program Files\ArcGIS\Bin\ArcMap.exe"="E:\Program Files\ArcGIS\Bin\ArcMap.exe:*:Disabled:ArcMap"
"E:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe"="E:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"E:\Program Files\Skype\Phone\Skype.exe"="E:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.ini - open - "E:\Program Files\NoteTab Light\NoteTab.exe" "%1"
.txt - open - "E:\Program Files\NoteTab Light\NoteTab.exe" "%1"

======List of files/folders created in the last 1 months======

2011-03-10 08:47:24 ----D---- E:\Program Files\trend micro
2011-03-10 08:47:20 ----D---- E:\rsit
2011-03-09 15:11:39 ----A---- E:\WINDOWS\Qsaxoa.exe
2011-03-09 15:11:10 ----A---- E:\WINDOWS\system32\sshnas21.dll
2011-03-09 12:51:57 ----A---- E:\WINDOWS\demdata.txt
2011-03-09 11:00:46 ----D---- E:\Program Files\Finale NotePad 2010
2011-03-09 08:39:27 ----D---- E:\Documents and Settings\User\Application Data\Thinstall
2011-02-25 10:48:08 ----D---- E:\Documents and Settings\User\Application Data\NwDocx
2011-02-25 10:47:20 ----D---- E:\Documents and Settings\User\Application Data\Docx2Rtf
2011-02-15 13:25:28 ----D---- E:\Documents and Settings\User\Application Data\Dropbox

