po reinstale winXP a stahovani aktualizacii ma zaskocil virus popisany na tejto adrese
http://answers.microsoft.com/en-us/wind ... 4a731b9245
lenze problem je v tom,ze neviem ako killnut procesy v task managery na adresach 0x4783995. nieco mi odstranil spyware terminator,ale so zvyskom si neviem rady.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:36:46, on 28.6.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17098)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Hwuzia.exe
C:\WINDOWS\Explorer.EXE
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-2734\ju7bd.exe
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-2734\ju7bd.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-2734\ju7bd.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [Trans] C:\Program Files\Trans\trans.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SystemExplorerAutoStart] "C:\Program Files\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8921870765
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Ter
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
system process at address 0x3BC3 crashed
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
chodnik74
- Přítel fóra
- Příspěvky: 4975
- Registrován: 13 zář 2010 21:30
- Bydliště: Napajedla
- Kontaktovat uživatele:
Re: system process at address 0x3BC3 crashed
Dobrý den 
Program nepoužívejte bez doporučení Rádce a pozorně se řiďte následujících pokynu,protože program netoleruje chyby a může dojít k úplnému poškození systému!!
Program nepoužívejte bez doporučení Rádce a pozorně se řiďte následujících pokynu,protože program netoleruje chyby a může dojít k úplnému poškození systému!!
Stáhneme si Combofix 
- Program uložíme nejlépe na Plochu
- Vypneme všechny rezidentní štíty.Jak antiviru,tak antispywaru a firewallu
- Vypneme všechny běžící aplikace (ICQ,prohlížeč,programy) a necháme pouze Combofix
- Spustíme Combofix.exe s administrátorským oprávněním
U Windows XP se přihlásíme pod účtem správce
Ve Windows 7 a Vista klikněte pravým tlačítkem myši na Combofix.exe a dejte ,,Spustit jako správce,,) - Hned po startu programu na vás vyskočí licenční podmínky,tak potvrdíme tlačítkemANO
- Pokud vám Combofix nabídne instalaci Konzoly pro zotavení,tak souhlaste a nechte nainstalovat(zde je potřeba aktivní připojení na internet)
- Pokračujte dle pokynů programu a během skenování na nic neklikejte,na pc nepracujte(ICQ,jiné aplikace,internet..).Nechte počítač v klidu.
- Celý sken tvá mezi 5-15 min,ale pokud je v PC hodně havěti,tak se čas může lišit.
- Po skončení skenování(případném restartu počítače) se vám zobrazí log z Combofixu,který mi vložte sem(Kdyby se log nezobrazil,tak jej najdete zde: C:\ComboFix.txt
- (Pokud si nevíte rady s kterýmkoliv z výše uvedených kroků,tak se ptejte nebo mrkněte na detailnější návod včetně obrázků http://www.bleepingcomputer.com/combofi ... t-combofix )
Napiš mi: chodnik74@gmail.com nebo 
>RSIT<>MBAM<>VirusTotal
Doporučuji:
| 
Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. 
Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce!
Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!
Jste s naší pomocí spokojeni 
Neváhejte a podpořte forum ZDE.
Pravidla fora: č.1 a č.2
>RSIT<>MBAM<>VirusTotal
Doporučuji:
| Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce! Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.Pravidla fora: č.1 a č.2
Re: system process at address 0x3BC3 crashed
medzitym som uz spustil malvare..tu je log:
-------------------------------------------------------------------------------------------------------------------
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
28.6.2011 14:21:13
mbam-log-2011-06-28 (14-21-13).txt
Typ kontroly: Úplná kontrola (C:\|E:\|)
Objektov kontrolovaných: 171780
Uplynutý čas: 1 hod, 32 min, 37 sek
Infikované služby pamäte: 1
Infikované moduly pamäte: 0
Infikované registračné kľúče: 2
Infikované registračné hodnoty: 2
Infikované položky registračných dát: 1
Infikované priečinky: 1
Infikované súbory: 9
Infikované služby pamäte:
c:\WINDOWS\Hwuzia.exe (Trojan.FraudPack.Gen) -> 1852 -> Unloaded process successfully.
Infikované moduly pamäte:
(Škodlivé položky neboli zistené)
Infikované registračné kľúče:
HKEY_CURRENT_USER\SOFTWARE\W1WIWQ1NPG (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
Infikované registračné hodnoty:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Worm.AutoRun) -> Value: Shell -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Trojan.Agent) -> Value: Taskman -> Quarantined and deleted successfully.
Infikované položky registračných dát:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-2734\ju7bd.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
Infikované priečinky:
c:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully.
Infikované súbory:
c:\WINDOWS\Hwuzia.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\pacificbliss\application data\5D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\pacificbliss\application data\79.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\pacificbliss\application data\A95.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\pacificbliss\application data\AA1.tmp (Trojan.Proxy) -> Quarantined and deleted successfully.
c:\documents and settings\pacificbliss\application data\AC2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\pacificbliss\application data\Ripipz.exe (Spyware.BlackShadesNET) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
------------------------------------------------------------------------------------------------------------------
a potom som este spustil combofix:
------------------------------------------------------------------------------------------------------------------
ComboFix 11-06-27.04 - PacificBliss 28.06.2011 14:39:28.1.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.511.183 [GMT 2:00]
Running from: e:\download\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\PacificBliss\Application Data\4F.tmp
c:\documents and settings\PacificBliss\Application Data\5A.tmp
c:\documents and settings\PacificBliss\Application Data\75.tmp
c:\documents and settings\PacificBliss\Application Data\77.tmp
c:\documents and settings\PacificBliss\Application Data\AB6.tmp
c:\documents and settings\PacificBliss\WINDOWS
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000018_.tmp.dll
c:\windows\system32\_003381_.tmp.dll
c:\windows\system32\_005440_.tmp.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-28 )))))))))))))))))))))))))))))))
.
.
2011-06-27 16:10 . 2011-06-27 16:10 -------- d-----w- C:\cdc5fcade1fb899e48646f5f7399
2011-06-27 15:55 . 2011-06-27 16:01 -------- d-----w- C:\011d82185be7c2253642
2011-06-27 14:35 . 2011-06-27 14:36 -------- d-----w- C:\4a985bca22b2e363bcdeef
2011-06-27 13:28 . 2011-06-27 13:28 -------- d-----w- C:\CanonMF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-29 16:19 . 2003-03-31 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:51 . 2006-06-23 09:33 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:51 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2011-04-25 15:51 . 2003-03-31 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51 . 2003-03-31 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01 . 2004-08-04 05:59 389120 ------w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2003-03-31 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemExplorerAutoStart"="c:\program files\System Explorer\SystemExplorer.exe" [2011-06-26 3224904]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-06-28 3318784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]
"Trans"="c:\program files\Trans\trans.exe" [2011-01-10 2895240]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [28.6.2011 11:01 142592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12.1.2011 16:41 810144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28.6.2011 11:56 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28.6.2011 11:56 22712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:\program files\FinalWire\AIDA64 Extreme Edition\kerneld.x32 [27.6.2011 17:11 28824]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [27.6.2011 17:18 23456]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [28.6.2011 11:56 39984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.146.132.58 195.146.128.62
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Cmaudio - cmicnfg.cpl
MSConfigStartUp-12CFG214-K641-12SF-N85P - c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
MSConfigStartUp-bcm - c:\docume~1\PACIFI~1\LOCALS~1\Temp\gugh.exe
MSConfigStartUp-FXWD6M2DFK - c:\windows\system32\sshnas21.dll
MSConfigStartUp-java checksys - c:\docume~1\PACIFI~1\LOCALS~1\Temp\rtpmp.exe
MSConfigStartUp-java system update - c:\docume~1\PACIFI~1\LOCALS~1\Temp\eumlm.exe
MSConfigStartUp-ju7bd - c:\recycler\S-1-5-21-0243556031-888888379-781863308-2734\ju7bd.exe
MSConfigStartUp-Ripipz - c:\documents and settings\PacificBliss\Application Data\Ripipz.exe
MSConfigStartUp-windows updater - c:\docume~1\PACIFI~1\LOCALS~1\Temp\gaspci.exe
MSConfigStartUp-winupdate system - c:\docume~1\PACIFI~1\LOCALS~1\Temp\icvcc.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-28 14:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST380011A rev.8.01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read Zariadenie pripojené na systém nie je funkčné.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x82F0931B
user & kernel MBR OK
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AIDA64Driver]
"ImagePath"="\??\c:\program files\FinalWire\AIDA64 Extreme Edition\kerneld.x32"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(796)
c:\windows\system32\WININET.dll
.
Completion time: 2011-06-28 14:53:41
ComboFix-quarantined-files.txt 2011-06-28 12:53
.
Pre-Run: 37 761 011 712 bytes free
Post-Run: 11 adresárov, 37 738 536 960 voľných bajtov
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 4950356FF00173F7120A903D54E9FA81
-------------------------------------------------------------------------------------------------------------------
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
28.6.2011 14:21:13
mbam-log-2011-06-28 (14-21-13).txt
Typ kontroly: Úplná kontrola (C:\|E:\|)
Objektov kontrolovaných: 171780
Uplynutý čas: 1 hod, 32 min, 37 sek
Infikované služby pamäte: 1
Infikované moduly pamäte: 0
Infikované registračné kľúče: 2
Infikované registračné hodnoty: 2
Infikované položky registračných dát: 1
Infikované priečinky: 1
Infikované súbory: 9
Infikované služby pamäte:
c:\WINDOWS\Hwuzia.exe (Trojan.FraudPack.Gen) -> 1852 -> Unloaded process successfully.
Infikované moduly pamäte:
(Škodlivé položky neboli zistené)
Infikované registračné kľúče:
HKEY_CURRENT_USER\SOFTWARE\W1WIWQ1NPG (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
Infikované registračné hodnoty:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Worm.AutoRun) -> Value: Shell -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Trojan.Agent) -> Value: Taskman -> Quarantined and deleted successfully.
Infikované položky registračných dát:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-2734\ju7bd.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
Infikované priečinky:
c:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully.
Infikované súbory:
c:\WINDOWS\Hwuzia.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\pacificbliss\application data\5D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\pacificbliss\application data\79.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\pacificbliss\application data\A95.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\pacificbliss\application data\AA1.tmp (Trojan.Proxy) -> Quarantined and deleted successfully.
c:\documents and settings\pacificbliss\application data\AC2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\pacificbliss\application data\Ripipz.exe (Spyware.BlackShadesNET) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
------------------------------------------------------------------------------------------------------------------
a potom som este spustil combofix:
------------------------------------------------------------------------------------------------------------------
ComboFix 11-06-27.04 - PacificBliss 28.06.2011 14:39:28.1.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.511.183 [GMT 2:00]
Running from: e:\download\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\PacificBliss\Application Data\4F.tmp
c:\documents and settings\PacificBliss\Application Data\5A.tmp
c:\documents and settings\PacificBliss\Application Data\75.tmp
c:\documents and settings\PacificBliss\Application Data\77.tmp
c:\documents and settings\PacificBliss\Application Data\AB6.tmp
c:\documents and settings\PacificBliss\WINDOWS
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000018_.tmp.dll
c:\windows\system32\_003381_.tmp.dll
c:\windows\system32\_005440_.tmp.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-28 )))))))))))))))))))))))))))))))
.
.
2011-06-27 16:10 . 2011-06-27 16:10 -------- d-----w- C:\cdc5fcade1fb899e48646f5f7399
2011-06-27 15:55 . 2011-06-27 16:01 -------- d-----w- C:\011d82185be7c2253642
2011-06-27 14:35 . 2011-06-27 14:36 -------- d-----w- C:\4a985bca22b2e363bcdeef
2011-06-27 13:28 . 2011-06-27 13:28 -------- d-----w- C:\CanonMF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-29 16:19 . 2003-03-31 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:51 . 2006-06-23 09:33 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:51 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2011-04-25 15:51 . 2003-03-31 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51 . 2003-03-31 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01 . 2004-08-04 05:59 389120 ------w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2003-03-31 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemExplorerAutoStart"="c:\program files\System Explorer\SystemExplorer.exe" [2011-06-26 3224904]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-06-28 3318784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]
"Trans"="c:\program files\Trans\trans.exe" [2011-01-10 2895240]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [28.6.2011 11:01 142592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12.1.2011 16:41 810144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28.6.2011 11:56 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28.6.2011 11:56 22712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:\program files\FinalWire\AIDA64 Extreme Edition\kerneld.x32 [27.6.2011 17:11 28824]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [27.6.2011 17:18 23456]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [28.6.2011 11:56 39984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.146.132.58 195.146.128.62
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Cmaudio - cmicnfg.cpl
MSConfigStartUp-12CFG214-K641-12SF-N85P - c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
MSConfigStartUp-bcm - c:\docume~1\PACIFI~1\LOCALS~1\Temp\gugh.exe
MSConfigStartUp-FXWD6M2DFK - c:\windows\system32\sshnas21.dll
MSConfigStartUp-java checksys - c:\docume~1\PACIFI~1\LOCALS~1\Temp\rtpmp.exe
MSConfigStartUp-java system update - c:\docume~1\PACIFI~1\LOCALS~1\Temp\eumlm.exe
MSConfigStartUp-ju7bd - c:\recycler\S-1-5-21-0243556031-888888379-781863308-2734\ju7bd.exe
MSConfigStartUp-Ripipz - c:\documents and settings\PacificBliss\Application Data\Ripipz.exe
MSConfigStartUp-windows updater - c:\docume~1\PACIFI~1\LOCALS~1\Temp\gaspci.exe
MSConfigStartUp-winupdate system - c:\docume~1\PACIFI~1\LOCALS~1\Temp\icvcc.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-28 14:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST380011A rev.8.01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read Zariadenie pripojené na systém nie je funkčné.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x82F0931B
user & kernel MBR OK
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AIDA64Driver]
"ImagePath"="\??\c:\program files\FinalWire\AIDA64 Extreme Edition\kerneld.x32"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(796)
c:\windows\system32\WININET.dll
.
Completion time: 2011-06-28 14:53:41
ComboFix-quarantined-files.txt 2011-06-28 12:53
.
Pre-Run: 37 761 011 712 bytes free
Post-Run: 11 adresárov, 37 738 536 960 voľných bajtov
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 4950356FF00173F7120A903D54E9FA81
-
chodnik74
- Přítel fóra
- Příspěvky: 4975
- Registrován: 13 zář 2010 21:30
- Bydliště: Napajedla
- Kontaktovat uživatele:
Re: system process at address 0x3BC3 crashed
Jak se PC chová? 
Otevřeme si Poznámkový blok 
TFC
Otevřeme si Poznámkový blok
- (stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)
- Vložíme do něj následující script:
Kód: Vybrat vše
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SystemExplorerAutoStart"=- [-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] - Soubor uložíme jako oprava.reg (při ukládání nastavte Uložit jako typ:Všechny soubory)
- Poté tento soubor spustíme a potvrdíme
TFC
- Stáhneme a spustíme program
- Klikneme na Start a potvrdíme OK
- Program začne uklízet,poté restartuje pc
- po použití program smažte
Napiš mi: chodnik74@gmail.com nebo
>RSIT<>MBAM<>VirusTotal
Doporučuji: |
Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce!
Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!
Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.
Pravidla fora: č.1 a č.2
>RSIT<>MBAM<>VirusTotal
Doporučuji:
| Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce! Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.Pravidla fora: č.1 a č.2
Re: system process at address 0x3BC3 crashed
zda sa,ze to pomohlo,dakujem. log v hijackthis vyzera byt cisty. len mi ostali na c:/ nejake adresare s nazvom : cdc5fcade1fb899e48646f5f7399 a pod. neviem,ci to ostalo po aktualizaciach ale neda sa to zmazat.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:43:44, on 29.6.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17098)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [Trans] C:\Program Files\Trans\trans.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8921870765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9266650562
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Update Service (nvUpdService) - Unknown owner - C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:43:44, on 29.6.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17098)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [Trans] C:\Program Files\Trans\trans.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8921870765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9266650562
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Update Service (nvUpdService) - Unknown owner - C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
-
chodnik74
- Přítel fóra
- Příspěvky: 4975
- Registrován: 13 zář 2010 21:30
- Bydliště: Napajedla
- Kontaktovat uživatele:
Re: system process at address 0x3BC3 crashed
Vložte mi sem log z RSIT: http://www.viry.cz/forum/viewtopic.php?f=13&t=105895
Napiš mi: chodnik74@gmail.com nebo
>RSIT<>MBAM<>VirusTotal
Doporučuji: |
Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce!
Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!
Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.
Pravidla fora: č.1 a č.2
>RSIT<>MBAM<>VirusTotal
Doporučuji:
| Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce! Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.Pravidla fora: č.1 a č.2
Re: system process at address 0x3BC3 crashed
tu je ten log. este sa chcem opytat, adresar qoobox ktory ostal po combofixe, mam vymazat?
info.txt logfile of random's system information tool 1.08 2011-06-29 11:03:48
======Uninstall list======
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\FlashUtil10t_Plugin.exe -maintain plugin
Adobe Reader X (10.1.0) - Slovak-->MsiExec.exe /I{AC76BA86-7AD7-1051-7B44-AA1000000001}
AIDA64 Extreme Edition v1.80-->"C:\Program Files\FinalWire\AIDA64 Extreme Edition\unins000.exe"
Canon MF Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01B93B3A-283F-411B-A648-69CABCACC986}\Setup.exe" -l0x9 -Uninstall
Canon MF Toolbox 4.9.1.1.mf01-->MsiExec.exe /I{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216026FF}
Malwarebytes' Anti-Malware verzia 1.51.0.1200-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{9113041B-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2007 (Slovak)-->MsiExec.exe /X{95120000-00AF-041B-0000-0000000FF1CE}
OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Opera 11.50-->"C:\Program Files\Opera\Opera.exe" /uninstall
Presto! PageManager 6.03-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}\Setup.exe" -l0x9 anything
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Windows Internet Explorer 7 (KB2530548)-->"C:\WINDOWS\ie7updates\KB2530548-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2544521)-->"C:\WINDOWS\ie7updates\KB2544521-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB982381)-->"C:\WINDOWS\ie7updates\KB982381-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
SiS 900 PCI Fast Ethernet Adapter Driver-->C:\WINDOWS\SiS\900\Uninst.exe
SiSAGP driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x1b
Skype Toolbars-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Skype™ 5.3-->MsiExec.exe /X{5335DADB-34BA-4AE8-A519-648D78498846}
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
Total Commander (Remove or Repair)-->C:\Program Files\totalcmd\tcuninst.exe
TRANS 3.3.2.989-->"C:\Program Files\Trans\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Windows Internet Explorer 7 Language Interface Pack (SKY)-->"C:\WINDOWS\ie7updates\IE7-LIP\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Hosts File Missing
======Security center information======
AV: ESET Smart Security 4.2
FW: ESET personal firewall
======System event log======
Computer Name: MINERAL
Event Code: 7036
Message: Služba Fast User Switching Compatibility vstúpila do stavu Spustené.
Record Number: 1206
Source Name: Service Control Manager
Time Written: 20110628102501.000000+120
Event Type: informácie
User:
Computer Name: MINERAL
Event Code: 7035
Message: Službe Fast User Switching Compatibility bolo úspešne odoslané riadenie Spustené.
Record Number: 1205
Source Name: Service Control Manager
Time Written: 20110628102501.000000+120
Event Type: informácie
User: NT AUTHORITY\SYSTEM
Computer Name: MINERAL
Event Code: 6005
Message: Spustila sa služba Denník udalostí.
Record Number: 1204
Source Name: EventLog
Time Written: 20110628102206.000000+120
Event Type: informácie
User:
Computer Name: MINERAL
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.
Record Number: 1203
Source Name: EventLog
Time Written: 20110628102206.000000+120
Event Type: informácie
User:
Computer Name: MINERAL
Event Code: 18
Message: Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on 28. júna 2011 at 12:00:
- Aktualizácia zabezpečenia pre rozhranie Microsoft .NET Framework 1.1 SP1 v systémoch Windows XP, Windows Vista a Windows Server 2008 x86 (KB2416447)
- Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2478658)
- Security Update for Internet Explorer 7 for Windows XP (KB2544521)
- Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2518864)
Record Number: 1202
Source Name: Windows Update Agent
Time Written: 20110628094100.000000+120
Event Type: informácie
User:
=====Application event log=====
Computer Name: MINERAL
Event Code: 1000
Message: Podarilo sa načítať počítadlá výkonu služby ContentIndex (ContentIndex).
Údaje záznamu obsahujú nové hodnoty registra priradené
k tejto službe.
Record Number: 5
Source Name: LoadPerf
Time Written: 20110624150125.000000+120
Event Type: informácie
User:
Computer Name: MINERAL
Event Code: 1000
Message: Podarilo sa načítať počítadlá výkonu služby TermService (Terminal Services).
Údaje záznamu obsahujú nové hodnoty registra priradené
k tejto službe.
Record Number: 4
Source Name: LoadPerf
Time Written: 20110624150122.000000+120
Event Type: informácie
User:
Computer Name: MINERAL
Event Code: 1000
Message: Podarilo sa načítať počítadlá výkonu služby RemoteAccess (Routing and Remote Access).
Údaje záznamu obsahujú nové hodnoty registra priradené
k tejto službe.
Record Number: 3
Source Name: LoadPerf
Time Written: 20110624150014.000000+120
Event Type: informácie
User:
Computer Name: MINERAL
Event Code: 1000
Message: Podarilo sa načítať počítadlá výkonu služby PSched (PSched).
Údaje záznamu obsahujú nové hodnoty registra priradené
k tejto službe.
Record Number: 2
Source Name: LoadPerf
Time Written: 20110624145945.000000+120
Event Type: informácie
User:
Computer Name: MINERAL
Event Code: 1000
Message: Podarilo sa načítať počítadlá výkonu služby RSVP (QoS RSVP).
Údaje záznamu obsahujú nové hodnoty registra priradené
k tejto službe.
Record Number: 1
Source Name: LoadPerf
Time Written: 20110624145944.000000+120
Event Type: informácie
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.08 2011-06-29 11:03:48
======Uninstall list======
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\FlashUtil10t_Plugin.exe -maintain plugin
Adobe Reader X (10.1.0) - Slovak-->MsiExec.exe /I{AC76BA86-7AD7-1051-7B44-AA1000000001}
AIDA64 Extreme Edition v1.80-->"C:\Program Files\FinalWire\AIDA64 Extreme Edition\unins000.exe"
Canon MF Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01B93B3A-283F-411B-A648-69CABCACC986}\Setup.exe" -l0x9 -Uninstall
Canon MF Toolbox 4.9.1.1.mf01-->MsiExec.exe /I{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216026FF}
Malwarebytes' Anti-Malware verzia 1.51.0.1200-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{9113041B-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2007 (Slovak)-->MsiExec.exe /X{95120000-00AF-041B-0000-0000000FF1CE}
OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Opera 11.50-->"C:\Program Files\Opera\Opera.exe" /uninstall
Presto! PageManager 6.03-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}\Setup.exe" -l0x9 anything
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Windows Internet Explorer 7 (KB2530548)-->"C:\WINDOWS\ie7updates\KB2530548-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2544521)-->"C:\WINDOWS\ie7updates\KB2544521-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB982381)-->"C:\WINDOWS\ie7updates\KB982381-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
SiS 900 PCI Fast Ethernet Adapter Driver-->C:\WINDOWS\SiS\900\Uninst.exe
SiSAGP driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x1b
Skype Toolbars-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Skype™ 5.3-->MsiExec.exe /X{5335DADB-34BA-4AE8-A519-648D78498846}
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
Total Commander (Remove or Repair)-->C:\Program Files\totalcmd\tcuninst.exe
TRANS 3.3.2.989-->"C:\Program Files\Trans\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Windows Internet Explorer 7 Language Interface Pack (SKY)-->"C:\WINDOWS\ie7updates\IE7-LIP\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Hosts File Missing
======Security center information======
AV: ESET Smart Security 4.2
FW: ESET personal firewall
======System event log======
Computer Name: MINERAL
Event Code: 7036
Message: Služba Fast User Switching Compatibility vstúpila do stavu Spustené.
Record Number: 1206
Source Name: Service Control Manager
Time Written: 20110628102501.000000+120
Event Type: informácie
User:
Computer Name: MINERAL
Event Code: 7035
Message: Službe Fast User Switching Compatibility bolo úspešne odoslané riadenie Spustené.
Record Number: 1205
Source Name: Service Control Manager
Time Written: 20110628102501.000000+120
Event Type: informácie
User: NT AUTHORITY\SYSTEM
Computer Name: MINERAL
Event Code: 6005
Message: Spustila sa služba Denník udalostí.
Record Number: 1204
Source Name: EventLog
Time Written: 20110628102206.000000+120
Event Type: informácie
User:
Computer Name: MINERAL
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.
Record Number: 1203
Source Name: EventLog
Time Written: 20110628102206.000000+120
Event Type: informácie
User:
Computer Name: MINERAL
Event Code: 18
Message: Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on 28. júna 2011 at 12:00:
- Aktualizácia zabezpečenia pre rozhranie Microsoft .NET Framework 1.1 SP1 v systémoch Windows XP, Windows Vista a Windows Server 2008 x86 (KB2416447)
- Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2478658)
- Security Update for Internet Explorer 7 for Windows XP (KB2544521)
- Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2518864)
Record Number: 1202
Source Name: Windows Update Agent
Time Written: 20110628094100.000000+120
Event Type: informácie
User:
=====Application event log=====
Computer Name: MINERAL
Event Code: 1000
Message: Podarilo sa načítať počítadlá výkonu služby ContentIndex (ContentIndex).
Údaje záznamu obsahujú nové hodnoty registra priradené
k tejto službe.
Record Number: 5
Source Name: LoadPerf
Time Written: 20110624150125.000000+120
Event Type: informácie
User:
Computer Name: MINERAL
Event Code: 1000
Message: Podarilo sa načítať počítadlá výkonu služby TermService (Terminal Services).
Údaje záznamu obsahujú nové hodnoty registra priradené
k tejto službe.
Record Number: 4
Source Name: LoadPerf
Time Written: 20110624150122.000000+120
Event Type: informácie
User:
Computer Name: MINERAL
Event Code: 1000
Message: Podarilo sa načítať počítadlá výkonu služby RemoteAccess (Routing and Remote Access).
Údaje záznamu obsahujú nové hodnoty registra priradené
k tejto službe.
Record Number: 3
Source Name: LoadPerf
Time Written: 20110624150014.000000+120
Event Type: informácie
User:
Computer Name: MINERAL
Event Code: 1000
Message: Podarilo sa načítať počítadlá výkonu služby PSched (PSched).
Údaje záznamu obsahujú nové hodnoty registra priradené
k tejto službe.
Record Number: 2
Source Name: LoadPerf
Time Written: 20110624145945.000000+120
Event Type: informácie
User:
Computer Name: MINERAL
Event Code: 1000
Message: Podarilo sa načítať počítadlá výkonu služby RSVP (QoS RSVP).
Údaje záznamu obsahujú nové hodnoty registra priradené
k tejto službe.
Record Number: 1
Source Name: LoadPerf
Time Written: 20110624145944.000000+120
Event Type: informácie
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
-----------------EOF-----------------
-
chodnik74
- Přítel fóra
- Příspěvky: 4975
- Registrován: 13 zář 2010 21:30
- Bydliště: Napajedla
- Kontaktovat uživatele:
Re: system process at address 0x3BC3 crashed
Tohle je info.txt,dejte mi sem log.txt,najdete v C:\RSIT\ a ten adresář je od Combofixu,to vyčistíme nakonec,nebojte..
Napiš mi: chodnik74@gmail.com nebo
>RSIT<>MBAM<>VirusTotal
Doporučuji: |
Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce!
Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!
Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.