======List of files/folders modified in the last 1 months======

2011-03-10 08:47:25 ----D---- E:\WINDOWS\Prefetch
2011-03-10 08:47:24 ----RD---- E:\Program Files
2011-03-10 08:46:13 ----D---- E:\WINDOWS\Temp
2011-03-10 08:35:19 ----SD---- E:\WINDOWS\Tasks
2011-03-10 08:33:20 ----D---- E:\Documents and Settings\User\Application Data\Skype
2011-03-10 08:09:30 ----D---- E:\WINDOWS\system32\drivers\Avg
2011-03-10 08:02:40 ----A---- E:\WINDOWS\wincmd.ini
2011-03-10 07:55:05 ----D---- E:\Program Files\Mozilla Firefox
2011-03-10 07:54:21 ----D---- E:\Program Files\Mozilla Thunderbird
2011-03-10 07:50:54 ----A---- E:\WINDOWS\SchedLgU.Txt
2011-03-10 07:50:04 ----A---- E:\WINDOWS\win.ini
2011-03-10 07:50:04 ----A---- E:\WINDOWS\system.ini
2011-03-10 07:33:33 ----D---- E:\Documents and Settings\User\Application Data\PriceGong
2011-03-10 07:27:58 ----D---- E:\Documents and Settings\User\Application Data\skypePM
2011-03-09 15:33:29 ----A---- E:\WINDOWS\NeroDigital.ini
2011-03-09 15:13:56 ----D---- E:\WINDOWS
2011-03-09 15:11:10 ----D---- E:\WINDOWS\system32
2011-03-09 12:30:01 ----RSHD---- E:\Documents and Settings\All Users\Application Data\Temp
2011-03-09 11:01:30 ----SHD---- E:\WINDOWS\Installer
2011-03-09 11:01:28 ----D---- E:\WINDOWS\WinSxS
2011-03-09 11:01:13 ----RSD---- E:\WINDOWS\Fonts
2011-03-07 13:42:23 ----SD---- E:\WINDOWS\Downloaded Program Files
2011-03-07 13:42:21 ----D---- E:\WINDOWS\system32\CatRoot2
2011-03-04 14:41:19 ----A---- E:\WINDOWS\wcx_ftp.ini
2011-03-04 09:22:01 ----A---- E:\WINDOWS\M3JPEG.INI
2011-03-04 09:08:11 ----D---- E:\Program Files\Avidemux 2.5
2011-03-04 08:56:21 ----D---- E:\Program Files\Monkey's Audio
2011-03-03 15:31:35 ----A---- E:\Documents and Settings\User\Application Data\ntl.ini
2011-03-03 13:24:06 ----D---- E:\Documents and Settings\User\Application Data\PhotoScape
2011-03-01 14:33:33 ----A---- E:\WINDOWS\cdplayer.ini
2011-02-25 15:42:47 ----D---- E:\Documents and Settings\User\Application Data\CoreFTP
2011-02-21 07:53:39 ----D---- E:\Program Files\videofixer
2011-02-18 10:16:07 ----D---- E:\Program Files\GetRight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AvgRkx86;avgrkx86.sys; E:\WINDOWS\System32\Drivers\avgrkx86.sys [2010-03-05 52872]
R0 BTHidEnum;Bluetooth HID Enumerator; E:\WINDOWS\System32\Drivers\vbtenum.sys [2007-03-05 20880]
R0 BTHidMgr;Bluetooth HID Manager Service; E:\WINDOWS\System32\Drivers\BTHidMgr.sys [2007-03-05 35600]
R0 sisagp;SiS AGP Filter; E:\WINDOWS\System32\DRIVERS\SISAGPX.sys [2002-10-31 30848]
R0 SiSide;SiSide; E:\WINDOWS\System32\DRIVERS\siside.sys [2002-10-21 6016]
R0 sisidex;sisidex; E:\WINDOWS\system32\drivers\sisidex.sys [2002-10-17 49024]
R0 sisperf;Add Performance Filter Driver; E:\WINDOWS\system32\drivers\sisperf.sys [2002-08-20 9472]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; E:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-04-11 82944]
R1 AFS2K;AFS2k; E:\WINDOWS\system32\drivers\AFS2K.sys [2005-01-12 82380]
R1 AvgLdx86;AVG AVI Loader Driver x86; E:\WINDOWS\System32\Drivers\avgldx86.sys [2010-06-22 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; E:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-02 29584]
R1 AvgTdiX;AVG8 Network Redirector; E:\WINDOWS\System32\Drivers\avgtdix.sys [2010-06-22 243024]
R1 BANTExt;Belarc SMBios Access; E:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 intelppm;Intel Processor Driver; E:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R2 ElbyCDIO;ElbyCDIO Driver; E:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-04-22 8064]
R2 Sentinel;Sentinel; E:\WINDOWS\System32\Drivers\SENTINEL.SYS [2004-05-14 76288]
R3 aeaudio;aeaudio; E:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 BlueletAudio;Bluetooth Audio Service; E:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-05-11 34704]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; E:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792]
R3 BT;Bluetooth PAN Network Adapter; E:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 ElbyCDFL;ElbyCDFL; E:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 nv;nv; E:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-11-17 1618939]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; E:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-29 5888]
R3 rtl8029;Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver; E:\WINDOWS\System32\DRIVERS\RTL8029.SYS [2001-08-17 19017]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; E:\WINDOWS\System32\DRIVERS\sisnic.sys [2002-07-10 32256]
R3 smwdm;smwdm; E:\WINDOWS\system32\drivers\smwdm.sys [2002-12-05 534976]
R3 usbscan;USB Scanner Driver; E:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;USB Mass Storage Driver; E:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 VComm;Virtual Serial port driver; E:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; E:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
S2 713xTVCard;SAA7130 TV Card; E:\WINDOWS\System32\DRIVERS\SAA713x.sys [2005-03-15 277504]
S2 PfModNT;PfModNT; \??\E:\WINDOWS\System32\PfModNT.sys []
S3 Bridge;MAC Bridge; E:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552]
S3 BridgeMP;MAC Bridge Miniport; E:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; E:\WINDOWS\System32\Drivers\btcusb.sys [2007-05-09 36496]
S3 BTNetFilter;Bluetooth Network Filter; \??\E:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys []
S3 Cap7134;Philips WDM Video Capture; E:\WINDOWS\System32\DRIVERS\Cap7134.sys [2003-03-07 348160]
S3 CCDECODE;Closed Caption Decoder; E:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 FlyPCI;FlyPCI; \??\E:\PROGRA~1\FLY200~1\FlyPCI.sys []
S3 k600bus;Sony Ericsson 600i driver (WDM); E:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 52384]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers; E:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 79248]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers; E:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 77072]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; E:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; E:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; E:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; E:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); E:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; E:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; E:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; E:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 WpdUsb;WpdUsb; E:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-05-09 40704]
S3 WSTCODEC;World Standard Teletext Codec; E:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; E:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-04-11 87808]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ArcGIS License Manager;ArcGIS License Manager; E:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe [1999-12-01 467968]
R2 avg9emc;AVG E-mail Scanner; E:\Program Files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
R2 avg9wd;AVG WatchDog; E:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; E:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CCALib8;Canon Camera Access Library 8; E:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 JavaQuickStarterService;Java Quick Starter; E:\Program Files\Java\jre6\bin\jqs.exe [2009-06-22 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; E:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-02-17 73728]
R2 NVSvc;NVIDIA Display Driver Service; E:\WINDOWS\System32\nvsvc32.exe [2003-11-17 77824]
R2 Printer Control;Printer Control; E:\WINDOWS\system32\PrintCtrl.exe [2009-06-16 77824]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 SSHNAS;SSHNAS; E:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; E:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
S3 Adobe LM Service;Adobe LM Service; E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-02-14 69632]
S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-22 654848]
S3 gusvc;Google Updater Service; E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-11 136120]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; E:\Program Files\Windows Media Player\WMPNetwk.exe [2006-05-09 823808]