Pravidla fora: č.1 a č.2
>RSIT<>MBAM<>VirusTotal
Doporučuji:
| Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce! Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.Pravidla fora: č.1 a č.2
Re: system process at address 0x3BC3 crashed
Logfile of random's system information tool 1.08 (written by random/random)
Run by PacificBliss at 2011-06-29 11:02:44
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 39 GB (85%) free of 46 GB
Total RAM: 511 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:03:41, on 29.6.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17098)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Opera\opera.exe
E:\download\RSIT.exe
C:\Program Files\trend micro\PacificBliss.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [Trans] C:\Program Files\Trans\trans.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8921870765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9266650562
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Update Service (nvUpdService) - Unknown owner - C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 5549 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-24 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-06-24 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-01-12 2219184]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"OPSE reminder"=C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe [2003-07-07 729088]
"Trans"=C:\Program Files\Trans\trans.exe [2011-01-10 2895240]
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2008-04-14 169984]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-05-29 449584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-06-28 3318784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemExplorerAutoStart]
C:\Program Files\System Explorer\SystemExplorer.exe /TRAY []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WINDOW~4\WINDOW~1.EXE [2008-05-26 123904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator Update Support"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2011-06-29 11:02:44 ----D---- C:\rsit
2011-06-29 10:52:54 ----HD---- C:\WINDOWS\$hf_mig$
2011-06-29 10:52:53 ----D---- C:\WINDOWS\LastGood
2011-06-29 10:18:54 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2011-06-29 10:18:54 ----A---- C:\WINDOWS\system32\mucltui.dll
2011-06-28 16:58:17 ----D---- C:\Program Files\MSECache
2011-06-28 16:51:24 ----D---- C:\WINDOWS\SoftwareDistribution
2011-06-28 15:19:44 ----SHD---- C:\RECYCLER
2011-06-28 14:53:45 ----A---- C:\ComboFix.txt
2011-06-28 14:37:36 ----A---- C:\Boot.bak
2011-06-28 14:37:28 ----RASHD---- C:\cmdcons
2011-06-28 14:32:32 ----A---- C:\WINDOWS\zip.exe
2011-06-28 14:32:32 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-06-28 14:32:32 ----A---- C:\WINDOWS\SWSC.exe
2011-06-28 14:32:32 ----A---- C:\WINDOWS\SWREG.exe
2011-06-28 14:32:32 ----A---- C:\WINDOWS\sed.exe
2011-06-28 14:32:32 ----A---- C:\WINDOWS\PEV.exe
2011-06-28 14:32:32 ----A---- C:\WINDOWS\NIRCMD.exe
2011-06-28 14:32:32 ----A---- C:\WINDOWS\MBR.exe
2011-06-28 14:32:32 ----A---- C:\WINDOWS\grep.exe
2011-06-28 14:32:03 ----D---- C:\WINDOWS\ERDNT
2011-06-28 14:31:42 ----D---- C:\Qoobox
2011-06-28 11:56:42 ----D---- C:\Documents and Settings\PacificBliss\Application Data\Malwarebytes
2011-06-28 11:56:35 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-06-28 11:56:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-06-28 11:56:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-06-28 11:56:31 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-06-28 11:51:08 ----D---- C:\Program Files\CCleaner
2011-06-28 11:01:29 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2011-06-28 11:01:28 ----D---- C:\Documents and Settings\PacificBliss\Application Data\Spyware Terminator
2011-06-28 11:01:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2011-06-28 11:01:22 ----D---- C:\Program Files\Spyware Terminator
2011-06-28 10:41:14 ----D---- C:\Program Files\System Explorer
2011-06-28 10:33:58 ----D---- C:\Program Files\Trend Micro
2011-06-27 18:11:03 ----HD---- C:\Config.Msi
2011-06-27 18:10:12 ----D---- C:\cdc5fcade1fb899e48646f5f7399
2011-06-27 18:00:12 ----D---- C:\Documents and Settings\PacificBliss\Application Data\bcm
2011-06-27 17:10:19 ----D---- C:\Program Files\FinalWire
2011-06-27 16:37:25 ----D---- C:\WINDOWS\system32\XPSViewer
2011-06-27 16:37:07 ----D---- C:\Program Files\MSBuild
2011-06-27 16:36:45 ----D---- C:\Program Files\Reference Assemblies
2011-06-27 16:35:39 ----N---- C:\WINDOWS\system32\prntvpt.dll
2011-06-27 16:35:38 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2011-06-27 16:35:38 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2011-06-27 16:33:17 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2011-06-27 16:33:05 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2011-06-27 16:29:42 ----D---- C:\WINDOWS\system32\sk-SK
2011-06-27 16:26:51 ----D---- C:\WINDOWS\ie7updates
2011-06-27 16:25:11 ----D---- C:\WINDOWS\WBEM
2011-06-27 16:23:16 ----HDC---- C:\WINDOWS\ie7
2011-06-27 16:15:12 ----N---- C:\WINDOWS\system32\WinFXDocObj.exe
2011-06-27 16:15:12 ----N---- C:\WINDOWS\system32\msfeedssync.exe
2011-06-27 16:15:12 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2011-06-27 16:15:12 ----A---- C:\WINDOWS\system32\msfeeds.dll
2011-06-27 16:15:11 ----N---- C:\WINDOWS\system32\ieui.dll
2011-06-27 16:15:11 ----A---- C:\WINDOWS\system32\ieudinit.exe
2011-06-27 16:15:11 ----A---- C:\WINDOWS\system32\iertutil.dll
2011-06-27 16:15:11 ----A---- C:\WINDOWS\system32\ieframe.dll
2011-06-27 16:15:11 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2011-06-27 16:15:10 ----A---- C:\WINDOWS\system32\icardie.dll
2011-06-27 16:15:09 ----N---- C:\WINDOWS\system32\advpack.dll.mui
2011-06-27 16:13:52 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2011-06-27 16:12:33 ----D---- C:\Documents and Settings\PacificBliss\Application Data\Windows Desktop Search
2011-06-27 16:11:26 ----D---- C:\WINDOWS\system32\GroupPolicy
2011-06-27 16:11:26 ----D---- C:\Program Files\Windows Desktop Search
2011-06-27 16:06:50 ----D---- C:\WINDOWS\system32\URTTEMP
2011-06-27 16:04:23 ----A---- C:\WINDOWS\CPC10Q.INI
2011-06-27 15:53:35 ----D---- C:\Documents and Settings\PacificBliss\Application Data\RST
2011-06-27 15:53:16 ----D---- C:\Program Files\Trans
2011-06-27 15:44:01 ----RSD---- C:\WINDOWS\assembly
2011-06-27 15:42:52 ----D---- C:\Program Files\Microsoft.NET
2011-06-27 15:42:40 ----D---- C:\WINDOWS\Microsoft.NET
2011-06-27 15:32:40 ----A---- C:\WINDOWS\system32\ippsa611.dll
2011-06-27 15:32:40 ----A---- C:\WINDOWS\system32\ippcva611.dll
2011-06-27 15:32:39 ----A---- C:\WINDOWS\UMXADDIN.INI
2011-06-27 15:32:39 ----A---- C:\WINDOWS\system32\ippsra611.dll
2011-06-27 15:32:39 ----A---- C:\WINDOWS\system32\ippsr11.dll
2011-06-27 15:32:39 ----A---- C:\WINDOWS\system32\ipps11.dll
2011-06-27 15:32:39 ----A---- C:\WINDOWS\system32\ippja611.dll
2011-06-27 15:32:39 ----A---- C:\WINDOWS\system32\ippj11.dll
2011-06-27 15:32:39 ----A---- C:\WINDOWS\system32\ippia611.dll
2011-06-27 15:32:39 ----A---- C:\WINDOWS\system32\ippi11.dll
2011-06-27 15:32:39 ----A---- C:\WINDOWS\system32\ippcv11.dll
2011-06-27 15:32:39 ----A---- C:\WINDOWS\system32\IPPCPUID.DLL
2011-06-27 15:32:38 ----A---- C:\WINDOWS\IsUninst.exe
2011-06-27 15:32:30 ----A---- C:\WINDOWS\system32\pmsbfn32.dll
2011-06-27 15:31:56 ----D---- C:\Program Files\NewSoft
2011-06-27 15:31:54 ----D---- C:\Documents and Settings\PacificBliss\Application Data\NewSoft
2011-06-27 15:31:52 ----N---- C:\WINDOWS\PMINI.ini
2011-06-27 15:30:38 ----D---- C:\Documents and Settings\PacificBliss\Application Data\ScanSoft
2011-06-27 15:30:37 ----D---- C:\Documents and Settings\All Users\Application Data\SSScanWizard
2011-06-27 15:30:36 ----D---- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2011-06-27 15:30:36 ----A---- C:\WINDOWS\MAXLINK.INI
2011-06-27 15:30:09 ----D---- C:\Program Files\ScanSoft
2011-06-27 15:30:09 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2011-06-27 15:28:48 ----D---- C:\CanonMF
2011-06-27 15:27:33 ----D---- C:\Program Files\Canon
2011-06-24 18:50:10 ----D---- C:\WINDOWS\SiS
2011-06-24 18:18:10 ----D---- C:\WINDOWS\Prefetch
2011-06-24 18:03:29 ----D---- C:\WINDOWS\system32\en-us
2011-06-24 18:03:28 ----D---- C:\WINDOWS\system32\scripting
2011-06-24 18:03:26 ----D---- C:\WINDOWS\l2schemas
2011-06-24 18:03:25 ----D---- C:\WINDOWS\system32\en
2011-06-24 17:59:29 ----D---- C:\WINDOWS\network diagnostic
2011-06-24 17:25:02 ----N---- C:\WINDOWS\system32\xmllite.dll
2011-06-24 17:24:50 ----N---- C:\WINDOWS\system32\wmphoto.dll
2011-06-24 17:24:37 ----N---- C:\WINDOWS\system32\wlanapi.dll
2011-06-24 17:24:33 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2011-06-24 17:24:33 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2011-06-24 17:24:23 ----N---- C:\WINDOWS\system32\tspkg.dll
2011-06-24 17:24:23 ----N---- C:\WINDOWS\system32\tsgqec.dll
2011-06-24 17:24:11 ----N---- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2011-06-24 17:24:10 ----N---- C:\WINDOWS\system32\setupn.exe
2011-06-24 17:24:06 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2011-06-24 17:24:05 ----N---- C:\WINDOWS\system32\rasqec.dll
2011-06-24 17:24:04 ----N---- C:\WINDOWS\system32\qutil.dll
2011-06-24 17:24:03 ----N---- C:\WINDOWS\system32\qcliprov.dll
2011-06-24 17:24:02 ----N---- C:\WINDOWS\system32\qagentrt.dll
2011-06-24 17:24:02 ----N---- C:\WINDOWS\system32\qagent.dll
2011-06-24 17:24:00 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2011-06-24 17:23:57 ----N---- C:\WINDOWS\system32\onex.dll
2011-06-24 17:23:48 ----N---- C:\WINDOWS\system32\napstat.exe
2011-06-24 17:23:48 ----N---- C:\WINDOWS\system32\napmontr.dll
2011-06-24 17:23:48 ----N---- C:\WINDOWS\system32\napipsec.dll
2011-06-24 17:23:46 ----N---- C:\WINDOWS\system32\msxml6r.dll
2011-06-24 17:23:46 ----N---- C:\WINDOWS\system32\msxml6.dll
2011-06-24 17:23:44 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2011-06-24 17:23:44 ----N---- C:\WINDOWS\system32\mssha.dll
2011-06-24 17:23:29 ----N---- C:\WINDOWS\system32\mmcperf.exe
2011-06-24 17:23:29 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2011-06-24 17:23:28 ----N---- C:\WINDOWS\system32\mmcex.dll
2011-06-24 17:23:28 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2011-06-24 17:23:17 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2011-06-24 17:23:16 ----N---- C:\WINDOWS\system32\kmsvc.dll
2011-06-24 17:23:15 ----N---- C:\WINDOWS\system32\kbdpash.dll
2011-06-24 17:23:15 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2011-06-24 17:23:15 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2011-06-24 17:23:15 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2011-06-24 17:23:01 ----N---- C:\WINDOWS\system32\drivers\hdaudbus.sys
2011-06-24 17:22:54 ----N---- C:\WINDOWS\system32\eapsvc.dll
2011-06-24 17:22:54 ----N---- C:\WINDOWS\system32\eapqec.dll
2011-06-24 17:22:54 ----N---- C:\WINDOWS\system32\eappprxy.dll
2011-06-24 17:22:54 ----N---- C:\WINDOWS\system32\eapphost.dll
2011-06-24 17:22:54 ----N---- C:\WINDOWS\system32\eappgnui.dll
2011-06-24 17:22:54 ----N---- C:\WINDOWS\system32\eappcfg.dll
2011-06-24 17:22:54 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2011-06-24 17:22:53 ----N---- C:\WINDOWS\system32\eapolqec.dll
2011-06-24 17:22:49 ----N---- C:\WINDOWS\system32\dot3ui.dll
2011-06-24 17:22:49 ----N---- C:\WINDOWS\system32\dot3svc.dll
2011-06-24 17:22:49 ----N---- C:\WINDOWS\system32\dot3msm.dll
2011-06-24 17:22:49 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2011-06-24 17:22:49 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2011-06-24 17:22:49 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2011-06-24 17:22:49 ----N---- C:\WINDOWS\system32\dot3api.dll
2011-06-24 17:22:47 ----N---- C:\WINDOWS\system32\dimsroam.dll
2011-06-24 17:22:47 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2011-06-24 17:22:47 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2011-06-24 17:22:43 ----N---- C:\WINDOWS\system32\credssp.dll
2011-06-24 17:22:36 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2011-06-24 17:22:36 ----N---- C:\WINDOWS\system32\azroles.dll
2011-06-24 17:22:28 ----N---- C:\WINDOWS\system32\aaclient.dll
2011-06-24 16:59:25 ----A---- C:\WINDOWS\system32\h323log.txt
2011-06-24 16:59:06 ----D---- C:\WINDOWS\pss
2011-06-24 16:57:19 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2011-06-24 16:57:17 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2011-06-24 16:57:16 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2011-06-24 16:57:15 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2011-06-24 16:57:14 ----A---- C:\WINDOWS\system32\drivers\dmusic.sys
2011-06-24 16:57:12 ----A---- C:\WINDOWS\system32\drivers\mskssrv.sys
2011-06-24 16:57:11 ----A---- C:\WINDOWS\system32\drivers\mspclock.sys
2011-06-24 16:57:10 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2011-06-24 16:57:09 ----A---- C:\WINDOWS\system32\drivers\mspqm.sys
2011-06-24 16:57:07 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2011-06-24 16:57:06 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2011-06-24 16:57:02 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2011-06-24 16:56:45 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys
2011-06-24 16:56:22 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2011-06-24 16:56:01 ----A---- C:\WINDOWS\system32\drivers\ati2mtag.sys
2011-06-24 16:56:01 ----A---- C:\WINDOWS\system32\ati3d2ag.dll
2011-06-24 16:56:01 ----A---- C:\WINDOWS\system32\ati3d1ag.dll
2011-06-24 16:56:01 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2011-06-24 16:55:52 ----A---- C:\WINDOWS\system32\ksuser.dll
2011-06-24 16:55:52 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2011-06-24 16:55:52 ----A---- C:\WINDOWS\system32\drivers\msmpu401.sys
2011-06-24 16:55:52 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2011-06-24 16:55:50 ----A---- C:\WINDOWS\system32\drivers\gameenum.sys
2011-06-24 16:55:40 ----A---- C:\WINDOWS\system32\drivers\sisagp.sys
2011-06-24 16:55:27 ----A---- C:\WINDOWS\system32\usbui.dll
2011-06-24 16:55:26 ----N---- C:\WINDOWS\system32\tzchange.exe
2011-06-24 16:54:46 ----N---- C:\WINDOWS\system32\browserchoice.exe
2011-06-24 16:54:30 ----D---- C:\Program Files\Common Files\ODBC
2011-06-24 16:54:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-06-24 16:54:30 ----A---- C:\WINDOWS\ODBCINST.INI
2011-06-24 16:54:27 ----D---- C:\Program Files\Common Files\SpeechEngines
2011-06-24 16:54:27 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-06-24 16:54:26 ----RD---- C:\Program Files
2011-06-24 16:54:26 ----D---- C:\Program Files\Common Files
2011-06-24 16:54:24 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2011-06-24 16:54:24 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2011-06-24 16:54:24 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2011-06-24 16:54:23 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2011-06-24 16:54:23 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2011-06-24 16:54:23 ----RA---- C:\WINDOWS\system32\kbdur.dll
2011-06-24 16:54:23 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2011-06-24 16:54:23 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2011-06-24 16:54:23 ----RA---- C:\WINDOWS\system32\kbdru.dll
2011-06-24 16:54:23 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2011-06-24 16:54:23 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2011-06-24 16:54:23 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2011-06-24 16:54:23 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2011-06-24 16:54:23 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2011-06-24 16:54:23 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2011-06-24 16:54:21 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2011-06-24 16:54:21 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2011-06-24 16:54:21 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2011-06-24 16:54:21 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2011-06-24 16:54:21 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2011-06-24 16:54:21 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2011-06-24 16:54:21 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2011-06-24 16:54:20 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2011-06-24 16:54:20 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2011-06-24 16:54:20 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2011-06-24 16:54:20 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2011-06-24 16:54:20 ----RA---- C:\WINDOWS\system32\kbdest.dll
2011-06-24 16:54:18 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2011-06-24 16:54:18 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2011-06-24 16:54:18 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2011-06-24 16:54:18 ----RA---- C:\WINDOWS\system32\kbdro.dll
2011-06-24 16:54:18 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2011-06-24 16:54:18 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2011-06-24 16:54:18 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2011-06-24 16:54:18 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2011-06-24 16:54:18 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2011-06-24 16:54:18 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2011-06-24 16:54:18 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2011-06-24 16:54:18 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2011-06-24 16:54:18 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2011-06-24 16:54:16 ----A---- C:\WINDOWS\system32\spxcoins.dll
2011-06-24 16:54:16 ----A---- C:\WINDOWS\system32\irclass.dll
2011-06-24 16:54:16 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2011-06-24 16:54:16 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2011-06-24 16:54:16 ----A---- C:\WINDOWS\system32\dgsetup.dll
2011-06-24 16:54:16 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2011-06-24 16:54:14 ----A---- C:\WINDOWS\TASKMAN.EXE
2011-06-24 16:54:14 ----A---- C:\WINDOWS\system32\batt.dll
2011-06-24 16:54:14 ----A---- C:\WINDOWS\notepad.exe
2011-06-24 16:54:13 ----A---- C:\WINDOWS\system32\storprop.dll
2011-06-24 16:54:06 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2011-06-24 16:53:55 ----D---- C:\WINDOWS\system32\CatRoot2
2011-06-24 16:53:55 ----D---- C:\WINDOWS\system32\CatRoot
2011-06-24 16:53:49 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2011-06-24 16:52:30 ----D---- C:\Documents and Settings\PacificBliss\Application Data\skypePM
2011-06-24 16:52:25 ----D---- C:\Documents and Settings\All Users\Application Data\Skype Extras
2011-06-24 16:51:40 ----A---- C:\WINDOWS\system32\xpsp4res.dll
2011-06-24 16:50:40 ----D---- C:\Documents and Settings
2011-06-24 16:49:56 ----RASH---- C:\boot.ini
2011-06-24 16:48:31 ----D---- C:\Documents and Settings\PacificBliss\Application Data\Skype
2011-06-24 16:46:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-06-24 16:46:19 ----RSD---- C:\WINDOWS\Fonts
2011-06-24 16:46:19 ----RD---- C:\WINDOWS\Web
2011-06-24 16:46:19 ----HD---- C:\WINDOWS\inf
2011-06-24 16:46:19 ----D---- C:\WINDOWS\WinSxS
2011-06-24 16:46:19 ----D---- C:\WINDOWS\twain_32
2011-06-24 16:46:19 ----D---- C:\WINDOWS\Temp
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\wins
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\wbem
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\usmt
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\spool
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\ShellExt
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\Setup
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\ras
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\oobe
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\npp
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\mui
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\inetsrv
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\IME
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\icsxml
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\ias
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\export
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\drivers\etc
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\drivers\disdn
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\drivers
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\dhcp
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\config
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\3com_dmi
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\3076
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\2052
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\1054
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\1042
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\1041
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\1037
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\1033
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\1031
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\1028
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\1025
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system
2011-06-24 16:46:19 ----D---- C:\WINDOWS\security
2011-06-24 16:46:19 ----D---- C:\WINDOWS\Resources
2011-06-24 16:46:19 ----D---- C:\WINDOWS\repair
2011-06-24 16:46:19 ----D---- C:\WINDOWS\mui
2011-06-24 16:46:19 ----D---- C:\WINDOWS\msapps
2011-06-24 16:46:19 ----D---- C:\WINDOWS\msagent
2011-06-24 16:46:19 ----D---- C:\WINDOWS\Media
2011-06-24 16:46:19 ----D---- C:\WINDOWS\java
2011-06-24 16:46:19 ----D---- C:\WINDOWS\ime
2011-06-24 16:46:19 ----D---- C:\WINDOWS\Help
2011-06-24 16:46:19 ----D---- C:\WINDOWS\Driver Cache
2011-06-24 16:46:19 ----D---- C:\WINDOWS\Debug
2011-06-24 16:46:19 ----D---- C:\WINDOWS\Cursors
2011-06-24 16:46:19 ----D---- C:\WINDOWS\Connection Wizard
2011-06-24 16:46:19 ----D---- C:\WINDOWS\Config
2011-06-24 16:46:19 ----D---- C:\WINDOWS\AppPatch
2011-06-24 16:46:19 ----D---- C:\WINDOWS\addins
2011-06-24 16:46:19 ----D---- C:\WINDOWS
2011-06-24 16:46:19 ----ASH---- C:\pagefile.sys
2011-06-24 16:33:28 ----A---- C:\WINDOWS\system32\wmpns.dll
2011-06-24 16:32:02 ----D---- C:\WINDOWS\peernet
2011-06-24 16:32:01 ----D---- C:\WINDOWS\provisioning
2011-06-24 16:29:57 ----D---- C:\WINDOWS\ServicePackFiles
2011-06-24 16:24:44 ----D---- C:\WINDOWS\EHome
2011-06-24 16:20:45 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2011-06-24 16:15:51 ----A---- C:\WINDOWS\system32\cocpyinf.dll
2011-06-24 16:15:27 ----A---- C:\WINDOWS\system32\MRT.exe
2011-06-24 16:15:22 ----A---- C:\WINDOWS\system32\cncilps2.dll
2011-06-24 16:15:22 ----A---- C:\WINDOWS\system32\CNARLMNT.DLL
2011-06-24 16:14:46 ----A---- C:\WINDOWS\system32\CNCMFP13.INI
2011-06-24 16:14:46 ----A---- C:\WINDOWS\system32\CNCLSU13.DLL
2011-06-24 16:14:46 ----A---- C:\WINDOWS\system32\CNCLST13.DLL
2011-06-24 16:14:46 ----A---- C:\WINDOWS\system32\CNCLSI13.DLL
2011-06-24 16:14:46 ----A---- C:\WINDOWS\system32\CNCLSD13.DLL
2011-06-24 16:14:46 ----A---- C:\WINDOWS\system32\CNCLSC13.DLL
2011-06-24 16:14:46 ----A---- C:\WINDOWS\system32\CNCILSC.dll
2011-06-24 16:14:45 ----A---- C:\WINDOWS\system32\CNCL8100.DLL
2011-06-24 16:14:44 ----A---- C:\WINDOWS\system32\CNCI8100.DLL
2011-06-24 16:14:44 ----A---- C:\WINDOWS\system32\CNCC8100.DLL
2011-06-24 16:14:43 ----A---- C:\WINDOWS\system32\UCS32P.DLL
2011-06-24 16:14:42 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2011-06-24 16:03:22 ----N---- C:\WINDOWS\system32\spnpinst.exe
2011-06-24 15:57:54 ----D---- C:\temp
2011-06-24 15:54:24 ----A---- C:\WINDOWS\UC.PIF
2011-06-24 15:54:24 ----A---- C:\WINDOWS\RAR.PIF
2011-06-24 15:54:24 ----A---- C:\WINDOWS\PKZIP.PIF
2011-06-24 15:54:24 ----A---- C:\WINDOWS\PKUNZIP.PIF
2011-06-24 15:54:24 ----A---- C:\WINDOWS\NOCLOSE.PIF
2011-06-24 15:54:24 ----A---- C:\WINDOWS\LHA.PIF
2011-06-24 15:54:24 ----A---- C:\WINDOWS\ARJ.PIF
2011-06-24 15:54:22 ----D---- C:\Program Files\totalcmd
2011-06-24 15:54:22 ----D---- C:\Documents and Settings\PacificBliss\Application Data\GHISLER
2011-06-24 15:52:04 ----D---- C:\Documents and Settings\PacificBliss\Application Data\Macromedia
2011-06-24 15:52:04 ----D---- C:\Documents and Settings\PacificBliss\Application Data\Adobe
2011-06-24 15:49:42 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2011-06-24 15:49:41 ----D---- C:\Program Files\Common Files\Java
2011-06-24 15:49:28 ----A---- C:\WINDOWS\system32\javaws.exe
2011-06-24 15:49:28 ----A---- C:\WINDOWS\system32\javaw.exe
2011-06-24 15:49:28 ----A---- C:\WINDOWS\system32\java.exe
2011-06-24 15:49:28 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-06-24 15:48:56 ----D---- C:\Program Files\Java
2011-06-24 15:48:17 ----D---- C:\Documents and Settings\PacificBliss\Application Data\Sun
2011-06-24 15:46:42 ----D---- C:\Program Files\Common Files\Adobe
2011-06-24 15:46:42 ----D---- C:\Program Files\Adobe
2011-06-24 15:45:53 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2011-06-24 15:45:15 ----D---- C:\Documents and Settings\PacificBliss\Application Data\IrfanView
2011-06-24 15:43:31 ----D---- C:\Program Files\IrfanView
2011-06-24 15:43:06 ----A---- C:\WINDOWS\system32\esent.dll
2011-06-24 15:42:37 ----D---- C:\Documents and Settings\PacificBliss\Application Data\Opera
2011-06-24 15:42:28 ----D---- C:\Program Files\Opera
2011-06-24 15:37:56 ----D---- C:\Program Files\Common Files\Skype
2011-06-24 15:37:47 ----RD---- C:\Program Files\Skype
2011-06-24 15:37:39 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2011-06-24 15:37:04 ----D---- C:\Documents and Settings\PacificBliss\Application Data\ESET
2011-06-24 15:35:24 ----D---- C:\Program Files\ESET
2011-06-24 15:35:24 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2011-06-24 15:28:14 ----D---- C:\WINDOWS\system32\PreInstall
2011-06-24 15:28:13 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2011-06-24 15:27:34 ----D---- C:\WINDOWS\system32\bits
2011-06-24 15:27:29 ----N---- C:\WINDOWS\system32\spmsg.dll
2011-06-24 15:27:01 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2011-06-24 15:27:01 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2011-06-24 15:27:01 ----A---- C:\WINDOWS\system32\winhttp.dll
2011-06-24 15:27:01 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2011-06-24 15:24:55 ----A---- C:\WINDOWS\system32\wups2.dll
2011-06-24 15:24:55 ----A---- C:\WINDOWS\system32\wups.dll
2011-06-24 15:24:55 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2011-06-24 15:24:55 ----A---- C:\WINDOWS\system32\wucltui.dll
2011-06-24 15:24:55 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2011-06-24 15:24:54 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2011-06-24 15:24:54 ----A---- C:\WINDOWS\system32\wuapi.dll
2011-06-24 15:21:26 ----D---- C:\Program Files\sisagp
2011-06-24 15:21:23 ----D---- C:\Program Files\Common Files\InstallShield
2011-06-24 15:20:32 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-06-24 15:18:28 ----A---- C:\WINDOWS\ODBC.INI
2011-06-24 15:18:24 ----A---- C:\WINDOWS\system32\mdimon.dll
2011-06-24 15:17:53 ----D---- C:\Program Files\Common Files\DESIGNER
2011-06-24 15:17:51 ----A---- C:\WINDOWS\system32\iuengine.dll
2011-06-24 15:17:37 ----D---- C:\WINDOWS\SHELLNEW
2011-06-24 15:17:05 ----D---- C:\Program Files\Microsoft Office
2011-06-24 15:14:54 ----A---- C:\WINDOWS\system32\drivers\usbstor.sys
2011-06-24 15:13:37 ----SD---- C:\WINDOWS\system32\Microsoft
2011-06-24 15:12:26 ----D---- C:\WINDOWS\system32\1051
2011-06-24 15:11:34 ----SHD---- C:\WINDOWS\Installer
2011-06-24 15:11:32 ----D---- C:\Documents and Settings\PacificBliss\Application Data\Identities
2011-06-24 15:11:26 ----SD---- C:\Documents and Settings\PacificBliss\Application Data\Microsoft
2011-06-24 15:11:26 ----ASH---- C:\Documents and Settings\PacificBliss\Application Data\desktop.ini
2011-06-24 15:10:47 ----A---- C:\WINDOWS\system32\wpa.bak
2011-06-24 15:09:46 ----SHD---- C:\System Volume Information
2011-06-24 15:09:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-06-24 15:04:40 ----D---- C:\WINDOWS\system32\xircom
2011-06-24 15:04:40 ----D---- C:\Program Files\xerox