-----------------EOF-----------------

[JaRon]

1. ukonci proces a subor zmaz:
E:\DOCUME~1\User\LOCALS~1\Temp\Qzd.exe
2. zvysok docisti s MBAM

[dady64sk]

co ten Qsaxoa.exe ?
ten mam tiez v spustenych proceesoch
myslim, ze Qzd je len nasledok, pretoze ked som ho vypol v procesoch pri spusteni, tak po restarte compu tam bol znova

[JaRon]

si celkom bystry ale mas tam toho omnoho viac, nechaj zakladnu pracu vykonat MBAM a potom docistime rucne, ak bude treba

[dady64sk]

nuz, bystry... len sa trochu vyznam do toho zeleza co mam na stole
ok, idem na to

[dady64sk]

log z MBAM (no, urodilo sa...):

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verzia databázy: 6009

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

10.3.2011 9:51:44
mbam-log-2011-03-10 (09-51-39).txt

Typ kontroly: Rýchla kontrola
Objektov kontrolovaných: 179774
Uplynutý čas: 12 min, 24 sek

Infikované služby pamäte: 1
Infikované moduly pamäte: 1
Infikované registračné kľúče: 9
Infikované registračné hodnoty: 1
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 5

Infikované služby pamäte:
e:\WINDOWS\Qsaxoa.exe (Trojan.Agent) -> 2416 -> No action taken.

Infikované moduly pamäte:
e:\WINDOWS\system32\sshnas21.dll (Trojan.Agent) -> No action taken.

Infikované registračné kľúče:
HKEY_CLASSES_ROOT\CLSID\{02DCA195-602B-4B1F-83FF-381B7E804BDB} (IPH.GenericBHO) -> No action taken.
HKEY_CLASSES_ROOT\HDBHO.IEHelper (IPH.GenericBHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02DCA195-602B-4B1F-83FF-381B7E804BDB} (IPH.GenericBHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{02DCA195-602B-4B1F-83FF-381B7E804BDB} (IPH.GenericBHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\KUGHGZXAKT (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\VXEG3ZNNE5 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> No action taken.

Infikované registračné hodnoty:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KUGHGZXAKT (Trojan.FakeAlert) -> Value: KUGHGZXAKT -> No action taken.

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
e:\WINDOWS\system32\sshnas21.dll (Trojan.Agent) -> No action taken.
e:\WINDOWS\Qsaxoa.exe (Trojan.Agent) -> No action taken.
e:\WINDOWS\system32\HDBHO.dll (IPH.GenericBHO) -> No action taken.
e:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> No action taken.
e:\WINDOWS\Tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job (Trojan.Downloader) -> No action taken.

[JaRon]

vsetko najdene nechaj zmazat v MBAM - RESTART - a zopakuj kontrolu >> uplny scan

[dady64sk]

uplny scan systemovej particie, log nizsie;
pocas scanovania ProgramFiles\.. vybehol dvakrat rezidentny stit AVG s tym, ze nasiel v dvoch programoch trojan (mam to opatchovane, ale uz dlho a problem s tym nebol), dal som Ignore, ci to bude registrovat MBAM, ale nic nevyhodil:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verzia databázy: 6009

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

10.3.2011 12:41:57
mbam-log-2011-03-10 (12-41-57).txt

Typ kontroly: Úplná kontrola (E:\|)
Objektov kontrolovaných: 304217
Uplynutý čas: 2 hod, 23 min, 12 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 0

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
(Škodlivé položky neboli zistené)
-------------------------------

[JaRon]

no fajn, mohlo by to byt ciste ,,,
otestuj na www.virustotal.com subor E:\WINDOWS\htpatch.exe
+
doporucenia:
doinstalovat SP3 + odinstalovat SpyBot + podumat nad vymenou AV

[dady64sk]

kontrola na VirusTotal:
---------
File name: htpatch.exe
Submission date: 2011-03-10 12:28:18 (UTC)
Current status: queued (#14) queued (#1) analysing finished
Result: 1/ 43 (2.3%)

jediny nalez:
TheHacker 6.7.0.1.147 2011.03.10 Aplicacion/Riskware.Tool.Htpatch
-----------
neviem, ci treba nieco este z Add info ?

k doporuceniam:
SP3 - hmmm, som bez neho dost dlho
AVG mame lic. v praci, takze tazko menit
SpyBot - preco odinstalit ? je pravda, ze uz som ho dooost dlho nepouzil a TeaTimer som zrusil, lebo otravoval...

[JaRon]

OKi to boli doporucenia takze hotovo
osobne by som si SpyBot ani AVG do pocitaca nedal ,,,

[dady64sk]

velmi pekne dakujem za pomoc !

[JaRon]

za malicko - pekny den