2011-06-24 15:04:39 ----D---- C:\Program Files\microsoft frontpage
2011-06-24 15:04:31 ----RASH---- C:\MSDOS.SYS
2011-06-24 15:04:31 ----RASH---- C:\IO.SYS
2011-06-24 15:04:31 ----AH---- C:\CONFIG.SYS
2011-06-24 15:04:31 ----AH---- C:\AUTOEXEC.BAT
2011-06-24 15:04:31 ----A---- C:\WINDOWS\control.ini
2011-06-24 15:04:21 ----A---- C:\WINDOWS\system32\mapi32.dll
2011-06-24 15:03:34 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-06-24 15:03:34 ----RD---- C:\WINDOWS\Offline Web Pages
2011-06-24 15:03:34 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2011-06-24 15:03:28 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2011-06-24 15:03:09 ----D---- C:\WINDOWS\system32\DirectX
2011-06-24 15:02:47 ----A---- C:\WINDOWS\system32\safrslv.dll
2011-06-24 15:02:47 ----A---- C:\WINDOWS\system32\safrdm.dll
2011-06-24 15:02:47 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2011-06-24 15:02:47 ----A---- C:\WINDOWS\system32\racpldlg.dll
2011-06-24 15:02:47 ----A---- C:\WINDOWS\system32\atrace.dll
2011-06-24 15:02:44 ----A---- C:\WINDOWS\system32\desktop.ini
2011-06-24 15:02:44 ----A---- C:\WINDOWS\desktop.ini
2011-06-24 15:02:38 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2011-06-24 15:02:38 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2011-06-24 15:02:38 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2011-06-24 15:02:36 ----D---- C:\Program Files\Common Files\Services
2011-06-24 15:02:36 ----A---- C:\WINDOWS\system32\acctres.dll
2011-06-24 15:02:35 ----A---- C:\WINDOWS\system32\inetres.dll
2011-06-24 15:02:32 ----SD---- C:\WINDOWS\Tasks
2011-06-24 15:02:32 ----A---- C:\WINDOWS\system32\isign32.dll
2011-06-24 15:02:32 ----A---- C:\WINDOWS\system32\inetcfg.dll
2011-06-24 15:02:32 ----A---- C:\WINDOWS\system32\icwphbk.dll
2011-06-24 15:02:32 ----A---- C:\WINDOWS\system32\icwdial.dll
2011-06-24 15:02:32 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2011-06-24 15:02:30 ----D---- C:\Program Files\Common Files\MSSoap
2011-06-24 15:02:26 ----D---- C:\WINDOWS\system32\Macromed
2011-06-24 15:02:26 ----D---- C:\WINDOWS\srchasst
2011-06-24 15:02:25 ----A---- C:\WINDOWS\system32\qmgr.dll
2011-06-24 15:02:24 ----D---- C:\Program Files\Movie Maker
2011-06-24 15:02:21 ----D---- C:\WINDOWS\PCHealth
2011-06-24 15:02:20 ----D---- C:\WINDOWS\system32\Restore
2011-06-24 15:02:20 ----A---- C:\WINDOWS\system32\srsvc.dll
2011-06-24 15:02:20 ----A---- C:\WINDOWS\system32\srrstr.dll
2011-06-24 15:02:20 ----A---- C:\WINDOWS\system32\srclient.dll
2011-06-24 15:02:20 ----A---- C:\WINDOWS\system32\mnmdd.dll
2011-06-24 15:02:20 ----A---- C:\WINDOWS\system32\ils.dll
2011-06-24 15:02:20 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2011-06-24 15:02:19 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2011-06-24 15:02:19 ----A---- C:\WINDOWS\system32\msconf.dll
2011-06-24 15:02:17 ----D---- C:\Program Files\NetMeeting
2011-06-24 15:02:17 ----A---- C:\WINDOWS\system32\msoert2.dll
2011-06-24 15:02:17 ----A---- C:\WINDOWS\system32\msoeacct.dll
2011-06-24 15:02:17 ----A---- C:\WINDOWS\system32\inetcomm.dll
2011-06-24 15:02:16 ----D---- C:\Program Files\Outlook Express
2011-06-24 15:02:16 ----A---- C:\WINDOWS\system32\schedsvc.dll
2011-06-24 15:02:16 ----A---- C:\WINDOWS\system32\mstinit.exe
2011-06-24 15:02:16 ----A---- C:\WINDOWS\system32\mstask.dll
2011-06-24 15:02:13 ----D---- C:\Program Files\Common Files\System
2011-06-24 15:02:10 ----D---- C:\Program Files\Internet Explorer
2011-06-24 15:01:56 ----D---- C:\Program Files\ComPlus Applications
2011-06-24 15:01:55 ----A---- C:\WINDOWS\vbaddin.ini
2011-06-24 15:01:55 ----A---- C:\WINDOWS\vb.ini
2011-06-24 15:01:51 ----D---- C:\WINDOWS\Registration
2011-06-24 15:01:23 ----D---- C:\Program Files\Windows Media Player
2011-06-24 15:01:23 ----D---- C:\Program Files\Online Services
2011-06-24 15:01:18 ----D---- C:\Program Files\Messenger
2011-06-24 15:01:13 ----D---- C:\Program Files\MSN Gaming Zone
2011-06-24 15:01:13 ----A---- C:\WINDOWS\system32\write.exe
2011-06-24 15:01:06 ----A---- C:\WINDOWS\system32\sndvol32.exe
2011-06-24 15:01:06 ----A---- C:\WINDOWS\system32\sndrec32.exe
2011-06-24 15:01:06 ----A---- C:\WINDOWS\system32\hticons.dll
2011-06-24 15:01:06 ----A---- C:\WINDOWS\system32\avwav.dll
2011-06-24 15:01:06 ----A---- C:\WINDOWS\system32\avtapi.dll
2011-06-24 15:01:06 ----A---- C:\WINDOWS\system32\avmeter.dll
2011-06-24 15:01:06 ----A---- C:\WINDOWS\system32\accwiz.exe
2011-06-24 15:01:05 ----A---- C:\WINDOWS\system32\winchat.exe
2011-06-24 15:01:00 ----A---- C:\WINDOWS\system32\getuname.dll
2011-06-24 15:00:59 ----A---- C:\WINDOWS\system32\winmine.exe
2011-06-24 15:00:59 ----A---- C:\WINDOWS\system32\sol.exe
2011-06-24 15:00:59 ----A---- C:\WINDOWS\system32\charmap.exe
2011-06-24 15:00:59 ----A---- C:\WINDOWS\system32\calc.exe
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\tslabels.ini
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\tskill.exe
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\tscon.exe
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\shadow.exe
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\rwinsta.exe
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\reset.exe
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\regini.exe
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\rdshost.exe
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\mshearts.exe
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\freecell.exe
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2011-06-24 15:00:57 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2011-06-24 15:00:57 ----A---- C:\WINDOWS\system32\qwinsta.exe
2011-06-24 15:00:57 ----A---- C:\WINDOWS\system32\qprocess.exe
2011-06-24 15:00:57 ----A---- C:\WINDOWS\system32\qappsrv.exe
2011-06-24 15:00:57 ----A---- C:\WINDOWS\system32\msg.exe
2011-06-24 15:00:57 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2011-06-24 15:00:57 ----A---- C:\WINDOWS\system32\msdtctm.dll
2011-06-24 15:00:57 ----A---- C:\WINDOWS\system32\logoff.exe
2011-06-24 15:00:57 ----A---- C:\WINDOWS\system32\cdmodem.dll
2011-06-24 15:00:56 ----A---- C:\WINDOWS\system32\xolehlp.dll
2011-06-24 15:00:56 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2011-06-24 15:00:56 ----A---- C:\WINDOWS\system32\msdtclog.dll
2011-06-24 15:00:56 ----A---- C:\WINDOWS\system32\msdtc.exe
2011-06-24 15:00:55 ----A---- C:\WINDOWS\system32\stclient.dll
2011-06-24 15:00:55 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2011-06-24 15:00:55 ----A---- C:\WINDOWS\system32\mtxex.dll
2011-06-24 15:00:55 ----A---- C:\WINDOWS\system32\mtxdm.dll
2011-06-24 15:00:55 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2011-06-24 15:00:55 ----A---- C:\WINDOWS\system32\comrepl.dll
2011-06-24 15:00:55 ----A---- C:\WINDOWS\system32\comaddin.dll
2011-06-24 15:00:54 ----A---- C:\WINDOWS\system32\comuid.dll
2011-06-24 15:00:54 ----A---- C:\WINDOWS\system32\comsnap.dll
2011-06-24 15:00:54 ----A---- C:\WINDOWS\system32\clbcatex.dll
2011-06-24 15:00:54 ----A---- C:\WINDOWS\system32\catsrvps.dll
2011-06-24 15:00:54 ----A---- C:\WINDOWS\system32\catsrv.dll
2011-06-24 15:00:49 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2011-06-24 15:00:49 ----A---- C:\WINDOWS\system32\servdeps.dll
2011-06-24 15:00:48 ----A---- C:\WINDOWS\system32\mmfutil.dll
2011-06-24 15:00:48 ----A---- C:\WINDOWS\system32\cmprops.dll
2011-06-24 15:00:44 ----D---- C:\Program Files\MSN
2011-06-24 15:00:43 ----D---- C:\Program Files\Windows NT
2011-06-24 15:00:43 ----A---- C:\WINDOWS\system32\wuauclt.exe
2011-06-24 15:00:43 ----A---- C:\WINDOWS\system32\spider.exe
2011-06-24 15:00:43 ----A---- C:\WINDOWS\system32\mspaint.exe
2011-06-24 15:00:43 ----A---- C:\WINDOWS\system32\mplay32.exe
2011-06-24 15:00:43 ----A---- C:\WINDOWS\system32\clipbrd.exe
2011-06-24 15:00:42 ----A---- C:\WINDOWS\system32\wuauserv.dll
2011-06-24 15:00:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2011-06-24 15:00:42 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2011-06-24 15:00:42 ----A---- C:\WINDOWS\system32\remotepg.dll
2011-06-24 15:00:42 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2011-06-24 15:00:42 ----A---- C:\WINDOWS\system32\mstscax.dll
2011-06-24 15:00:42 ----A---- C:\WINDOWS\system32\mstsc.exe
2011-06-24 15:00:42 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2011-06-24 15:00:41 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2011-06-24 15:00:41 ----A---- C:\WINDOWS\system32\termsrv.dll
2011-06-24 15:00:41 ----A---- C:\WINDOWS\system32\sessmgr.exe
2011-06-24 15:00:41 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2011-06-24 15:00:41 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2011-06-24 15:00:41 ----A---- C:\WINDOWS\system32\rdpclip.exe
2011-06-24 15:00:41 ----A---- C:\WINDOWS\system32\rdchost.dll
2011-06-24 15:00:41 ----A---- C:\WINDOWS\system32\icaapi.dll
2011-06-24 15:00:41 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2011-06-24 15:00:40 ----D---- C:\WINDOWS\system32\MsDtc
2011-06-24 15:00:40 ----D---- C:\WINDOWS\system32\Com
2011-06-24 15:00:40 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2011-06-24 15:00:40 ----A---- C:\WINDOWS\system32\catsrvut.dll
2011-06-24 15:00:37 ----A---- C:\WINDOWS\system32\licwmi.dll
2011-06-24 15:00:33 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
2011-06-24 15:00:32 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys
2011-06-24 12:42:40 ----A---- C:\WINDOWS\system32\drivers\SISAGPX.SYS
======List of files/folders modified in the last 1 months======
2011-06-29 11:00:25 ----A---- C:\WINDOWS\win.ini
2011-06-29 11:00:25 ----A---- C:\WINDOWS\system.ini
2011-06-24 16:28:01 ----RASH---- C:\NTDETECT.COM
2011-06-24 15:04:11 ----ASH---- C:\WINDOWS\fonts\desktop.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 sisagp;SiS AGP Filter; C:\WINDOWS\System32\DRIVERS\SISAGPX.sys [2003-07-18 36992]
R1 ehdrv;ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [2010-12-21 115008]
R1 epfwtdi;epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [2010-08-03 55256]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 eamon;eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [2010-12-21 141264]
R2 epfw;epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [2010-12-21 134000]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-04 701440]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [2010-12-21 33120]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 32768]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver; \??\C:\Program Files\FinalWire\AIDA64 Extreme Edition\kerneld.x32 []
S3 catchme;catchme; \??\C:\DOCUME~1\PACIFI~1\LOCALS~1\Temp\catchme.sys []
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2003-07-11 32768]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2011-01-12 810144]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-06-24 153376]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
R2 nvUpdService;NVIDIA Update Service; C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe [2011-06-29 19968]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2011-06-28 496128]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2011-01-12 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Run by PacificBliss at 2011-06-29 11:02:44
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 39 GB (85%) free of 46 GB
Total RAM: 511 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:03:41, on 29.6.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17098)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Opera\opera.exe
E:\download\RSIT.exe
C:\Program Files\trend micro\PacificBliss.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [Trans] C:\Program Files\Trans\trans.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8921870765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9266650562
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Update Service (nvUpdService) - Unknown owner - C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 5549 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-24 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-06-24 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-01-12 2219184]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"OPSE reminder"=C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe [2003-07-07 729088]
"Trans"=C:\Program Files\Trans\trans.exe [2011-01-10 2895240]
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2008-04-14 169984]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-05-29 449584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-06-28 3318784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemExplorerAutoStart]
C:\Program Files\System Explorer\SystemExplorer.exe /TRAY []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WINDOW~4\WINDOW~1.EXE [2008-05-26 123904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator Update Support"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2011-06-29 11:02:44 ----D---- C:\rsit
2011-06-29 10:52:54 ----HD---- C:\WINDOWS\$hf_mig$
2011-06-29 10:52:53 ----D---- C:\WINDOWS\LastGood
2011-06-29 10:18:54 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2011-06-29 10:18:54 ----A---- C:\WINDOWS\system32\mucltui.dll
2011-06-28 16:58:17 ----D---- C:\Program Files\MSECache
2011-06-28 16:51:24 ----D---- C:\WINDOWS\SoftwareDistribution
2011-06-28 15:19:44 ----SHD---- C:\RECYCLER
2011-06-28 14:53:45 ----A---- C:\ComboFix.txt
2011-06-28 14:37:36 ----A---- C:\Boot.bak
2011-06-28 14:37:28 ----RASHD---- C:\cmdcons
2011-06-28 14:32:32 ----A---- C:\WINDOWS\zip.exe
2011-06-28 14:32:32 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-06-28 14:32:32 ----A---- C:\WINDOWS\SWSC.exe
2011-06-28 14:32:32 ----A---- C:\WINDOWS\SWREG.exe
2011-06-28 14:32:32 ----A---- C:\WINDOWS\sed.exe
2011-06-28 14:32:32 ----A---- C:\WINDOWS\PEV.exe
2011-06-28 14:32:32 ----A---- C:\WINDOWS\NIRCMD.exe
2011-06-28 14:32:32 ----A---- C:\WINDOWS\MBR.exe
2011-06-28 14:32:32 ----A---- C:\WINDOWS\grep.exe
2011-06-28 14:32:03 ----D---- C:\WINDOWS\ERDNT
2011-06-28 14:31:42 ----D---- C:\Qoobox
2011-06-28 11:56:42 ----D---- C:\Documents and Settings\PacificBliss\Application Data\Malwarebytes
2011-06-28 11:56:35 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-06-28 11:56:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-06-28 11:56:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-06-28 11:56:31 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-06-28 11:51:08 ----D---- C:\Program Files\CCleaner
2011-06-28 11:01:29 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2011-06-28 11:01:28 ----D---- C:\Documents and Settings\PacificBliss\Application Data\Spyware Terminator
2011-06-28 11:01:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2011-06-28 11:01:22 ----D---- C:\Program Files\Spyware Terminator
2011-06-28 10:41:14 ----D---- C:\Program Files\System Explorer
2011-06-28 10:33:58 ----D---- C:\Program Files\Trend Micro
2011-06-27 18:11:03 ----HD---- C:\Config.Msi
2011-06-27 18:10:12 ----D---- C:\cdc5fcade1fb899e48646f5f7399
2011-06-27 18:00:12 ----D---- C:\Documents and Settings\PacificBliss\Application Data\bcm
2011-06-27 17:10:19 ----D---- C:\Program Files\FinalWire
2011-06-27 16:37:25 ----D---- C:\WINDOWS\system32\XPSViewer
2011-06-27 16:37:07 ----D---- C:\Program Files\MSBuild
2011-06-27 16:36:45 ----D---- C:\Program Files\Reference Assemblies
2011-06-27 16:35:39 ----N---- C:\WINDOWS\system32\prntvpt.dll
2011-06-27 16:35:38 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2011-06-27 16:35:38 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2011-06-27 16:33:17 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2011-06-27 16:33:05 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2011-06-27 16:29:42 ----D---- C:\WINDOWS\system32\sk-SK
2011-06-27 16:26:51 ----D---- C:\WINDOWS\ie7updates
2011-06-27 16:25:11 ----D---- C:\WINDOWS\WBEM
2011-06-27 16:23:16 ----HDC---- C:\WINDOWS\ie7
2011-06-27 16:15:12 ----N---- C:\WINDOWS\system32\WinFXDocObj.exe
2011-06-27 16:15:12 ----N---- C:\WINDOWS\system32\msfeedssync.exe
2011-06-27 16:15:12 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2011-06-27 16:15:12 ----A---- C:\WINDOWS\system32\msfeeds.dll
2011-06-27 16:15:11 ----N---- C:\WINDOWS\system32\ieui.dll
2011-06-27 16:15:11 ----A---- C:\WINDOWS\system32\ieudinit.exe
2011-06-27 16:15:11 ----A---- C:\WINDOWS\system32\iertutil.dll
2011-06-27 16:15:11 ----A---- C:\WINDOWS\system32\ieframe.dll
2011-06-27 16:15:11 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2011-06-27 16:15:10 ----A---- C:\WINDOWS\system32\icardie.dll
2011-06-27 16:15:09 ----N---- C:\WINDOWS\system32\advpack.dll.mui
2011-06-27 16:13:52 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2011-06-27 16:12:33 ----D---- C:\Documents and Settings\PacificBliss\Application Data\Windows Desktop Search
2011-06-27 16:11:26 ----D---- C:\WINDOWS\system32\GroupPolicy
2011-06-27 16:11:26 ----D---- C:\Program Files\Windows Desktop Search
2011-06-27 16:06:50 ----D---- C:\WINDOWS\system32\URTTEMP
2011-06-27 16:04:23 ----A---- C:\WINDOWS\CPC10Q.INI
2011-06-27 15:53:35 ----D---- C:\Documents and Settings\PacificBliss\Application Data\RST
2011-06-27 15:53:16 ----D---- C:\Program Files\Trans
2011-06-27 15:44:01 ----RSD---- C:\WINDOWS\assembly
2011-06-27 15:42:52 ----D---- C:\Program Files\Microsoft.NET
2011-06-27 15:42:40 ----D---- C:\WINDOWS\Microsoft.NET
2011-06-27 15:32:40 ----A---- C:\WINDOWS\system32\ippsa611.dll
2011-06-27 15:32:40 ----A---- C:\WINDOWS\system32\ippcva611.dll
2011-06-27 15:32:39 ----A---- C:\WINDOWS\UMXADDIN.INI
2011-06-27 15:32:39 ----A---- C:\WINDOWS\system32\ippsra611.dll
2011-06-27 15:32:39 ----A---- C:\WINDOWS\system32\ippsr11.dll
2011-06-27 15:32:39 ----A---- C:\WINDOWS\system32\ipps11.dll
2011-06-27 15:32:39 ----A---- C:\WINDOWS\system32\ippja611.dll
2011-06-27 15:32:39 ----A---- C:\WINDOWS\system32\ippj11.dll
2011-06-27 15:32:39 ----A---- C:\WINDOWS\system32\ippia611.dll
2011-06-27 15:32:39 ----A---- C:\WINDOWS\system32\ippi11.dll
2011-06-27 15:32:39 ----A---- C:\WINDOWS\system32\ippcv11.dll
2011-06-27 15:32:39 ----A---- C:\WINDOWS\system32\IPPCPUID.DLL
2011-06-27 15:32:38 ----A---- C:\WINDOWS\IsUninst.exe
2011-06-27 15:32:30 ----A---- C:\WINDOWS\system32\pmsbfn32.dll
2011-06-27 15:31:56 ----D---- C:\Program Files\NewSoft
2011-06-27 15:31:54 ----D---- C:\Documents and Settings\PacificBliss\Application Data\NewSoft
2011-06-27 15:31:52 ----N---- C:\WINDOWS\PMINI.ini
2011-06-27 15:30:38 ----D---- C:\Documents and Settings\PacificBliss\Application Data\ScanSoft
2011-06-27 15:30:37 ----D---- C:\Documents and Settings\All Users\Application Data\SSScanWizard
2011-06-27 15:30:36 ----D---- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2011-06-27 15:30:36 ----A---- C:\WINDOWS\MAXLINK.INI
2011-06-27 15:30:09 ----D---- C:\Program Files\ScanSoft
2011-06-27 15:30:09 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2011-06-27 15:28:48 ----D---- C:\CanonMF
2011-06-27 15:27:33 ----D---- C:\Program Files\Canon
2011-06-24 18:50:10 ----D---- C:\WINDOWS\SiS
2011-06-24 18:18:10 ----D---- C:\WINDOWS\Prefetch
2011-06-24 18:03:29 ----D---- C:\WINDOWS\system32\en-us
2011-06-24 18:03:28 ----D---- C:\WINDOWS\system32\scripting
2011-06-24 18:03:26 ----D---- C:\WINDOWS\l2schemas
2011-06-24 18:03:25 ----D---- C:\WINDOWS\system32\en
2011-06-24 17:59:29 ----D---- C:\WINDOWS\network diagnostic
2011-06-24 17:25:02 ----N---- C:\WINDOWS\system32\xmllite.dll
2011-06-24 17:24:50 ----N---- C:\WINDOWS\system32\wmphoto.dll
2011-06-24 17:24:37 ----N---- C:\WINDOWS\system32\wlanapi.dll
2011-06-24 17:24:33 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2011-06-24 17:24:33 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2011-06-24 17:24:23 ----N---- C:\WINDOWS\system32\tspkg.dll
2011-06-24 17:24:23 ----N---- C:\WINDOWS\system32\tsgqec.dll
2011-06-24 17:24:11 ----N---- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2011-06-24 17:24:10 ----N---- C:\WINDOWS\system32\setupn.exe
2011-06-24 17:24:06 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2011-06-24 17:24:05 ----N---- C:\WINDOWS\system32\rasqec.dll
2011-06-24 17:24:04 ----N---- C:\WINDOWS\system32\qutil.dll
2011-06-24 17:24:03 ----N---- C:\WINDOWS\system32\qcliprov.dll
2011-06-24 17:24:02 ----N---- C:\WINDOWS\system32\qagentrt.dll
2011-06-24 17:24:02 ----N---- C:\WINDOWS\system32\qagent.dll
2011-06-24 17:24:00 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2011-06-24 17:23:57 ----N---- C:\WINDOWS\system32\onex.dll
2011-06-24 17:23:48 ----N---- C:\WINDOWS\system32\napstat.exe
2011-06-24 17:23:48 ----N---- C:\WINDOWS\system32\napmontr.dll
2011-06-24 17:23:48 ----N---- C:\WINDOWS\system32\napipsec.dll
2011-06-24 17:23:46 ----N---- C:\WINDOWS\system32\msxml6r.dll
2011-06-24 17:23:46 ----N---- C:\WINDOWS\system32\msxml6.dll
2011-06-24 17:23:44 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2011-06-24 17:23:44 ----N---- C:\WINDOWS\system32\mssha.dll
2011-06-24 17:23:29 ----N---- C:\WINDOWS\system32\mmcperf.exe
2011-06-24 17:23:29 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2011-06-24 17:23:28 ----N---- C:\WINDOWS\system32\mmcex.dll
2011-06-24 17:23:28 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2011-06-24 17:23:17 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2011-06-24 17:23:16 ----N---- C:\WINDOWS\system32\kmsvc.dll
2011-06-24 17:23:15 ----N---- C:\WINDOWS\system32\kbdpash.dll
2011-06-24 17:23:15 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2011-06-24 17:23:15 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2011-06-24 17:23:15 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2011-06-24 17:23:01 ----N---- C:\WINDOWS\system32\drivers\hdaudbus.sys
2011-06-24 17:22:54 ----N---- C:\WINDOWS\system32\eapsvc.dll
2011-06-24 17:22:54 ----N---- C:\WINDOWS\system32\eapqec.dll
2011-06-24 17:22:54 ----N---- C:\WINDOWS\system32\eappprxy.dll
2011-06-24 17:22:54 ----N---- C:\WINDOWS\system32\eapphost.dll
2011-06-24 17:22:54 ----N---- C:\WINDOWS\system32\eappgnui.dll
2011-06-24 17:22:54 ----N---- C:\WINDOWS\system32\eappcfg.dll
2011-06-24 17:22:54 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2011-06-24 17:22:53 ----N---- C:\WINDOWS\system32\eapolqec.dll
2011-06-24 17:22:49 ----N---- C:\WINDOWS\system32\dot3ui.dll
2011-06-24 17:22:49 ----N---- C:\WINDOWS\system32\dot3svc.dll
2011-06-24 17:22:49 ----N---- C:\WINDOWS\system32\dot3msm.dll
2011-06-24 17:22:49 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2011-06-24 17:22:49 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2011-06-24 17:22:49 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2011-06-24 17:22:49 ----N---- C:\WINDOWS\system32\dot3api.dll
2011-06-24 17:22:47 ----N---- C:\WINDOWS\system32\dimsroam.dll
2011-06-24 17:22:47 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2011-06-24 17:22:47 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2011-06-24 17:22:43 ----N---- C:\WINDOWS\system32\credssp.dll
2011-06-24 17:22:36 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2011-06-24 17:22:36 ----N---- C:\WINDOWS\system32\azroles.dll
2011-06-24 17:22:28 ----N---- C:\WINDOWS\system32\aaclient.dll
2011-06-24 16:59:25 ----A---- C:\WINDOWS\system32\h323log.txt
2011-06-24 16:59:06 ----D---- C:\WINDOWS\pss
2011-06-24 16:57:19 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2011-06-24 16:57:17 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2011-06-24 16:57:16 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2011-06-24 16:57:15 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2011-06-24 16:57:14 ----A---- C:\WINDOWS\system32\drivers\dmusic.sys
2011-06-24 16:57:12 ----A---- C:\WINDOWS\system32\drivers\mskssrv.sys
2011-06-24 16:57:11 ----A---- C:\WINDOWS\system32\drivers\mspclock.sys
2011-06-24 16:57:10 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2011-06-24 16:57:09 ----A---- C:\WINDOWS\system32\drivers\mspqm.sys
2011-06-24 16:57:07 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2011-06-24 16:57:06 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2011-06-24 16:57:02 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2011-06-24 16:56:45 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys
2011-06-24 16:56:22 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2011-06-24 16:56:01 ----A---- C:\WINDOWS\system32\drivers\ati2mtag.sys
2011-06-24 16:56:01 ----A---- C:\WINDOWS\system32\ati3d2ag.dll
2011-06-24 16:56:01 ----A---- C:\WINDOWS\system32\ati3d1ag.dll
2011-06-24 16:56:01 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2011-06-24 16:55:52 ----A---- C:\WINDOWS\system32\ksuser.dll
2011-06-24 16:55:52 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2011-06-24 16:55:52 ----A---- C:\WINDOWS\system32\drivers\msmpu401.sys
2011-06-24 16:55:52 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2011-06-24 16:55:50 ----A---- C:\WINDOWS\system32\drivers\gameenum.sys
2011-06-24 16:55:40 ----A---- C:\WINDOWS\system32\drivers\sisagp.sys
2011-06-24 16:55:27 ----A---- C:\WINDOWS\system32\usbui.dll
2011-06-24 16:55:26 ----N---- C:\WINDOWS\system32\tzchange.exe
2011-06-24 16:54:46 ----N---- C:\WINDOWS\system32\browserchoice.exe
2011-06-24 16:54:30 ----D---- C:\Program Files\Common Files\ODBC
2011-06-24 16:54:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-06-24 16:54:30 ----A---- C:\WINDOWS\ODBCINST.INI
2011-06-24 16:54:27 ----D---- C:\Program Files\Common Files\SpeechEngines
2011-06-24 16:54:27 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-06-24 16:54:26 ----RD---- C:\Program Files
2011-06-24 16:54:26 ----D---- C:\Program Files\Common Files
2011-06-24 16:54:24 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2011-06-24 16:54:24 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2011-06-24 16:54:24 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2011-06-24 16:54:23 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2011-06-24 16:54:23 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2011-06-24 16:54:23 ----RA---- C:\WINDOWS\system32\kbdur.dll
2011-06-24 16:54:23 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2011-06-24 16:54:23 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2011-06-24 16:54:23 ----RA---- C:\WINDOWS\system32\kbdru.dll
2011-06-24 16:54:23 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2011-06-24 16:54:23 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2011-06-24 16:54:23 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2011-06-24 16:54:23 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2011-06-24 16:54:23 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2011-06-24 16:54:23 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2011-06-24 16:54:21 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2011-06-24 16:54:21 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2011-06-24 16:54:21 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2011-06-24 16:54:21 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2011-06-24 16:54:21 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2011-06-24 16:54:21 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2011-06-24 16:54:21 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2011-06-24 16:54:20 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2011-06-24 16:54:20 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2011-06-24 16:54:20 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2011-06-24 16:54:20 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2011-06-24 16:54:20 ----RA---- C:\WINDOWS\system32\kbdest.dll
2011-06-24 16:54:18 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2011-06-24 16:54:18 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2011-06-24 16:54:18 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2011-06-24 16:54:18 ----RA---- C:\WINDOWS\system32\kbdro.dll
2011-06-24 16:54:18 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2011-06-24 16:54:18 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2011-06-24 16:54:18 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2011-06-24 16:54:18 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2011-06-24 16:54:18 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2011-06-24 16:54:18 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2011-06-24 16:54:18 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2011-06-24 16:54:18 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2011-06-24 16:54:18 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2011-06-24 16:54:16 ----A---- C:\WINDOWS\system32\spxcoins.dll
2011-06-24 16:54:16 ----A---- C:\WINDOWS\system32\irclass.dll
2011-06-24 16:54:16 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2011-06-24 16:54:16 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2011-06-24 16:54:16 ----A---- C:\WINDOWS\system32\dgsetup.dll
2011-06-24 16:54:16 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2011-06-24 16:54:14 ----A---- C:\WINDOWS\TASKMAN.EXE
2011-06-24 16:54:14 ----A---- C:\WINDOWS\system32\batt.dll
2011-06-24 16:54:14 ----A---- C:\WINDOWS\notepad.exe
2011-06-24 16:54:13 ----A---- C:\WINDOWS\system32\storprop.dll
2011-06-24 16:54:06 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2011-06-24 16:53:55 ----D---- C:\WINDOWS\system32\CatRoot2
2011-06-24 16:53:55 ----D---- C:\WINDOWS\system32\CatRoot
2011-06-24 16:53:49 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2011-06-24 16:52:30 ----D---- C:\Documents and Settings\PacificBliss\Application Data\skypePM
2011-06-24 16:52:25 ----D---- C:\Documents and Settings\All Users\Application Data\Skype Extras
2011-06-24 16:51:40 ----A---- C:\WINDOWS\system32\xpsp4res.dll
2011-06-24 16:50:40 ----D---- C:\Documents and Settings
2011-06-24 16:49:56 ----RASH---- C:\boot.ini
2011-06-24 16:48:31 ----D---- C:\Documents and Settings\PacificBliss\Application Data\Skype
2011-06-24 16:46:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-06-24 16:46:19 ----RSD---- C:\WINDOWS\Fonts
2011-06-24 16:46:19 ----RD---- C:\WINDOWS\Web
2011-06-24 16:46:19 ----HD---- C:\WINDOWS\inf
2011-06-24 16:46:19 ----D---- C:\WINDOWS\WinSxS
2011-06-24 16:46:19 ----D---- C:\WINDOWS\twain_32
2011-06-24 16:46:19 ----D---- C:\WINDOWS\Temp
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\wins
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\wbem
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\usmt
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\spool
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\ShellExt
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\Setup
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\ras
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\oobe
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\npp
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\mui
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\inetsrv
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\IME
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\icsxml
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\ias
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\export
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\drivers\etc
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\drivers\disdn
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\drivers
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\dhcp
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\config
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\3com_dmi
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\3076
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\2052
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\1054
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\1042
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\1041
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\1037
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\1033
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\1031
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\1028
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32\1025
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system32
2011-06-24 16:46:19 ----D---- C:\WINDOWS\system
2011-06-24 16:46:19 ----D---- C:\WINDOWS\security
2011-06-24 16:46:19 ----D---- C:\WINDOWS\Resources
2011-06-24 16:46:19 ----D---- C:\WINDOWS\repair
2011-06-24 16:46:19 ----D---- C:\WINDOWS\mui
2011-06-24 16:46:19 ----D---- C:\WINDOWS\msapps
2011-06-24 16:46:19 ----D---- C:\WINDOWS\msagent
2011-06-24 16:46:19 ----D---- C:\WINDOWS\Media
2011-06-24 16:46:19 ----D---- C:\WINDOWS\java
2011-06-24 16:46:19 ----D---- C:\WINDOWS\ime
2011-06-24 16:46:19 ----D---- C:\WINDOWS\Help
2011-06-24 16:46:19 ----D---- C:\WINDOWS\Driver Cache
2011-06-24 16:46:19 ----D---- C:\WINDOWS\Debug
2011-06-24 16:46:19 ----D---- C:\WINDOWS\Cursors
2011-06-24 16:46:19 ----D---- C:\WINDOWS\Connection Wizard
2011-06-24 16:46:19 ----D---- C:\WINDOWS\Config
2011-06-24 16:46:19 ----D---- C:\WINDOWS\AppPatch
2011-06-24 16:46:19 ----D---- C:\WINDOWS\addins
2011-06-24 16:46:19 ----D---- C:\WINDOWS
2011-06-24 16:46:19 ----ASH---- C:\pagefile.sys
2011-06-24 16:33:28 ----A---- C:\WINDOWS\system32\wmpns.dll
2011-06-24 16:32:02 ----D---- C:\WINDOWS\peernet
2011-06-24 16:32:01 ----D---- C:\WINDOWS\provisioning
2011-06-24 16:29:57 ----D---- C:\WINDOWS\ServicePackFiles
2011-06-24 16:24:44 ----D---- C:\WINDOWS\EHome
2011-06-24 16:20:45 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2011-06-24 16:15:51 ----A---- C:\WINDOWS\system32\cocpyinf.dll
2011-06-24 16:15:27 ----A---- C:\WINDOWS\system32\MRT.exe
2011-06-24 16:15:22 ----A---- C:\WINDOWS\system32\cncilps2.dll
2011-06-24 16:15:22 ----A---- C:\WINDOWS\system32\CNARLMNT.DLL
2011-06-24 16:14:46 ----A---- C:\WINDOWS\system32\CNCMFP13.INI
2011-06-24 16:14:46 ----A---- C:\WINDOWS\system32\CNCLSU13.DLL
2011-06-24 16:14:46 ----A---- C:\WINDOWS\system32\CNCLST13.DLL
2011-06-24 16:14:46 ----A---- C:\WINDOWS\system32\CNCLSI13.DLL
2011-06-24 16:14:46 ----A---- C:\WINDOWS\system32\CNCLSD13.DLL
2011-06-24 16:14:46 ----A---- C:\WINDOWS\system32\CNCLSC13.DLL
2011-06-24 16:14:46 ----A---- C:\WINDOWS\system32\CNCILSC.dll
2011-06-24 16:14:45 ----A---- C:\WINDOWS\system32\CNCL8100.DLL
2011-06-24 16:14:44 ----A---- C:\WINDOWS\system32\CNCI8100.DLL
2011-06-24 16:14:44 ----A---- C:\WINDOWS\system32\CNCC8100.DLL
2011-06-24 16:14:43 ----A---- C:\WINDOWS\system32\UCS32P.DLL
2011-06-24 16:14:42 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2011-06-24 16:03:22 ----N---- C:\WINDOWS\system32\spnpinst.exe
2011-06-24 15:57:54 ----D---- C:\temp
2011-06-24 15:54:24 ----A---- C:\WINDOWS\UC.PIF
2011-06-24 15:54:24 ----A---- C:\WINDOWS\RAR.PIF
2011-06-24 15:54:24 ----A---- C:\WINDOWS\PKZIP.PIF
2011-06-24 15:54:24 ----A---- C:\WINDOWS\PKUNZIP.PIF
2011-06-24 15:54:24 ----A---- C:\WINDOWS\NOCLOSE.PIF
2011-06-24 15:54:24 ----A---- C:\WINDOWS\LHA.PIF
2011-06-24 15:54:24 ----A---- C:\WINDOWS\ARJ.PIF
2011-06-24 15:54:22 ----D---- C:\Program Files\totalcmd
2011-06-24 15:54:22 ----D---- C:\Documents and Settings\PacificBliss\Application Data\GHISLER
2011-06-24 15:52:04 ----D---- C:\Documents and Settings\PacificBliss\Application Data\Macromedia
2011-06-24 15:52:04 ----D---- C:\Documents and Settings\PacificBliss\Application Data\Adobe
2011-06-24 15:49:42 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2011-06-24 15:49:41 ----D---- C:\Program Files\Common Files\Java
2011-06-24 15:49:28 ----A---- C:\WINDOWS\system32\javaws.exe
2011-06-24 15:49:28 ----A---- C:\WINDOWS\system32\javaw.exe
2011-06-24 15:49:28 ----A---- C:\WINDOWS\system32\java.exe
2011-06-24 15:49:28 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-06-24 15:48:56 ----D---- C:\Program Files\Java
2011-06-24 15:48:17 ----D---- C:\Documents and Settings\PacificBliss\Application Data\Sun
2011-06-24 15:46:42 ----D---- C:\Program Files\Common Files\Adobe
2011-06-24 15:46:42 ----D---- C:\Program Files\Adobe
2011-06-24 15:45:53 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2011-06-24 15:45:15 ----D---- C:\Documents and Settings\PacificBliss\Application Data\IrfanView
2011-06-24 15:43:31 ----D---- C:\Program Files\IrfanView
2011-06-24 15:43:06 ----A---- C:\WINDOWS\system32\esent.dll
2011-06-24 15:42:37 ----D---- C:\Documents and Settings\PacificBliss\Application Data\Opera
2011-06-24 15:42:28 ----D---- C:\Program Files\Opera
2011-06-24 15:37:56 ----D---- C:\Program Files\Common Files\Skype
2011-06-24 15:37:47 ----RD---- C:\Program Files\Skype
2011-06-24 15:37:39 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2011-06-24 15:37:04 ----D---- C:\Documents and Settings\PacificBliss\Application Data\ESET
2011-06-24 15:35:24 ----D---- C:\Program Files\ESET
2011-06-24 15:35:24 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2011-06-24 15:28:14 ----D---- C:\WINDOWS\system32\PreInstall
2011-06-24 15:28:13 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2011-06-24 15:27:34 ----D---- C:\WINDOWS\system32\bits
2011-06-24 15:27:29 ----N---- C:\WINDOWS\system32\spmsg.dll
2011-06-24 15:27:01 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2011-06-24 15:27:01 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2011-06-24 15:27:01 ----A---- C:\WINDOWS\system32\winhttp.dll
2011-06-24 15:27:01 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2011-06-24 15:24:55 ----A---- C:\WINDOWS\system32\wups2.dll
2011-06-24 15:24:55 ----A---- C:\WINDOWS\system32\wups.dll
2011-06-24 15:24:55 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2011-06-24 15:24:55 ----A---- C:\WINDOWS\system32\wucltui.dll
2011-06-24 15:24:55 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2011-06-24 15:24:54 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2011-06-24 15:24:54 ----A---- C:\WINDOWS\system32\wuapi.dll
2011-06-24 15:21:26 ----D---- C:\Program Files\sisagp
2011-06-24 15:21:23 ----D---- C:\Program Files\Common Files\InstallShield
2011-06-24 15:20:32 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-06-24 15:18:28 ----A---- C:\WINDOWS\ODBC.INI
2011-06-24 15:18:24 ----A---- C:\WINDOWS\system32\mdimon.dll
2011-06-24 15:17:53 ----D---- C:\Program Files\Common Files\DESIGNER
2011-06-24 15:17:51 ----A---- C:\WINDOWS\system32\iuengine.dll
2011-06-24 15:17:37 ----D---- C:\WINDOWS\SHELLNEW
2011-06-24 15:17:05 ----D---- C:\Program Files\Microsoft Office
2011-06-24 15:14:54 ----A---- C:\WINDOWS\system32\drivers\usbstor.sys
2011-06-24 15:13:37 ----SD---- C:\WINDOWS\system32\Microsoft
2011-06-24 15:12:26 ----D---- C:\WINDOWS\system32\1051
2011-06-24 15:11:34 ----SHD---- C:\WINDOWS\Installer
2011-06-24 15:11:32 ----D---- C:\Documents and Settings\PacificBliss\Application Data\Identities
2011-06-24 15:11:26 ----SD---- C:\Documents and Settings\PacificBliss\Application Data\Microsoft
2011-06-24 15:11:26 ----ASH---- C:\Documents and Settings\PacificBliss\Application Data\desktop.ini
2011-06-24 15:10:47 ----A---- C:\WINDOWS\system32\wpa.bak
2011-06-24 15:09:46 ----SHD---- C:\System Volume Information
2011-06-24 15:09:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-06-24 15:04:40 ----D---- C:\WINDOWS\system32\xircom
2011-06-24 15:04:40 ----D---- C:\Program Files\xerox
2011-06-24 15:04:39 ----D---- C:\Program Files\microsoft frontpage
2011-06-24 15:04:31 ----RASH---- C:\MSDOS.SYS
2011-06-24 15:04:31 ----RASH---- C:\IO.SYS
2011-06-24 15:04:31 ----AH---- C:\CONFIG.SYS
2011-06-24 15:04:31 ----AH---- C:\AUTOEXEC.BAT
2011-06-24 15:04:31 ----A---- C:\WINDOWS\control.ini
2011-06-24 15:04:21 ----A---- C:\WINDOWS\system32\mapi32.dll
2011-06-24 15:03:34 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-06-24 15:03:34 ----RD---- C:\WINDOWS\Offline Web Pages
2011-06-24 15:03:34 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2011-06-24 15:03:28 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2011-06-24 15:03:09 ----D---- C:\WINDOWS\system32\DirectX
2011-06-24 15:02:47 ----A---- C:\WINDOWS\system32\safrslv.dll
2011-06-24 15:02:47 ----A---- C:\WINDOWS\system32\safrdm.dll
2011-06-24 15:02:47 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2011-06-24 15:02:47 ----A---- C:\WINDOWS\system32\racpldlg.dll
2011-06-24 15:02:47 ----A---- C:\WINDOWS\system32\atrace.dll
2011-06-24 15:02:44 ----A---- C:\WINDOWS\system32\desktop.ini
2011-06-24 15:02:44 ----A---- C:\WINDOWS\desktop.ini
2011-06-24 15:02:38 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2011-06-24 15:02:38 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2011-06-24 15:02:38 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2011-06-24 15:02:36 ----D---- C:\Program Files\Common Files\Services
2011-06-24 15:02:36 ----A---- C:\WINDOWS\system32\acctres.dll
2011-06-24 15:02:35 ----A---- C:\WINDOWS\system32\inetres.dll
2011-06-24 15:02:32 ----SD---- C:\WINDOWS\Tasks
2011-06-24 15:02:32 ----A---- C:\WINDOWS\system32\isign32.dll
2011-06-24 15:02:32 ----A---- C:\WINDOWS\system32\inetcfg.dll
2011-06-24 15:02:32 ----A---- C:\WINDOWS\system32\icwphbk.dll
2011-06-24 15:02:32 ----A---- C:\WINDOWS\system32\icwdial.dll
2011-06-24 15:02:32 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2011-06-24 15:02:30 ----D---- C:\Program Files\Common Files\MSSoap
2011-06-24 15:02:26 ----D---- C:\WINDOWS\system32\Macromed
2011-06-24 15:02:26 ----D---- C:\WINDOWS\srchasst
2011-06-24 15:02:25 ----A---- C:\WINDOWS\system32\qmgr.dll
2011-06-24 15:02:24 ----D---- C:\Program Files\Movie Maker
2011-06-24 15:02:21 ----D---- C:\WINDOWS\PCHealth
2011-06-24 15:02:20 ----D---- C:\WINDOWS\system32\Restore
2011-06-24 15:02:20 ----A---- C:\WINDOWS\system32\srsvc.dll
2011-06-24 15:02:20 ----A---- C:\WINDOWS\system32\srrstr.dll
2011-06-24 15:02:20 ----A---- C:\WINDOWS\system32\srclient.dll
2011-06-24 15:02:20 ----A---- C:\WINDOWS\system32\mnmdd.dll
2011-06-24 15:02:20 ----A---- C:\WINDOWS\system32\ils.dll
2011-06-24 15:02:20 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2011-06-24 15:02:19 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2011-06-24 15:02:19 ----A---- C:\WINDOWS\system32\msconf.dll
2011-06-24 15:02:17 ----D---- C:\Program Files\NetMeeting
2011-06-24 15:02:17 ----A---- C:\WINDOWS\system32\msoert2.dll
2011-06-24 15:02:17 ----A---- C:\WINDOWS\system32\msoeacct.dll
2011-06-24 15:02:17 ----A---- C:\WINDOWS\system32\inetcomm.dll
2011-06-24 15:02:16 ----D---- C:\Program Files\Outlook Express
2011-06-24 15:02:16 ----A---- C:\WINDOWS\system32\schedsvc.dll
2011-06-24 15:02:16 ----A---- C:\WINDOWS\system32\mstinit.exe
2011-06-24 15:02:16 ----A---- C:\WINDOWS\system32\mstask.dll
2011-06-24 15:02:13 ----D---- C:\Program Files\Common Files\System
2011-06-24 15:02:10 ----D---- C:\Program Files\Internet Explorer
2011-06-24 15:01:56 ----D---- C:\Program Files\ComPlus Applications
2011-06-24 15:01:55 ----A---- C:\WINDOWS\vbaddin.ini
2011-06-24 15:01:55 ----A---- C:\WINDOWS\vb.ini
2011-06-24 15:01:51 ----D---- C:\WINDOWS\Registration
2011-06-24 15:01:23 ----D---- C:\Program Files\Windows Media Player
2011-06-24 15:01:23 ----D---- C:\Program Files\Online Services
2011-06-24 15:01:18 ----D---- C:\Program Files\Messenger
2011-06-24 15:01:13 ----D---- C:\Program Files\MSN Gaming Zone
2011-06-24 15:01:13 ----A---- C:\WINDOWS\system32\write.exe
2011-06-24 15:01:06 ----A---- C:\WINDOWS\system32\sndvol32.exe
2011-06-24 15:01:06 ----A---- C:\WINDOWS\system32\sndrec32.exe
2011-06-24 15:01:06 ----A---- C:\WINDOWS\system32\hticons.dll
2011-06-24 15:01:06 ----A---- C:\WINDOWS\system32\avwav.dll
2011-06-24 15:01:06 ----A---- C:\WINDOWS\system32\avtapi.dll
2011-06-24 15:01:06 ----A---- C:\WINDOWS\system32\avmeter.dll
2011-06-24 15:01:06 ----A---- C:\WINDOWS\system32\accwiz.exe
2011-06-24 15:01:05 ----A---- C:\WINDOWS\system32\winchat.exe
2011-06-24 15:01:00 ----A---- C:\WINDOWS\system32\getuname.dll
2011-06-24 15:00:59 ----A---- C:\WINDOWS\system32\winmine.exe
2011-06-24 15:00:59 ----A---- C:\WINDOWS\system32\sol.exe
2011-06-24 15:00:59 ----A---- C:\WINDOWS\system32\charmap.exe
2011-06-24 15:00:59 ----A---- C:\WINDOWS\system32\calc.exe
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\tslabels.ini
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\tskill.exe
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\tscon.exe
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\shadow.exe
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\rwinsta.exe
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\reset.exe
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\regini.exe
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\rdshost.exe
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\mshearts.exe
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\freecell.exe
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2011-06-24 15:00:58 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2011-06-24 15:00:57 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2011-06-24 15:00:57 ----A---- C:\WINDOWS\system32\qwinsta.exe
2011-06-24 15:00:57 ----A---- C:\WINDOWS\system32\qprocess.exe
2011-06-24 15:00:57 ----A---- C:\WINDOWS\system32\qappsrv.exe
2011-06-24 15:00:57 ----A---- C:\WINDOWS\system32\msg.exe
2011-06-24 15:00:57 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2011-06-24 15:00:57 ----A---- C:\WINDOWS\system32\msdtctm.dll
2011-06-24 15:00:57 ----A---- C:\WINDOWS\system32\logoff.exe
2011-06-24 15:00:57 ----A---- C:\WINDOWS\system32\cdmodem.dll
2011-06-24 15:00:56 ----A---- C:\WINDOWS\system32\xolehlp.dll
2011-06-24 15:00:56 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2011-06-24 15:00:56 ----A---- C:\WINDOWS\system32\msdtclog.dll
2011-06-24 15:00:56 ----A---- C:\WINDOWS\system32\msdtc.exe
2011-06-24 15:00:55 ----A---- C:\WINDOWS\system32\stclient.dll
2011-06-24 15:00:55 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2011-06-24 15:00:55 ----A---- C:\WINDOWS\system32\mtxex.dll
2011-06-24 15:00:55 ----A---- C:\WINDOWS\system32\mtxdm.dll
2011-06-24 15:00:55 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2011-06-24 15:00:55 ----A---- C:\WINDOWS\system32\comrepl.dll
2011-06-24 15:00:55 ----A---- C:\WINDOWS\system32\comaddin.dll
2011-06-24 15:00:54 ----A---- C:\WINDOWS\system32\comuid.dll
2011-06-24 15:00:54 ----A---- C:\WINDOWS\system32\comsnap.dll
2011-06-24 15:00:54 ----A---- C:\WINDOWS\system32\clbcatex.dll
2011-06-24 15:00:54 ----A---- C:\WINDOWS\system32\catsrvps.dll
2011-06-24 15:00:54 ----A---- C:\WINDOWS\system32\catsrv.dll
2011-06-24 15:00:49 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2011-06-24 15:00:49 ----A---- C:\WINDOWS\system32\servdeps.dll
2011-06-24 15:00:48 ----A---- C:\WINDOWS\system32\mmfutil.dll
2011-06-24 15:00:48 ----A---- C:\WINDOWS\system32\cmprops.dll
2011-06-24 15:00:44 ----D---- C:\Program Files\MSN
2011-06-24 15:00:43 ----D---- C:\Program Files\Windows NT
2011-06-24 15:00:43 ----A---- C:\WINDOWS\system32\wuauclt.exe
2011-06-24 15:00:43 ----A---- C:\WINDOWS\system32\spider.exe
2011-06-24 15:00:43 ----A---- C:\WINDOWS\system32\mspaint.exe
2011-06-24 15:00:43 ----A---- C:\WINDOWS\system32\mplay32.exe
2011-06-24 15:00:43 ----A---- C:\WINDOWS\system32\clipbrd.exe
2011-06-24 15:00:42 ----A---- C:\WINDOWS\system32\wuauserv.dll
2011-06-24 15:00:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2011-06-24 15:00:42 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2011-06-24 15:00:42 ----A---- C:\WINDOWS\system32\remotepg.dll
2011-06-24 15:00:42 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2011-06-24 15:00:42 ----A---- C:\WINDOWS\system32\mstscax.dll
2011-06-24 15:00:42 ----A---- C:\WINDOWS\system32\mstsc.exe
2011-06-24 15:00:42 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2011-06-24 15:00:41 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2011-06-24 15:00:41 ----A---- C:\WINDOWS\system32\termsrv.dll
2011-06-24 15:00:41 ----A---- C:\WINDOWS\system32\sessmgr.exe
2011-06-24 15:00:41 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2011-06-24 15:00:41 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2011-06-24 15:00:41 ----A---- C:\WINDOWS\system32\rdpclip.exe
2011-06-24 15:00:41 ----A---- C:\WINDOWS\system32\rdchost.dll
2011-06-24 15:00:41 ----A---- C:\WINDOWS\system32\icaapi.dll
2011-06-24 15:00:41 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2011-06-24 15:00:40 ----D---- C:\WINDOWS\system32\MsDtc
2011-06-24 15:00:40 ----D---- C:\WINDOWS\system32\Com
2011-06-24 15:00:40 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2011-06-24 15:00:40 ----A---- C:\WINDOWS\system32\catsrvut.dll
2011-06-24 15:00:37 ----A---- C:\WINDOWS\system32\licwmi.dll
2011-06-24 15:00:33 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
2011-06-24 15:00:32 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys
2011-06-24 12:42:40 ----A---- C:\WINDOWS\system32\drivers\SISAGPX.SYS
======List of files/folders modified in the last 1 months======
2011-06-29 11:00:25 ----A---- C:\WINDOWS\win.ini
2011-06-29 11:00:25 ----A---- C:\WINDOWS\system.ini
2011-06-24 16:28:01 ----RASH---- C:\NTDETECT.COM
2011-06-24 15:04:11 ----ASH---- C:\WINDOWS\fonts\desktop.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 sisagp;SiS AGP Filter; C:\WINDOWS\System32\DRIVERS\SISAGPX.sys [2003-07-18 36992]
R1 ehdrv;ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [2010-12-21 115008]
R1 epfwtdi;epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [2010-08-03 55256]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 eamon;eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [2010-12-21 141264]
R2 epfw;epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [2010-12-21 134000]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-04 701440]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [2010-12-21 33120]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 32768]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver; \??\C:\Program Files\FinalWire\AIDA64 Extreme Edition\kerneld.x32 []
S3 catchme;catchme; \??\C:\DOCUME~1\PACIFI~1\LOCALS~1\Temp\catchme.sys []
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2003-07-11 32768]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2011-01-12 810144]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-06-24 153376]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
R2 nvUpdService;NVIDIA Update Service; C:\Documents and Settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation\Update\daemonupd.exe [2011-06-29 19968]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2011-06-28 496128]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2011-01-12 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
-
chodnik74
- Přítel fóra
- Příspěvky: 4975
- Registrován: 13 zář 2010 21:30
- Bydliště: Napajedla
- Kontaktovat uživatele:
Re: system process at address 0x3BC3 crashed
Vše je již v pořádku jen bych doporučil aktualizaci IE 8
Jdeme čistit...
Stiskněte klávesovou kombinaci WIN+R( nebo start-spustit ),čímž se vám otevře okno pro zadání příkazu pro spuštění a zkopírujte a vložte sem následujíci text: Combofix /Uninstall a dejte enter
T-Cleaner
TFC
Údržba PC:
1)Čištění dočasných složek + neplatné registry
Ccleaner
Defraggler
FileHippo.com Update Checker
Jak se chová počítač?
jen bych doporučil aktualizaci IE 8 Jdeme čistit...
Stiskněte klávesovou kombinaci WIN+R( nebo start-spustit ),čímž se vám otevře okno pro zadání příkazu pro spuštění a zkopírujte a vložte sem následujíci text: Combofix /Uninstall a dejte enter T-Cleaner
- Spustíme,zmáčkneme klávesu A a potvrdíme ENTER(některé antiviry mohou detekovat utilitu jako vir-jedá se o falešný poplach,proto IGNOROVAT nebo dočasně vypnout antivir )
- po použití T-Cleaner smažte
TFC
- Stáhneme a spustíme program
- Klikneme na Start a potvrdíme OK
- Program začne uklízet,poté restartuje pc
- po použití program smažte
Údržba PC:
1)Čištění dočasných složek + neplatné registry
- Stáhneme a nainstalujeme program
- Spustíme program
-
ČISTIČ
Windows zde necháme vše jak je (pokud používáme IE,tak odškrkneme jeho položky) a zaškrkneme položky Start Menu zástupci a Zástupci na ploše
Aplikace - necháme jak je,ale pokud používáme nějaký prohlížeč (Google chrome,Firefox,Opera..) tak odškrkneme jeho položky
>Stiskeneme tlačítko Analyzovat a poté Spustit Cleaner - Registry
>Stiskneme tlačítko Hledej problémy,program začne hledat neplatné registry..podé zvolíme Opravit vybrané problémy..
>Program se zeptá,zda chceme vytvořit zálohu registrů,zvolíme ano a uložíme si někde zálohu(kdyby byli po opravení registru s něčím problémy,tak zálohu
obnovíme tak,že spustíme uloženou zálohu a potvrdíme ano),dále zvolíme Opravit všechny problémy a Zavřít
>opakujte dokud nebude registr bez problémů - Program používáme 1x 14dní (záleží na používání pc,můžeme i jednou týdně)
Defraggler
- Stáhneme a nainstalujeme program
- Spustíme program
- Vybereme disk ( C:,D:..prostě který používáme)
- Pokud je ve sloupci Fragmentace více než 5% dejte Defragmentovat
- Proveďte se všemi používanými disky
- Provádíme 1x za měsíc
FileHippo.com Update Checker
- Stáhneme a nainstalujeme program(Při instalaci odškrkneme volbu Run at Startup )
- Spustíme program
- Program vyhledá nainstalované programy v PC a zjistí dostupné aktualizace
- Poté se vám otevře internetová stránka,kde budou nabídnuté aplikace k aktualizování
>X Updates Detected..to jsou dostupné aktualizace..
> klikneme na zelenou šipečku a stáhneme program,poté nainstalujeme jeho aktuální verzi
> X Beta Updates Detected..tyto aktualizace nestahujte,jedná se o betaverze,které jsou ve vývoji a jsou nestabilní - Provádíme 1x za 14 dní nebo jednou za měsíc
Jak se chová počítač? Napiš mi: chodnik74@gmail.com nebo
>RSIT<>MBAM<>VirusTotal
Doporučuji: |
Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce!
Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!
Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.
Pravidla fora: č.1 a č.2
>RSIT<>MBAM<>VirusTotal
Doporučuji:
| Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce! Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.Pravidla fora: č.1 a č.2
Re: system process at address 0x3BC3 crashed
pc uz ide dobre zda sa, len tie adresare nemozem zmazat ani v safe mode.su to nejake aktualizacie od microsoftu.
// a este tu mam na c:/ adresar cmdcons, tiez sa neda zmazat
// a este tu mam na c:/ adresar cmdcons, tiez sa neda zmazat
-
chodnik74
- Přítel fóra
- Příspěvky: 4975
- Registrován: 13 zář 2010 21:30
- Bydliště: Napajedla
- Kontaktovat uživatele:
Re: system process at address 0x3BC3 crashed
Zapněte si skrývání skrytých soubor a adresářů a ignorujte
Napiš mi: chodnik74@gmail.com nebo
>RSIT<>MBAM<>VirusTotal
Doporučuji: |
Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce!
Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!
Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.
Pravidla fora: č.1 a č.2
>RSIT<>MBAM<>VirusTotal
Doporučuji:
| Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce! Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.Pravidla fora: č.1 a č.2
Re: system process at address 0x3BC3 crashed
tak som to urobil ale jeden sa neda uz ani skryt,nejdu menit atributy
a dakujem za pomoc
a dakujem za pomoc
-
chodnik74
- Přítel fóra
- Příspěvky: 4975
- Registrován: 13 zář 2010 21:30
- Bydliště: Napajedla
- Kontaktovat uživatele:
Re: system process at address 0x3BC3 crashed
Rádo se stalo hezký zbytek slunečného dne 
hezký zbytek slunečného dne Napiš mi: chodnik74@gmail.com nebo
>RSIT<>MBAM<>VirusTotal
Doporučuji: |
Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce!
Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!
Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.
Pravidla fora: č.1 a č.2
>RSIT<>MBAM<>VirusTotal
Doporučuji:
| Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce! Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.Pravidla fora: č.1 a č.2
Re: system process at address 0x3BC3 crashed
ahoj,
mam podobny problem. vypol som firewall, odinstaloval spyware doctor. pri pokuse o spustenie kombofix dostavam nasledovne dve okna / skusim ich dat do prilohy /
skaratka, pokus o instal combofix skonci blue screenom / WIN7/
dakujem a nech sa vam dari
s pozdravom jano
mam podobny problem. vypol som firewall, odinstaloval spyware doctor. pri pokuse o spustenie kombofix dostavam nasledovne dve okna / skusim ich dat do prilohy /
skaratka, pokus o instal combofix skonci blue screenom / WIN7/
dakujem a nech sa vam dari
s pozdravom jano
Přispějete na provoz fóra?